Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CapsuleFarmer.bin

Overview

General Information

Sample Name:CapsuleFarmer.bin (renamed file extension from bin to exe)
Analysis ID:658201
MD5:656cefd8d3ccc079158ecfc7a06c35ed
SHA1:f0adcd44e7d22bd107e6fd03cd61719ba3178cd0
SHA256:8e9d7cb05e025962ae2f55ff514dd9580d664849b99d444f6225a130c9be1f9c
Infos:

Detection

Score:31
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Found API chain indicative of debugger detection
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Binary contains a suspicious time stamp
Uses reg.exe to modify the Windows registry
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • CapsuleFarmer.exe (PID: 6412 cmdline: "C:\Users\user\Desktop\CapsuleFarmer.exe" MD5: 656CEFD8D3CCC079158ECFC7A06C35ED)
    • conhost.exe (PID: 6496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • CapsuleFarmer.exe (PID: 7088 cmdline: "C:\Users\user\Desktop\CapsuleFarmer.exe" MD5: 656CEFD8D3CCC079158ECFC7A06C35ED)
      • reg.exe (PID: 1220 cmdline: reg query HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon /v version MD5: E3DACF0B31841FA02064B4457D44B357)
      • cmd.exe (PID: 6716 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • chromedriver.exe (PID: 6700 cmdline: chromedriver --port=49747 MD5: 9852F17EAD7D340A03B4E559F8D47F66)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: CapsuleFarmer.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.280118572.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.281484325.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_elementtree.pdb source: CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.384111884.00007FFC66C24000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.269066503.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: CapsuleFarmer.exe, 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.272422412.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.267554179.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.276659904.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.279282106.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.385138564.00007FFC72B53000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.281940970.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: CapsuleFarmer.exe, 00000009.00000002.384973301.00007FFC6705D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.270551751.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.277526058.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.275848537.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.278900268.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: CapsuleFarmer.exe, 00000000.00000003.260496706.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.385225705.00007FFC74681000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.267946079.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.273703844.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.266673628.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.268449487.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: CapsuleFarmer.exe, 00000009.00000002.384285507.00007FFC66CC5000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.278353924.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: CapsuleFarmer.exe, 00000009.00000002.384055551.00007FFC66BF2000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.383897082.00007FFC65E58000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.274514311.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: CapsuleFarmer.exe, 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.283158559.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: chromedriver.exe.pdb source: CapsuleFarmer.exe, 00000009.00000003.334673121.0000026C1B37D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.385178405.00007FFC73663000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.270104937.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.385098471.00007FFC72762000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.276248728.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: CapsuleFarmer.exe, 00000009.00000002.384285507.00007FFC66CC5000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python310.pdb source: CapsuleFarmer.exe, 00000009.00000002.381112719.00007FFC60E4E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.273254936.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: CapsuleFarmer.exe, 00000009.00000002.384752573.00007FFC66F4F000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.267074154.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.277910099.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.280508659.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.271949485.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.384183668.00007FFC66C36000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: CapsuleFarmer.exe, 00000000.00000003.274088516.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: CapsuleFarmer.exe, 00000009.00000002.384752573.00007FFC66F4F000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.272843421.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.283957567.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.274920903.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.277080366.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.275458028.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.269546339.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.280968506.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.271472649.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.270976911.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.279709789.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: CapsuleFarmer.exe, 00000009.00000002.384838475.00007FFC66FD1000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.282685802.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC765F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC66940 FindFirstFileExW,FindClose,0_2_00007FF78EC66940
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC765F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC80D64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF78EC80D64
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC765F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,9_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC765F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,9_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC80D64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,9_2_00007FF78EC80D64
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC66940 FindFirstFileExW,FindClose,9_2_00007FF78EC66940
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60FD3290 FindFirstFileExW,FindNextFileW,FindClose,9_2_00007FFC60FD3290
Source: CapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: CapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%s/status
Source: CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:4444
Source: CapsuleFarmer.exe, 00000009.00000003.368818692.0000026C186CA000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362559293.0000026C18694000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370055336.0000026C186CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:4444/wd/hub
Source: CapsuleFarmer.exe, 00000009.00000003.368818692.0000026C186CA000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374752347.0000026C186CE000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363333624.0000026C186C0000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362559293.0000026C18694000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.369037843.0000026C186CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.0.0.1:4444/wd/hub
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.startssl.com/certs/ca.crt0
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.startssl.com/certs/ca.crt02
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia1.wosign.com/ca1g2-server3.cer0
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264923212.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289347089.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264923212.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289347089.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266301244.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: CapsuleFarmer.exe, 00000009.00000002.378644683.0000026C1AC9C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://chromedriver.storage.googleapis.com-01
Source: CapsuleFarmer.exe, 00000009.00000002.377141947.0000026C18CC0000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://chromedriver.storage.googleapis.com/index.html
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients3.google.com/cert_upload_json
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/chromedriver/2995:
Source: CapsuleFarmer.exe, 00000009.00000003.310252597.0000026C1A711000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: CapsuleFarmer.exe, 00000009.00000003.362972091.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362350393.0000026C1A711000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363034660.0000026C1A711000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367371821.0000026C1A711000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367636933.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310252597.0000026C1A711000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.377930533.0000026C1A76B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.377670910.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.372188232.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362309602.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.369327587.0000026C1A716000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.315624931.0000026C1A76B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.369725690.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.startssl.com/sfsca.crl0
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.startssl.com/sfsca.crl0f
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ws.symantec.com/universal-root.crl0
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264923212.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289347089.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266301244.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289347089.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266301244.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/s
Source: CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/s0
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264923212.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264923212.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289347089.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266301244.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264923212.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls1.wosign.com/ca1.crl0m
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only#
Source: CapsuleFarmer.exe, 00000009.00000002.378644683.0000026C1AC9C000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310370405.0000026C1A75A000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://doc.s3.amazonaws.com/2006-03-01
Source: CapsuleFarmer.exe, 00000009.00000003.362590565.0000026C18921000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370391417.0000026C1894E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: CapsuleFarmer.exe, 00000009.00000003.362945766.0000026C1A66E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362496750.0000026C18902000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362287850.0000026C1A66C000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375028343.0000026C18925000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.372931902.0000026C18923000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.361857119.0000026C1A667000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362590565.0000026C18921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: CapsuleFarmer.exe, 00000009.00000003.372278342.0000026C18A75000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370401286.0000026C18996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: CapsuleFarmer.exe, 00000009.00000003.369853280.0000026C18A89000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367282155.0000026C18A7E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363648115.0000026C18A72000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363665084.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362045592.0000026C18A72000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363906089.0000026C18A7B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362245678.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: CapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: CapsuleFarmer.exe, 00000009.00000002.377638316.0000026C1A660000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: CapsuleFarmer.exe, 00000009.00000003.315793249.0000026C18AAB000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362162033.0000026C18AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l.twimg.com/i/hpkp_report
Source: CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289347089.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266301244.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264923212.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289347089.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264923212.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digif
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.startssl.com/ca00
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.startssl.com00
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.ws.symantec.com0k
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp1.wosign.com/ca104
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://report-example.test/test
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0k
Source: CapsuleFarmer.exeString found in binary or memory: http://schemas.mi
Source: CapsuleFarmer.exe, 00000009.00000002.378375763.0000026C1AB98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362848560.0000026C188F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: CapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat
Source: CapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat../../net/proxy_resolution/pac_file_decider.ccDoWaitDoQuickCheckFindProxyForURL
Source: CapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.datgroupmax_ageinclude_subdomainsendpointsurlpriorityweight
Source: CapsuleFarmer.exe, 00000009.00000003.370208809.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362546678.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363950015.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370768565.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370431224.0000026C18978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264923212.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: CapsuleFarmer.exe, 00000009.00000003.371071096.0000026C18A52000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.369914017.0000026C18A45000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362017570.0000026C18A3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: CapsuleFarmer.exe, 00000009.00000003.370208809.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362546678.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363950015.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370768565.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370431224.0000026C18978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: CapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2004/em-rdf#
Source: CapsuleFarmer.exe, 00000009.00000003.370208809.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362546678.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363950015.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370768565.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370431224.0000026C18978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.startssl.com/policy0
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa0
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa0)
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.ecified?c.value
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wosign.com/policy/0
Source: CapsuleFarmer.exe, 00000009.00000003.362945766.0000026C1A66E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362496750.0000026C18902000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362287850.0000026C1A66C000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375028343.0000026C18925000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.372931902.0000026C18923000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.361857119.0000026C1A667000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362590565.0000026C18921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: CapsuleFarmer.exe, 00000009.00000003.363109189.0000026C18A9E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.361841793.0000026C18A9E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.315750133.0000026C18A9E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310213772.0000026C18A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedevtools.github.io/devtools-protocol/
Source: CapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.chromium.org/home
Source: CapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.chromium.org/homep
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.chromium.org/security-considerations
Source: CapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com
Source: CapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/
Source: CapsuleFarmer.exe, 00000009.00000002.378494914.0000026C1ABF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/85.0.4183.38/chromedriver_win32.zip
Source: CapsuleFarmer.exe, 00000009.00000002.378494914.0000026C1ABF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/85.0.4183.38/chromedriver_win32.zip0
Source: CapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/P
Source: CapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/ct_upload
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/ct_uploadhttps://log.getdropbox.com/log/expectcthttps://scotthelme.repor
Source: CapsuleFarmer.exe, 00000009.00000002.377141947.0000026C18CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: CapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/safari/download/.
Source: CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/safari/download/.0y
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns.google/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns.sb/privacy/
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns.switch.ch/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns.switch.ch/dns-querydns.switch.ch130.59.31.251130.59.31.2482001:620:0:ff::22001:620:0:ff:
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doh.dns.sb/dns-query?no_ecs=true
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doh.xfinity.com/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.368848110.0000026C18908000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310192348.0000026C18AAF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370595059.0000026C18909000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.305020027.0000026C188C1000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334933785.0000026C18AAD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.372461004.0000026C1890A000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362496750.0000026C18902000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375693384.0000026C18AB5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.315793249.0000026C18AAB000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362162033.0000026C18AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/DesiredCapabilities
Source: CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver
Source: CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriverp
Source: CapsuleFarmer.exe, 00000009.00000003.368848110.0000026C18908000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310192348.0000026C18AAF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370595059.0000026C18909000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.305020027.0000026C188C1000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334933785.0000026C18AAD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.372461004.0000026C1890A000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362496750.0000026C18902000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375693384.0000026C18AB5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.315793249.0000026C18AAB000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362162033.0000026C18AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol
Source: CapsuleFarmer.exe, 00000009.00000003.302163015.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.302180879.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301845928.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367164203.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363665084.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.373799290.0000026C17DE9000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.371334167.0000026C17DE6000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301975748.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370799467.0000026C17DE5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362245678.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301965144.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: CapsuleFarmer.exe, 00000009.00000002.374157070.0000026C17F98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: CapsuleFarmer.exe, 00000009.00000003.301965144.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: CapsuleFarmer.exe, 00000009.00000003.302163015.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.302180879.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301845928.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367164203.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363665084.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.373799290.0000026C17DE9000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.371334167.0000026C17DE6000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301975748.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370799467.0000026C17DE5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362245678.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301965144.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: CapsuleFarmer.exe, 00000009.00000003.302163015.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.302180879.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301845928.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367164203.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363665084.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.373799290.0000026C17DE9000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.371334167.0000026C17DE6000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301975748.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370799467.0000026C17DE5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362245678.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301965144.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://history.report-uri.com/r/d/ct/reportOnly
Source: CapsuleFarmer.exe, 00000009.00000002.377638316.0000026C1A660000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://log.getdropbox.com/hpkp
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://log.getdropbox.com/log/expectct
Source: CapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/
Source: CapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lck/lck
Source: CapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lck_challengers_league/lckclz#https://lolesports.com/live/lpl/lplz#https
Source: CapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lck_challengers_leaguez
Source: CapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lckz
Source: CapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lcs
Source: CapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lcs/lcs
Source: CapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lcsz
Source: CapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lec/lec
Source: CapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lecz
Source: CapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lpl/lpl
Source: CapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lolesports.com/live/lplz
Source: CapsuleFarmer.exe, 00000009.00000003.310218201.0000026C1A6A5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362972091.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.377706721.0000026C1A6CE000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367636933.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310286166.0000026C1A6AA000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362309602.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.372098079.0000026C1A6CD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.369725690.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odvr.nic.cz/doh
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.12001:148f:fffe::1$
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/IIJ
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-queryIijhttps://doh.opendns.com/dns-query
Source: CapsuleFarmer.exe, 00000009.00000002.381112719.00007FFC60E4E000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scotthelme.report-uri.com/r/d/ct/reportOnly
Source: CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tobiassachs.report-uri.com/r/d/ct/reportOnly
Source: CapsuleFarmer.exe, 00000009.00000003.368818692.0000026C186CA000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362559293.0000026C18694000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370055336.0000026C186CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: CapsuleFarmer.exe, 00000009.00000003.362886302.0000026C1A665000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: CapsuleFarmer.exe, 00000009.00000002.377141947.0000026C18CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: CapsuleFarmer.exe, 00000009.00000002.377141947.0000026C18CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsp
Source: CapsuleFarmer.exe, 00000009.00000003.370264789.0000026C185D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: CapsuleFarmer.exe, 00000009.00000003.365052361.0000026C1892B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362496750.0000026C18902000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362766622.0000026C1892A000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362590565.0000026C18921000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.368776756.0000026C1892B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webauthn/#credential-parameters
Source: CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-browser-version
Source: CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-insecure-tls-certificates
Source: CapsuleFarmer.exe, 00000009.00000002.377141947.0000026C18CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-platform-name
Source: CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-strict-file-interactability
Source: CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies
Source: CapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#timeouts
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.287257294.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264923212.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284586690.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.284596659.000002176C62F000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289347089.000002176C632000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.384360231.00007FFC66CFA000.00000002.00000001.01000000.0000000D.sdmp, CapsuleFarmer.exe, 00000009.00000002.384946385.00007FFC67047000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.openssl.org/H
Source: CapsuleFarmer.exe, 00000009.00000003.310218201.0000026C1A6A5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362972091.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310286166.0000026C1A6AA000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362309602.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: CapsuleFarmer.exe, 00000000.00000003.296766971.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: CapsuleFarmer.exe, 00000009.00000002.373941920.0000026C17F10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/
Source: CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.selenium.dev/downloads/
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC658A00_2_00007FF78EC658A0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC765F80_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC7FDC80_2_00007FF78EC7FDC8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC84DC80_2_00007FF78EC84DC8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC7B3DC0_2_00007FF78EC7B3DC
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC6FFD80_2_00007FF78EC6FFD8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC71FE40_2_00007FF78EC71FE4
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC727E40_2_00007FF78EC727E4
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC857C00_2_00007FF78EC857C0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC765F80_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC7D0D80_2_00007FF78EC7D0D8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC690300_2_00007FF78EC69030
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC790500_2_00007FF78EC79050
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC850440_2_00007FF78EC85044
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC6FDEC0_2_00007FF78EC6FDEC
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC80D640_2_00007FF78EC80D64
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC74D600_2_00007FF78EC74D60
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC7D5880_2_00007FF78EC7D588
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC705940_2_00007FF78EC70594
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC82D400_2_00007FF78EC82D40
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC7DC080_2_00007FF78EC7DC08
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC6FC040_2_00007FF78EC6FC04
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC703AC0_2_00007FF78EC703AC
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC714E80_2_00007FF78EC714E8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC724180_2_00007FF78EC72418
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC7744C0_2_00007FF78EC7744C
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC764440_2_00007FF78EC76444
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC831CC0_2_00007FF78EC831CC
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC701C00_2_00007FF78EC701C0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC7115C0_2_00007FF78EC7115C
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC7FDC80_2_00007FF78EC7FDC8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC88B080_2_00007FF78EC88B08
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC71FE49_2_00007FF78EC71FE4
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC84DC89_2_00007FF78EC84DC8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC7B3DC9_2_00007FF78EC7B3DC
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC7115C9_2_00007FF78EC7115C
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC6FFD89_2_00007FF78EC6FFD8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC727E49_2_00007FF78EC727E4
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC857C09_2_00007FF78EC857C0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC765F89_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC7D0D89_2_00007FF78EC7D0D8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC658A09_2_00007FF78EC658A0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC690309_2_00007FF78EC69030
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC790509_2_00007FF78EC79050
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC850449_2_00007FF78EC85044
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC6FDEC9_2_00007FF78EC6FDEC
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC765F89_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC7FDC89_2_00007FF78EC7FDC8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC80D649_2_00007FF78EC80D64
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC74D609_2_00007FF78EC74D60
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC7D5889_2_00007FF78EC7D588
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC705949_2_00007FF78EC70594
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC82D409_2_00007FF78EC82D40
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC7DC089_2_00007FF78EC7DC08
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC6FC049_2_00007FF78EC6FC04
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC703AC9_2_00007FF78EC703AC
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC714E89_2_00007FF78EC714E8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC724189_2_00007FF78EC72418
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC7744C9_2_00007FF78EC7744C
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC764449_2_00007FF78EC76444
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC831CC9_2_00007FF78EC831CC
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC701C09_2_00007FF78EC701C0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC7FDC89_2_00007FF78EC7FDC8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC88B089_2_00007FF78EC88B08
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60875B009_2_00007FFC60875B00
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC608712809_2_00007FFC60871280
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60871AF09_2_00007FFC60871AF0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC608752E09_2_00007FFC608752E0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60878D709_2_00007FFC60878D70
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC608724909_2_00007FFC60872490
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC6087F4F09_2_00007FFC6087F4F0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60876EB09_2_00007FFC60876EB0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60872F809_2_00007FFC60872F80
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60F721D09_2_00007FFC60F721D0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60F632749_2_00007FFC60F63274
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60FF00CC9_2_00007FFC60FF00CC
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60F681749_2_00007FFC60F68174
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60F7D4609_2_00007FFC60F7D460
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60F6233C9_2_00007FFC60F6233C
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: 18_2_005056F018_2_005056F0
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: 18_2_003EFCF018_2_003EFCF0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: String function: 00007FF78EC61CB0 appears 38 times
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: String function: 00007FF78EC61C50 appears 88 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: CapsuleFarmer.exe, 00000000.00000003.275458028.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.274920903.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.286319176.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.277910099.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.282685802.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.269546339.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.280508659.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.277526058.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.280968506.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.265822684.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.279709789.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.279282106.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.267554179.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.273703844.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.267946079.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.281484325.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.292507238.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.272843421.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.270551751.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.272422412.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.278900268.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.278353924.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.268449487.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.274514311.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.283158559.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.276248728.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.274088516.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.275848537.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.270104937.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.266673628.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.273254936.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.271472649.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.267074154.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.283957567.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.277080366.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.260496706.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.271949485.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.276659904.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.262052583.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.281940970.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_elementtree.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.270976911.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.280118572.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000000.00000003.269066503.000002176C626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exeBinary or memory string: OriginalFilename vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.385016176.00007FFC67075000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.384360231.00007FFC66CFA000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamelibsslH vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.385057883.00007FFC72682000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.384199913.00007FFC66C3E000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.385193403.00007FFC73666000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.382058369.00007FFC60F55000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.384133048.00007FFC66C2D000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_elementtree.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.383864082.00007FFC61431000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.384076484.00007FFC66BFD000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.383915730.00007FFC65E62000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.384946385.00007FFC67047000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.385244098.00007FFC74687000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs CapsuleFarmer.exe
Source: CapsuleFarmer.exe, 00000009.00000002.385112765.00007FFC72764000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs CapsuleFarmer.exe
Source: CapsuleFarmer.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\CapsuleFarmer.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeSection loaded: symsrv.dllJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Windows\System32\reg.exe reg query HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon /v version
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile read: C:\Users\user\Desktop\CapsuleFarmer.exeJump to behavior
Source: CapsuleFarmer.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\CapsuleFarmer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\CapsuleFarmer.exe "C:\Users\user\Desktop\CapsuleFarmer.exe"
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Users\user\Desktop\CapsuleFarmer.exe "C:\Users\user\Desktop\CapsuleFarmer.exe"
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Windows\System32\reg.exe reg query HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon /v version
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exe chromedriver --port=49747
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Users\user\Desktop\CapsuleFarmer.exe "C:\Users\user\Desktop\CapsuleFarmer.exe" Jump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Windows\System32\reg.exe reg query HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon /v versionJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exe chromedriver --port=49747Jump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122Jump to behavior
Source: classification engineClassification label: sus31.evad.winEXE@10/66@0/1
Source: CapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: CapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC665D0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF78EC665D0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6496:120:WilError_01
Source: CapsuleFarmer.exeString found in binary or memory: expected DOCUMENT-START or STREAM-END
Source: CapsuleFarmer.exeString found in binary or memory: expected STREAM-START
Source: CapsuleFarmer.exeString found in binary or memory: did not find expected <stream-start>
Source: CapsuleFarmer.exeString found in binary or memory: expected SCALAR, SEQUENCE-START, MAPPING-START, or ALIAS
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: CapsuleFarmer.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: CapsuleFarmer.exeStatic file information: File size 7654945 > 1048576
Source: CapsuleFarmer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: CapsuleFarmer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: CapsuleFarmer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: CapsuleFarmer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: CapsuleFarmer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: CapsuleFarmer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: CapsuleFarmer.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: CapsuleFarmer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.280118572.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.281484325.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_elementtree.pdb source: CapsuleFarmer.exe, 00000000.00000003.262652537.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.384111884.00007FFC66C24000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.269066503.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: CapsuleFarmer.exe, 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.272422412.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.267554179.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.276659904.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.279282106.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: CapsuleFarmer.exe, 00000000.00000003.264915526.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.385138564.00007FFC72B53000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.281940970.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: CapsuleFarmer.exe, 00000009.00000002.384973301.00007FFC6705D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.270551751.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.277526058.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.275848537.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.278900268.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: CapsuleFarmer.exe, 00000000.00000003.260496706.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.385225705.00007FFC74681000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.267946079.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.273703844.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.266673628.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.268449487.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: CapsuleFarmer.exe, 00000009.00000002.384285507.00007FFC66CC5000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.278353924.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: CapsuleFarmer.exe, 00000009.00000002.384055551.00007FFC66BF2000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: CapsuleFarmer.exe, 00000000.00000003.265395705.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.383897082.00007FFC65E58000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.274514311.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: CapsuleFarmer.exe, 00000000.00000003.295471511.000002176C62B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: CapsuleFarmer.exe, 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.283158559.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: chromedriver.exe.pdb source: CapsuleFarmer.exe, 00000009.00000003.334673121.0000026C1B37D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: CapsuleFarmer.exe, 00000000.00000003.264453894.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: CapsuleFarmer.exe, 00000000.00000003.289334359.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.385178405.00007FFC73663000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.270104937.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: CapsuleFarmer.exe, 00000000.00000003.266276989.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.385098471.00007FFC72762000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.276248728.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: CapsuleFarmer.exe, 00000009.00000002.384285507.00007FFC66CC5000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python310.pdb source: CapsuleFarmer.exe, 00000009.00000002.381112719.00007FFC60E4E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: CapsuleFarmer.exe, 00000000.00000003.261504684.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.273254936.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: CapsuleFarmer.exe, 00000009.00000002.384752573.00007FFC66F4F000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.267074154.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.277910099.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.280508659.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.271949485.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: CapsuleFarmer.exe, 00000000.00000003.263159678.000002176C626000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.384183668.00007FFC66C36000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: CapsuleFarmer.exe, 00000000.00000003.274088516.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: CapsuleFarmer.exe, 00000009.00000002.384752573.00007FFC66F4F000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.272843421.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.283957567.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.274920903.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.277080366.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.275458028.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.269546339.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.280968506.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.271472649.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.270976911.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.279709789.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: CapsuleFarmer.exe, 00000009.00000002.384838475.00007FFC66FD1000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: CapsuleFarmer.exe, 00000000.00000003.282685802.000002176C626000.00000004.00000020.00020000.00000000.sdmp
Source: CapsuleFarmer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: CapsuleFarmer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: CapsuleFarmer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: CapsuleFarmer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: CapsuleFarmer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60F8F25D push rdi; ret 9_2_00007FFC60F8F264
Source: CapsuleFarmer.exeStatic PE information: section name: _RDATA
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: python310.dll.0.drStatic PE information: section name: PyRuntim
Source: chromedriver.exe.9.drStatic PE information: section name: .00cfg
Source: chromedriver.exe.9.drStatic PE information: section name: .rodata
Source: chromedriver.exe.9.drStatic PE information: section name: .voltbl
Source: chromedriver.exe.9.drStatic PE information: section name: CPADinfo
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: 0xF9CDD9FE [Mon Oct 23 03:31:10 2102 UTC]
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\yaml\_yaml.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\select.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64122\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC64710 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF78EC64710
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\CapsuleFarmer.exeAPI coverage: 6.6 %
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC765F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC66940 FindFirstFileExW,FindClose,0_2_00007FF78EC66940
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC765F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC80D64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF78EC80D64
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC765F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,9_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC765F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,9_2_00007FF78EC765F8
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC80D64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,9_2_00007FF78EC80D64
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC66940 FindFirstFileExW,FindClose,9_2_00007FF78EC66940
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60FD3290 FindFirstFileExW,FindNextFileW,FindClose,9_2_00007FFC60FD3290
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMnet
Source: CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: G../../net/url_request/url_request_context_getter.cc../../net/base/network_interfaces_win.ccWlanApiwlanapi.dllWlanOpenHandleWlanEnumInterfacesWlanQueryInterfaceWlanSetInterfaceWlanFreeMemoryWlanCloseHandleVMnetGetNetworkListGetAdaptersAddresses failed:
Source: CapsuleFarmer.exe, 00000009.00000003.305020027.0000026C188C1000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.365052361.0000026C1892B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362496750.0000026C18902000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375049085.0000026C1892E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362766622.0000026C1892A000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362590565.0000026C18921000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.368776756.0000026C1892B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: CapsuleFarmer.exe, 00000009.00000003.305020027.0000026C188C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWl

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_18-5715
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC79F80 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78EC79F80
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC82930 GetProcessHeap,0_2_00007FF78EC82930
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: 18_2_0083AE26 mov eax, dword ptr fs:[00000030h]18_2_0083AE26
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: 18_2_0084DD2B mov eax, dword ptr fs:[00000030h]18_2_0084DD2B
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC6A190 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,0_2_00007FF78EC6A190
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC79F80 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78EC79F80
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC6A344 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF78EC6A344
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC6A95C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78EC6A95C
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC6AB04 SetUnhandledExceptionFilter,0_2_00007FF78EC6AB04
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC6A190 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,9_2_00007FF78EC6A190
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC79F80 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF78EC79F80
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC6A344 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF78EC6A344
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC6A95C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF78EC6A95C
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FF78EC6AB04 SetUnhandledExceptionFilter,9_2_00007FF78EC6AB04
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60883240 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FFC60883240
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 9_2_00007FFC60883810 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FFC60883810
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: 18_2_0083F670 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_0083F670
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Users\user\Desktop\CapsuleFarmer.exe "C:\Users\user\Desktop\CapsuleFarmer.exe" Jump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Windows\System32\reg.exe reg query HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon /v versionJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeProcess created: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exe chromedriver --port=49747Jump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\selenium VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\selenium\webdriver VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\selenium\webdriver\common VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\selenium\webdriver\common\devtools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\selenium\webdriver\remote VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\_uuid.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\_elementtree.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\yaml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\yaml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\yaml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\yaml\_yaml.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\yaml VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\Desktop\CapsuleFarmer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: GetPrimaryLen,EnumSystemLocalesW,9_2_00007FFC60FCF3D4
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,9_2_00007FFC60FCD2F0
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: EnumSystemLocalesW,9_2_00007FFC60FCF36C
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: GetProcAddress,GetLocaleInfoW,9_2_00007FFC60F7D5C0
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: EnumSystemLocalesW,18_2_0084FA93
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: GetLocaleInfoW,18_2_008500BD
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: EnumSystemLocalesW,18_2_0084FEC5
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: EnumSystemLocalesW,18_2_0084C0ED
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,18_2_0084F83D
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: EnumSystemLocalesW,18_2_0084FD83
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,18_2_0084FFB7
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: GetLocaleInfoW,18_2_0084FDF0
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: GetLocaleInfoW,18_2_0084FF10
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,18_2_0084FB30
Source: C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exeCode function: GetLocaleInfoW,18_2_0084BB6C
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC88950 cpuid 0_2_00007FF78EC88950
Source: C:\Users\user\Desktop\CapsuleFarmer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC6A840 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF78EC6A840
Source: C:\Users\user\Desktop\CapsuleFarmer.exeCode function: 0_2_00007FF78EC84DC8 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF78EC84DC8

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		11
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory121
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Deobfuscate/Decode Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets1
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Timestomp		Cached Domain Credentials33
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
DLL Side-Loading		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 658201 Sample: CapsuleFarmer.bin Startdate: 06/07/2022 Architecture: WINDOWS Score: 31 6 CapsuleFarmer.exe 83 2->6         started        file3 22 C:\Users\user\...\_yaml.cp310-win_amd64.pyd, PE32+ 6->22 dropped 24 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 6->24 dropped 26 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 6->26 dropped 28 53 other files (none is malicious) 6->28 dropped 9 CapsuleFarmer.exe 4 6->9         started        13 conhost.exe 6->13         started        process4 dnsIp5 32 127.0.0.1 unknown unknown 9->32 30 C:\Users\user\AppData\...\chromedriver.exe, PE32 9->30 dropped 15 chromedriver.exe 1 9->15         started        18 reg.exe 1 9->18         started        20 cmd.exe 1 9->20         started        file6 process7 signatures8 34 Found API chain indicative of debugger detection 15->34

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
CapsuleFarmer.exe3%VirustotalBrowse
CapsuleFarmer.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI64122\VCRUNTIME140.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI64122\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64122\_bz2.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI64122\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64122\_decimal.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI64122\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64122\_elementtree.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI64122\_elementtree.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64122\_hashlib.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI64122\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64122\_lzma.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI64122\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64122\_queue.pyd0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\_MEI64122\_queue.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://dns10.quad9.net/dns-query0%URL Reputationsafe
https://doh.cleanbrowsing.org/doh/security-filter0%URL Reputationsafe
https://public.dns.iij.jp/0%URL Reputationsafe
http://127.0.0.1:4444/wd/hub0%Avira URL Cloudsafe
http://crl.startssl.com/sfsca.crl0f0%URL Reputationsafe
https://public.dns.iij.jp/dns-queryIijhttps://doh.opendns.com/dns-query0%Avira URL Cloudsafe
https://dns11.quad9.net/dns-query0%URL Reputationsafe
https://scotthelme.report-uri.com/r/d/ct/reportOnly0%URL Reputationsafe
https://www.selenium.dev/downloads/0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-browser-version0%Avira URL Cloudsafe
https://public.dns.iij.jp/IIJ0%URL Reputationsafe
https://w3c.github.io/webdriver/#dfn-insecure-tls-certificates0%Avira URL Cloudsafe
https://cleanbrowsing.org/privacyCleanBrowsing0%URL Reputationsafe
https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.00%URL Reputationsafe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%URL Reputationsafe
http://www.startssl.com/policy00%URL Reputationsafe
https://matteomarescotti.report-uri.com/r/d/ct/reportOnly0%URL Reputationsafe
https://dns.quad9.net/dns-query0%URL Reputationsafe
http://127.0.0.1:%s/status0%Avira URL Cloudsafe
https://doh.dns.sb/dns-query?no_ecs=true0%URL Reputationsafe
http://report-example.test/test0%URL Reputationsafe
https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query0%URL Reputationsafe
https://public.dns.iij.jp/dns-query0%URL Reputationsafe
http://aia.startssl.com/certs/ca.crt020%URL Reputationsafe
https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:110%Avira URL Cloudsafe
http://html4/loose.dtd0%Avira URL Cloudsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
http://schemas.mi0%URL Reputationsafe
http://127.0.0.1:44440%Avira URL Cloudsafe
http://ocsp.digif0%Avira URL Cloudsafe
https://chromedevtools.github.io/devtools-protocol/0%Avira URL Cloudsafe
https://dns.google/dns-query0%URL Reputationsafe
http://.css0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#timeouts0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-platform-name0%Avira URL Cloudsafe
https://w3c.github.io/html/sec-forms.html#multipart-form-data0%URL Reputationsafe
http://www.w3.o0%URL Reputationsafe
https://www.quad9.net/home/privacy/Quad90%Avira URL Cloudsafe
http://wpad/wpad.dat../../net/proxy_resolution/pac_file_decider.ccDoWaitDoQuickCheckFindProxyForURL0%Avira URL Cloudsafe
http://.jpg0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-strict-file-interactability0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies0%Avira URL Cloudsafe
https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:100%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://cloud.google.com/appengine/docs/standard/runtimesCapsuleFarmer.exe, 00000009.00000002.377141947.0000026C18CC0000.00000004.00001000.00020000.00000000.sdmpfalse
    		high
    http://ocsp1.wosign.com/ca104CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://dns10.quad9.net/dns-queryCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://doh.familyshield.opendns.com/dns-queryCapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://doh.cleanbrowsing.org/doh/security-filterCapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://public.dns.iij.jp/CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://python.org/dev/peps/pep-0263/CapsuleFarmer.exe, 00000009.00000002.381112719.00007FFC60E4E000.00000002.00000001.01000000.00000005.sdmpfalse
          		high
          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#CapsuleFarmer.exe, 00000009.00000003.302163015.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.302180879.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301845928.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367164203.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363665084.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.373799290.0000026C17DE9000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.371334167.0000026C17DE6000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301975748.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370799467.0000026C17DE5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362245678.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301965144.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://127.0.0.1:4444/wd/hubCapsuleFarmer.exe, 00000009.00000003.368818692.0000026C186CA000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362559293.0000026C18694000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370055336.0000026C186CA000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://tools.ietf.org/html/rfc2388#section-4.4CapsuleFarmer.exe, 00000009.00000003.368818692.0000026C186CA000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362559293.0000026C18694000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370055336.0000026C186CA000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://crl.startssl.com/sfsca.crl0fCapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://chromedriver.chromium.org/homepCapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://lolesports.com/live/lcs/lcsCapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://public.dns.iij.jp/dns-queryIijhttps://doh.opendns.com/dns-queryCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://dns11.quad9.net/dns-queryCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://lolesports.com/live/leczCapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://lolesports.com/live/lec/lecCapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://scotthelme.report-uri.com/r/d/ct/reportOnlyCapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.selenium.dev/downloads/CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://clients3.google.com/ct_uploadCapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://w3c.github.io/webdriver/#dfn-browser-versionCapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://chromium.googlesource.com/chromium/src/CapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://dns.switch.ch/dns-queryCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://json.orgCapsuleFarmer.exe, 00000009.00000003.315793249.0000026C18AAB000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362162033.0000026C18AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://public.dns.iij.jp/IIJCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688CapsuleFarmer.exe, 00000009.00000002.374157070.0000026C17F98000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://w3c.github.io/webdriver/#dfn-insecure-tls-certificatesCapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://l.twimg.com/i/hpkp_reportCapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://httpbin.org/CapsuleFarmer.exe, 00000009.00000002.377638316.0000026C1A660000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://cleanbrowsing.org/privacyCleanBrowsingCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerCapsuleFarmer.exe, 00000009.00000003.302163015.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.302180879.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301845928.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367164203.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363665084.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.373799290.0000026C17DE9000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.371334167.0000026C17DE6000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301975748.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370799467.0000026C17DE5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362245678.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301965144.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://developers.google.com/speed/public-dns/privacyGoogleCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://httpbin.org/CapsuleFarmer.exe, 00000009.00000002.377638316.0000026C1A660000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://doh.opendns.com/dns-queryCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlCapsuleFarmer.exe, 00000009.00000003.370208809.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362546678.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363950015.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370768565.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370431224.0000026C18978000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.startssl.com/policy0CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://matteomarescotti.report-uri.com/r/d/ct/reportOnlyCapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://github.com/SeleniumHQ/selenium/wiki/DesiredCapabilitiesCapsuleFarmer.exe, 00000009.00000003.368848110.0000026C18908000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310192348.0000026C18AAF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370595059.0000026C18909000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.305020027.0000026C188C1000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334933785.0000026C18AAD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.372461004.0000026C1890A000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362496750.0000026C18902000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375693384.0000026C18AB5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.315793249.0000026C18AAB000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362162033.0000026C18AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://lolesports.com/live/lck_challengers_leaguezCapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://dns.quad9.net/dns-queryCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.symauth.com/cps0(CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://127.0.0.1:%s/statusCapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535CapsuleFarmer.exe, 00000009.00000003.369853280.0000026C18A89000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367282155.0000026C18A7E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363648115.0000026C18A72000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363665084.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362045592.0000026C18A72000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363906089.0000026C18A7B000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362245678.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syCapsuleFarmer.exe, 00000009.00000003.302163015.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.302180879.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301845928.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367164203.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363665084.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.373799290.0000026C17DE9000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.371334167.0000026C17DE6000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301975748.0000026C17DFF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362203583.0000026C17DDD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370799467.0000026C17DE5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362245678.0000026C17DFD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.301965144.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://doh.dns.sb/dns-query?no_ecs=trueCapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only#CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://report-example.test/testCapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.symauth.com/rpa0)CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-queryCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://odvr.nic.cz/dohodvr.nic.cz185.43.135.12001:148f:fffe::1$CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://chromedriver.chromium.org/homeCapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tools.ietf.org/html/rfc6125#section-6.4.3CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362848560.0000026C188F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.symauth.com/rpa00CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://public.dns.iij.jp/dns-queryCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/wsdl/CapsuleFarmer.exe, 00000009.00000002.378375763.0000026C1AB98000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://aia.startssl.com/certs/ca.crt02CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyCapsuleFarmer.exe, 00000009.00000003.301965144.0000026C17DF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmCapsuleFarmer.exe, 00000009.00000003.370208809.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362546678.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363950015.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370768565.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370431224.0000026C18978000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://google.com/CapsuleFarmer.exe, 00000009.00000003.362590565.0000026C18921000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370391417.0000026C1894E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://html4/loose.dtdCapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		low
                                                                            https://mahler:8092/site-updates.pyCapsuleFarmer.exe, 00000009.00000003.310218201.0000026C1A6A5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362972091.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.377706721.0000026C1A6CE000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.367636933.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310286166.0000026C1A6AA000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362309602.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.372098079.0000026C1A6CD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.369725690.0000026C1A6A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		low
                                                                            http://schemas.miCapsuleFarmer.exefalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://lolesports.com/live/lck/lckCapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://127.0.0.1:4444CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocolCapsuleFarmer.exe, 00000009.00000003.368848110.0000026C18908000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310192348.0000026C18AAF000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370595059.0000026C18909000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.305020027.0000026C188C1000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.377415439.0000026C18DC0000.00000004.00001000.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334933785.0000026C18AAD000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.372461004.0000026C1890A000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362496750.0000026C18902000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375693384.0000026C18AB5000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.315793249.0000026C18AAB000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362162033.0000026C18AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.python.org/download/releases/2.3/mro/.CapsuleFarmer.exe, 00000009.00000002.373941920.0000026C17F10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyCapsuleFarmer.exe, 00000009.00000002.377141947.0000026C18CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://dns.switch.ch/dns-querydns.switch.ch130.59.31.251130.59.31.2482001:620:0:ff::22001:620:0:ff:CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://ocsp.digifCapsuleFarmer.exe, 00000000.00000003.285546633.000002176C626000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://clients3.google.com/cert_upload_jsonCapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://chromedevtools.github.io/devtools-protocol/CapsuleFarmer.exe, 00000009.00000003.363109189.0000026C18A9E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.361841793.0000026C18A9E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.315750133.0000026C18A9E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.310213772.0000026C18A9E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://github.com/urllib3/urllib3/issues/497CapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://dns.google/dns-queryCapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://.cssCapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		low
                                                                                          https://w3c.github.io/webdriver/#timeoutsCapsuleFarmer.exe, 00000009.00000002.378012209.0000026C1AA64000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/CloudflareCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.w3.CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://yahoo.com/CapsuleFarmer.exe, 00000009.00000003.362945766.0000026C1A66E000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362496750.0000026C18902000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362287850.0000026C1A66C000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.375028343.0000026C18925000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.372931902.0000026C18923000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.361857119.0000026C1A667000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362590565.0000026C18921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://w3c.github.io/webdriver/#dfn-platform-nameCapsuleFarmer.exe, 00000009.00000002.377141947.0000026C18CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6CapsuleFarmer.exe, 00000009.00000003.371071096.0000026C18A52000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.369914017.0000026C18A45000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362017570.0000026C18A3D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://chromedriver.chromium.org/security-considerationsCapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.wosign.com/policy/0CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://developers.google.com/speed/public-dns/privacyCapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://w3c.github.io/html/sec-forms.html#multipart-form-dataCapsuleFarmer.exe, 00000009.00000003.370264789.0000026C185D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://www.iana.org/time-zones/repository/tz-link.htmlCapsuleFarmer.exe, 00000009.00000003.370208809.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362546678.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.363950015.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370768565.0000026C18978000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.370431224.0000026C18978000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.w3.oCapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningspCapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://lolesports.com/live/lck_challengers_league/lckclz#https://lolesports.com/live/lpl/lplz#httpsCapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.quad9.net/home/privacy/Quad9CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://www.symauth.com/rpa0CapsuleFarmer.exe, 00000009.00000003.333550150.0000026C1A929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://wpad/wpad.dat../../net/proxy_resolution/pac_file_decider.ccDoWaitDoQuickCheckFindProxyForURLCapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		low
                                                                                                                http://.jpgCapsuleFarmer.exe, 00000009.00000003.333409517.0000026C1A83D000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.334580835.0000026C1B2B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		low
                                                                                                                https://lolesports.com/live/lpl/lplCapsuleFarmer.exe, 00000009.00000002.375760569.0000026C18AC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://w3c.github.io/webdriver/#dfn-strict-file-interactabilityCapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategiesCapsuleFarmer.exe, 00000009.00000002.376143254.0000026C18BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10CapsuleFarmer.exe, 00000009.00000003.329598316.0000026C1A790000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.328030783.0000026C1A921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://lolesports.com/live/lcszCapsuleFarmer.exe, 00000009.00000003.363273901.0000026C18675000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000003.362383714.0000026C18673000.00000004.00000020.00020000.00000000.sdmp, CapsuleFarmer.exe, 00000009.00000002.374662362.0000026C18675000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious

                                                                                                                    Private

                                                                                                                    IP
                                                                                                                    127.0.0.1

                                                                                                                    General Information

                                                                                                                    Joe Sandbox Version:35.0.0 Citrine
                                                                                                                    Analysis ID:658201
                                                                                                                    Start date and time: 06/07/202217:22:152022-07-06 17:22:15 +02:00
                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                    Overall analysis duration:0h 10m 20s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Sample file name:CapsuleFarmer.bin (renamed file extension from bin to exe)
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                    Number of analysed new started processes analysed:29
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:0
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • HDC enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Detection:SUS
                                                                                                                    Classification:sus31.evad.winEXE@10/66@0/1
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 100%
                                                                                                                    HDC Information:
                                                                                                                    • Successful, ratio: 14.4% (good quality ratio 11.7%)
                                                                                                                    • Quality average: 59.7%
                                                                                                                    • Quality standard deviation: 36.6%
                                                                                                                    HCA Information:Failed
                                                                                                                    Cookbook Comments:
                                                                                                                    • Adjust boot time
                                                                                                                    • Enable AMSI

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                    • Excluded IPs from analysis (whitelisted): 172.217.168.80
                                                                                                                    • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, fs.microsoft.com, chromedriver.storage.googleapis.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    No simulations

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    No context

                                                                                                                    Domains

                                                                                                                    No context

                                                                                                                    ASNs

                                                                                                                    No context

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI64122\VCRUNTIME140.dllchecker_no_login.exeGet hashmaliciousBrowse
                                                                                                                      n.exeGet hashmaliciousBrowse
                                                                                                                        nuker.exe.exeGet hashmaliciousBrowse
                                                                                                                          silent_vira.exeGet hashmaliciousBrowse
                                                                                                                            silent_vira.exeGet hashmaliciousBrowse
                                                                                                                              football.exeGet hashmaliciousBrowse
                                                                                                                                ShieldGenerator.exeGet hashmaliciousBrowse
                                                                                                                                  2FcW2nJG57.exeGet hashmaliciousBrowse
                                                                                                                                    GetFans.exeGet hashmaliciousBrowse
                                                                                                                                      Nitro_Generator.exeGet hashmaliciousBrowse
                                                                                                                                        Eth_Pay.exeGet hashmaliciousBrowse
                                                                                                                                          HOW_TO_NFT.pdf.exeGet hashmaliciousBrowse
                                                                                                                                            Setup.exeGet hashmaliciousBrowse
                                                                                                                                              BlueScreen.exeGet hashmaliciousBrowse
                                                                                                                                                Redline-Stealer-main.exeGet hashmaliciousBrowse
                                                                                                                                                  Xsploit.exeGet hashmaliciousBrowse
                                                                                                                                                    main.exeGet hashmaliciousBrowse
                                                                                                                                                      ViperCracker.exeGet hashmaliciousBrowse
                                                                                                                                                        PacManV1.1.exeGet hashmaliciousBrowse
                                                                                                                                                          nitro-sniper.exeGet hashmaliciousBrowse

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\VCRUNTIME140.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):97168
                                                                                                                                                            Entropy (8bit):6.424686954579329
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
                                                                                                                                                            MD5:A87575E7CF8967E481241F13940EE4F7
                                                                                                                                                            SHA1:879098B8A353A39E16C79E6479195D43CE98629E
                                                                                                                                                            SHA-256:DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
                                                                                                                                                            SHA-512:E112F267AE4C9A592D0DD2A19B50187EB13E25F23DED74C2E6CCDE458BCDAEE99F4E3E0A00BAF0E3362167AE7B7FE4F96ECBCD265CC584C1C3A4D1AC316E92F0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                            • Filename: checker_no_login.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: n.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: nuker.exe.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: silent_vira.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: silent_vira.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: football.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: ShieldGenerator.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: 2FcW2nJG57.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: GetFans.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: Nitro_Generator.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: Eth_Pay.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: HOW_TO_NFT.pdf.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: BlueScreen.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: Redline-Stealer-main.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: Xsploit.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: ViperCracker.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: PacManV1.1.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: nitro-sniper.exe, Detection: malicious, Browse
                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...Y.-a.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\_bz2.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):79824
                                                                                                                                                            Entropy (8bit):6.491046686623371
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:szXz7Bgrj7FUHfuwttm8ebvwyBIMtVk7SyNU:oXzVMFOfuIRebvwyBIMtVk8
                                                                                                                                                            MD5:A1FBCFBD82DE566A6C99D1A7AB2D8A69
                                                                                                                                                            SHA1:3E8BA4C925C07F17C7DFFAB8FBB7B8B8863CAD76
                                                                                                                                                            SHA-256:0897E209676F5835F62E5985D7793C884FD91B0CFDFAFF893FC05176F2F82095
                                                                                                                                                            SHA-512:55679427C041B2311CFF4E97672102962F9D831E84F06F05600ECDC3826F6BE5046AA541955F57F06E82EE72A4EE36F086DA1F664F493FBE4CC0806E925AFA04
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+..>o.mo.mo.mf.=me.m=..lm.m..Sml.m=..lc.m=..lg.m=..lk.m..ll.m...lm.mo.m0.m..lg.m..ln.m.Qmn.m..ln.mRicho.m................PE..d...k.;b.........." .........\..............................................P......L?....`......................................... ...H...h........0....... ..,............@......`...T...............................8............................................text.............................. ..`.rdata...=.......>..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\_decimal.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):248272
                                                                                                                                                            Entropy (8bit):6.520017293014889
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:mqdhOW8XTMJQ3cWvod/fCVJya9qWMa3pLW1A1/h84nHvX:nOW8wJN9R0QgznPX
                                                                                                                                                            MD5:09BE0CAF0E2BD7BEA37A27527CB13C2E
                                                                                                                                                            SHA1:E543B614B3D008514979697A458B6D075B62E037
                                                                                                                                                            SHA-256:2673B0EC0769C2513CFB63D72CBFADD3DD43963D30DDC368C6232DAB1F607EE1
                                                                                                                                                            SHA-512:5B98FB115E40A03B67A24CB18B2C2549EFE8E15E7C1674D00307453EC0550D340CF4EA5BC4EEE856ACFA53BFD0F138D5CAE771399DB444091F3B8D2EEA6C4CFB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.:.`.T.`.T.`.T.i..n.T.2.U.b.T.2.Q.l.T.2.P.h.T.2.W.d.T..U.c.T...U.b.T.`.U...T..W.a.T..Y.o.T..T.a.T....a.T..V.a.T.Rich`.T.........PE..d...O.;b.........." .....r...:......................................................aM....`..........................................T..P...@U...................'..............<... ...T...............................8............................................text....q.......r.................. ..`.rdata...............v..............@..@.data....)...p...$...N..............@....pdata...'.......(...r..............@..@.rsrc...............................@..@.reloc..<...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\_elementtree.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):124368
                                                                                                                                                            Entropy (8bit):6.323194685073362
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:jd58ohq7BSOEpSHOIS+CgSenCODxr9MJ8MJTMJ4MJZnH750kYEuxIM1f/+:jo7BSOAjIS+yEVD997IDkb50Ou6
                                                                                                                                                            MD5:74141475205188B2B2E0E0366BFD7245
                                                                                                                                                            SHA1:2B1221EBF629565769239596D1266DBE9794DF77
                                                                                                                                                            SHA-256:5C5037F6896F83E0F4CA55EFB8557227C02A1097BB4338BC579785609FEF7FE3
                                                                                                                                                            SHA-512:801530A7F4A9977111E8F482883B9B8374D6B6D16972B42870ADD02331BF8D8E26C5734D578CC81A17BE77223D2D871B09818943DD8E507A349FE27C296A54DC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............j...j...j......j.k...j.o...j.n...j.i...j.E.k...j.+.k...j...k.^.j.E.g...j.E.j...j.E.....j.E.h...j.Rich..j.................PE..d...L.;b.........." .....*...........y....................................................`.............................................X......x...............................P....I..T............................J..8............@...............................text...i(.......*.................. ..`.rdata..bg...@...h..................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\_hashlib.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):60880
                                                                                                                                                            Entropy (8bit):6.063310063277386
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:8nvx+iVPY7S+NbM2S2uoU1lyZjWv4so5IM5IkzrYiSyvchym:FWPYW+Nbs2uP1UZjWv1o5IM5I4r7Syrm
                                                                                                                                                            MD5:AD6E31DBA413BE7E082FAB3DBAFB3ECC
                                                                                                                                                            SHA1:F26886C841D1C61FB0DA14E20E57E7202EEFBACC
                                                                                                                                                            SHA-256:2E30544D07F1C55D741B03992EA57D1AA519EDAAA121E889F301A5B8B6557FE4
                                                                                                                                                            SHA-512:6401664E5C942D98C6FA955CC2424DFA0C973BD0AC1E515F7640C975BBA366AF1B3E403EA50E753F837DCD82A04AF2CE043E22B15FA9976AF7CBB30B3AC80452
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........SQ..2?.2?.2?.J..2?..G>.2?..G:.2?..G;.2?..G<.2?..G>.2?.i@>.2?.:K>.2?.2>.<2?..G2.2?..G?.2?..G..2?..G=.2?.Rich.2?.................PE..d...g.;b.........." .....P...........<..............................................Z.....`.............................................P...`...................................T....k..T............................k..8............`.. ............................text....N.......P.................. ..`.rdata..dP...`...R...T..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\_lzma.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):154064
                                                                                                                                                            Entropy (8bit):6.806339070341912
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:rD6xBrqs+vs0H0q8bnpbVZbXsAI0znfo9mNoJ5vSpxpBIMe19cc:rD63rcRLCV+qwYOJ50Pk
                                                                                                                                                            MD5:A6BEE109071BBCF24E4D82498D376F82
                                                                                                                                                            SHA1:1BABACDFAA60E39E21602908047219D111ED8657
                                                                                                                                                            SHA-256:CE72D59A0E96077C9EA3F1FD7B011287248DC8D80FD3C16916A1D9040A9A941F
                                                                                                                                                            SHA-512:8CB2DAFD19F212E71FA32CB74DAD303AF68EAA77A63CCF6D3A6AE82E09AC988F71FE82F8F2858A9C616B06DC42023203FA9F7511FAC32023BE0BC8392272C336
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.l....................X.......X.......X.......X..........................o......0........................Rich....................PE..d...x.;b.........." .....^...........2..............................................!.....`.............................................L...,...x....`.......@.......:.......p..D...H{..T............................{..8............p...............................text....].......^.................. ..`.rdata.......p.......b..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..D....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\_queue.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):27600
                                                                                                                                                            Entropy (8bit):6.257072196493869
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:vfqkQfdUCUFYS9F6Xg6rEGSSVYptTDbFIM7UoIYiSy1pCQW3hL8:sdUC+F6rEGSSVYTFIM7UxYiSyvQho
                                                                                                                                                            MD5:8DD33FE76645636520C5D976B8A2B6FC
                                                                                                                                                            SHA1:12988DDD52CBB0CE0F3B96CE19A1827B237ED5F7
                                                                                                                                                            SHA-256:8E7E758150EA066299A956F268C3EB04BC800E9F3395402CD407C486844A9595
                                                                                                                                                            SHA-512:E7B4B5662EBD8EFB2E4B6F47EB2021AFACD52B100DB2DF66331CA79A4FB2149CAC621D5F18AB8AB9CFADBD677274DB798EBAD9B1D3E46E29F4C92828FD88C187
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a.B...B...B...K..@.......@.......I.......J.......A.......A......@...B...........C.......C.......C.......C...RichB...........PE..d...P.;b.........." .........6.......................................................x....`.........................................@C..L....C..d....p.......`.......L...............3..T...........................p3..8............0.. ............................text...*........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\_socket.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):75216
                                                                                                                                                            Entropy (8bit):6.144161991303721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:0mtvsZWgzruIAl9/s+S+pByXc/+lvFIMQwY7Sy3:z5IJzrAl9/sT+pB8c/SvFIMQwYJ
                                                                                                                                                            MD5:C5378BAC8C03D7EF46305EE8394560F5
                                                                                                                                                            SHA1:2AA7BC90C0EC4D21113B8AA6709569D59FADD329
                                                                                                                                                            SHA-256:130DE3506471878031AECC4C9D38355A4719EDD3786F27262A724EFC287A47B9
                                                                                                                                                            SHA-512:1ECB88C62A9DAAD93EC85F137440E782DCC40D7F1598B5809AB41BF86A5C97224E2361C0E738C1387C6376F2F24D284583FD001C4E1324D72D6989D0B84BF856
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w...............nk......c.......c.......c.......c......[c..........P...5d......[c......[c......[c......[c......Rich............................PE..d...c.;b.........." .....l...........%.......................................P......Q.....`.............................................P............0....... ..<............@..........T..............................8............................................text...Vj.......l.................. ..`.rdata..Ts.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\_ssl.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):156624
                                                                                                                                                            Entropy (8bit):5.946961436538374
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:l9Y1GpXg28PqCBWZxVkc85nu9ekFc8j8V+AOXLkdWXxZIIkjIIBIMt7LU:l9Y0BgdqCETavu9L6V+RrIo
                                                                                                                                                            MD5:9D810454BC451FF440EC95DE36088909
                                                                                                                                                            SHA1:8C890B934A2D84C548A09461CA1E783810F075BE
                                                                                                                                                            SHA-256:5A4C78ADEDF0BCB5FC422FAAC619B4C7B57E3D7BA4F2D47A98C1FB81A503B6B7
                                                                                                                                                            SHA-512:0800666F848FAEC976366DBFD2C65E7B7E1D8375D5D9E7D019BF364A1F480216C271C3BCF994DBAB19290D336CF691CD8235E636F3DBC4D2A77F4760871C19ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.D. .*. .*. .*.)..&.*.r.+.".*.r./.,.*.r...(.*.r.).#.*...+.".*...+.$.*. .+...*...+.'.*...'.".*...*.!.*.....!.*...(.!.*.Rich .*.........................PE..d...n.;b.........." ................l*............................................... ....`.............................................d............`.......P.......D.......p..8.......T...............................8............................................text.............................. ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B........................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\_uuid.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):21456
                                                                                                                                                            Entropy (8bit):6.2652192437662
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:VvEaNKFDyRTxXK5BIMewkHIYiSy1pCQ1DvfehLC:VTNK4R9XK5BIMewHYiSyv1mhm
                                                                                                                                                            MD5:6CFC03BC247A7B8C3C38F1841319F348
                                                                                                                                                            SHA1:C28CF20C3E1839CFF5DCE35A9FFD20AA4AC2A2CF
                                                                                                                                                            SHA-256:B7FD172339478ADAA5F4060EB760F905A2AF55CE7E017B57DE61EE09DCB09750
                                                                                                                                                            SHA-512:BD123566A104568E2EC407B35446CB07C660035A77A1E11A8D8D90518C1A83B6815BF694676FA003B074126DCD0594457195F835DF7BC828DF1195DB6584D23B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&4F.bU(.bU(.bU(.k-..`U(.0 ).`U(.0 -.iU(.0 ,.jU(.0 +.aU(.. ).`U(..').gU(.bU).KU(.. .cU(.. (.cU(.. ..cU(.. *.cU(.RichbU(.........................PE..d...T.;b.........." .........&...... ........................................p......#.....`......................................... )..L...l)..x....P.......@.......4.......`..<...."..T...........................`"..8............ ..0............................text...X........................... ..`.rdata..f.... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..<....`.......2..............@..B................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12240
                                                                                                                                                            Entropy (8bit):6.608323768366966
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:KFOWWthWzWf9BvVVWQ4mWqyVT/gqnajKsrCS81:uZWthWeN01IlGsrCt
                                                                                                                                                            MD5:07EBE4D5CEF3301CCF07430F4C3E32D8
                                                                                                                                                            SHA1:3B878B2B2720915773F16DBA6D493DAB0680AC5F
                                                                                                                                                            SHA-256:8F8B79150E850ACC92FD6AAB614F6E3759BEA875134A62087D5DD65581E3001F
                                                                                                                                                            SHA-512:6C7E4DF62EBAE9934B698F231CF51F54743CF3303CD758573D00F872B8ECC2AF1F556B094503AAE91100189C0D0A93EAF1B7CAFEC677F384A1D7B4FDA2EEE598
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0............`A........................................p...,............ ...................!..............p............................................................................rdata..d...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11736
                                                                                                                                                            Entropy (8bit):6.6074868843808785
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:PUWthW6Wf9BvVVWQ4SWZifvXqnajJ6HNbLet:MWthW3NhXll6HZm
                                                                                                                                                            MD5:557405C47613DE66B111D0E2B01F2FDB
                                                                                                                                                            SHA1:DE116ED5DE1FFAA900732709E5E4EEF921EAD63C
                                                                                                                                                            SHA-256:913EAAA7997A6AEE53574CFFB83F9C9C1700B1D8B46744A5E12D76A1E53376FD
                                                                                                                                                            SHA-512:C2B326F555B2B7ACB7849402AC85922880105857C616EF98F7FB4BBBDC2CD7F2AF010F4A747875646FCC272AB8AA4CE290B6E09A9896CE1587E638502BD4BEFB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...p.~..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11728
                                                                                                                                                            Entropy (8bit):6.622854484071805
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:tlWthWFWf9BvVVWQ4mWIzWLiP+CjAWqnajKsNb7:/WthWANnWLiP+CcWlGsNb7
                                                                                                                                                            MD5:624401F31A706B1AE2245EB19264DC7F
                                                                                                                                                            SHA1:8D9DEF3750C18DDFC044D5568E3406D5D0FB9285
                                                                                                                                                            SHA-256:58A8D69DF60ECBEE776CD9A74B2A32B14BF2B0BD92D527EC5F19502A0D3EB8E9
                                                                                                                                                            SHA-512:3353734B556D6EEBC57734827450CE3B34D010E0C033E95A6E60800C0FDA79A1958EBF9053F12054026525D95D24EEC541633186F00F162475CEC19F07A0D817
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...YJ..........." .........................................................0.......s....`A........................................p................ ...................!..............p............................................................................rdata..T...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11728
                                                                                                                                                            Entropy (8bit):6.670771733256744
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:1mxD3+HWthWiWf9BvVVWQ4WWuhD7DiqnajKswz3:19HWthWfN/GlGswz3
                                                                                                                                                            MD5:2DB5666D3600A4ABCE86BE0099C6B881
                                                                                                                                                            SHA1:63D5DDA4CEC0076884BC678C691BDD2A4FA1D906
                                                                                                                                                            SHA-256:46079C0A1B660FC187AAFD760707F369D0B60D424D878C57685545A3FCE95819
                                                                                                                                                            SHA-512:7C6E1E022DB4217A85A4012C8E4DAEE0A0F987E4FBA8A4C952424EF28E250BAC38B088C242D72B4641157B7CC882161AEFA177765A2E23AFCDC627188A084345
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....^[..........." .........................................................0......@^....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):15328
                                                                                                                                                            Entropy (8bit):6.561472518225768
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:RaNYPvVX8rFTsoWthWgWf9BvVVWQ4SWfMaPOoI80Hy5qnajslBE87QyX:HPvVXqWthWlN2WlslEE87Qw
                                                                                                                                                            MD5:0F7D418C05128246AFA335A1FB400CB9
                                                                                                                                                            SHA1:F6313E371ED5A1DFFE35815CC5D25981184D0368
                                                                                                                                                            SHA-256:5C9BC70586AD538B0DF1FCF5D6F1F3527450AE16935AA34BD7EB494B4F1B2DB9
                                                                                                                                                            SHA-512:7555D9D3311C8622DF6782748C2186A3738C4807FC58DF2F75E539729FC4069DB23739F391950303F12E0D25DF9F065B4C52E13B2EBB6D417CA4C12CFDECA631
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...*.;A.........." .........................................................@.......m....`A........................................p................0...................!..............p............................................................................rdata..<...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11728
                                                                                                                                                            Entropy (8bit):6.638884356866373
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:jlWaWthWAWf9BvVVWQ4WWloprVP+CjAWqnajKsNWqL:jIaWthWFNxtVP+CcWlGsNxL
                                                                                                                                                            MD5:5A72A803DF2B425D5AAFF21F0F064011
                                                                                                                                                            SHA1:4B31963D981C07A7AB2A0D1A706067C539C55EC5
                                                                                                                                                            SHA-256:629E52BA4E2DCA91B10EF7729A1722888E01284EED7DDA6030D0A1EC46C94086
                                                                                                                                                            SHA-512:BF44997C405C2BA80100EB0F2FF7304938FC69E4D7AE3EAC52B3C236C3188E80C9F18BDA226B5F4FDE0112320E74C198AD985F9FFD7CEA99ACA22980C39C7F69
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...=+vj.........." .........................................................0.......N....`A........................................p...L............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11744
                                                                                                                                                            Entropy (8bit):6.744400973311854
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:imdzvQzEWthWwMVDEs3f0DHDsVBIwgmqvrnDD0ADEs3TDL2L4m2grMWaLN5DEs3r:v3WthWyWf9BvVVWQ4SWVVFJqqnajW2y
                                                                                                                                                            MD5:721B60B85094851C06D572F0BD5D88CD
                                                                                                                                                            SHA1:4D0EE4D717AEB9C35DA8621A545D3E2B9F19B4E7
                                                                                                                                                            SHA-256:DAC867476CAA42FF8DF8F5DFE869FFD56A18DADEE17D47889AFB69ED6519AFBF
                                                                                                                                                            SHA-512:430A91FCECDE4C8CC4AC7EB9B4C6619243AB244EE88C34C9E93CA918E54BD42B08ACA8EA4475D4C0F5FA95241E4AACB3206CBAE863E92D15528C8E7C9F45601B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......T`....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11736
                                                                                                                                                            Entropy (8bit):6.638488013343178
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:frWthWFWf9BvVVWQ4SWNOfvXqnajJ6H4WJ:frWthWANRXll6H4WJ
                                                                                                                                                            MD5:D1DF480505F2D23C0B5C53DF2E0E2A1A
                                                                                                                                                            SHA1:207DB9568AFD273E864B05C87282987E7E81D0BA
                                                                                                                                                            SHA-256:0B3DFB8554EAD94D5DA7859A12DB353942406F9D1DFE3FAC3D48663C233EA99D
                                                                                                                                                            SHA-512:F14239420F5DD84A15FF5FCA2FAD81D0AA9280C566FA581122A018E10EBDF308AC0BF1D3FCFC08634C1058C395C767130C5ABCA55540295C68DF24FFD931CA0A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....(..........." .........................................................0......;.....`A........................................p...`............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12256
                                                                                                                                                            Entropy (8bit):6.588267640761022
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:txlkWthW2Wf9BvVVWQ4SWBBBuUgxfzfqnaj0OTWv:txlkWthW7NkIrloFv
                                                                                                                                                            MD5:73433EBFC9A47ED16EA544DDD308EAF8
                                                                                                                                                            SHA1:AC1DA1378DD79762C6619C9A63FD1EBE4D360C6F
                                                                                                                                                            SHA-256:C43075B1D2386A8A262DE628C93A65350E52EAE82582B27F879708364B978E29
                                                                                                                                                            SHA-512:1C28CC0D3D02D4C308A86E9D0BC2DA88333DFA8C92305EC706F3E389F7BB6D15053040AFD1C4F0AA3383F3549495343A537D09FE882DB6ED12B7507115E5A263
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....pi..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..<...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11728
                                                                                                                                                            Entropy (8bit):6.678828474114903
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:4TWthWckWf9BvVVWQ4mWQAyUD7DiqnajKswzjdg:4TWthWcRNqGlGswzji
                                                                                                                                                            MD5:7C7B61FFA29209B13D2506418746780B
                                                                                                                                                            SHA1:08F3A819B5229734D98D58291BE4BFA0BEC8F761
                                                                                                                                                            SHA-256:C23FE8D5C3CA89189D11EC8DF983CC144D168CB54D9EAB5D9532767BCB2F1FA3
                                                                                                                                                            SHA-512:6E5E3485D980E7E2824665CBFE4F1619B3E61CE3BCBF103979532E2B1C3D22C89F65BCFBDDBB5FE88CDDD096F8FD72D498E8EE35C3C2307BACECC6DEBBC1C97F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....|............" .........................................................0.......3....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12752
                                                                                                                                                            Entropy (8bit):6.602852377056617
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:Us13vuBL3B5LoWthW7Wf9BvVVWQ4mWgB7OQP+CjAWqnajKsN9arO:Us13vuBL3B2WthWmNVXP+CcWlGsN9P
                                                                                                                                                            MD5:6D0550D3A64BD3FD1D1B739133EFB133
                                                                                                                                                            SHA1:C7596FDE7EA1C676F0CC679CED8BA810D15A4AFE
                                                                                                                                                            SHA-256:F320F9C0463DE641B396CE7561AF995DE32211E144407828B117088CF289DF91
                                                                                                                                                            SHA-512:5DA9D490EF54A1129C94CE51349399B9012FC0D4B575AE6C9F1BAFCFCF7F65266F797C539489F882D4AD924C94428B72F5137009A851ECB541FE7FB9DE12FEB2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...]. ,.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14800
                                                                                                                                                            Entropy (8bit):6.528059454770997
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:On2OMw3zdp3bwjGfue9/0jCRrndbZWWthWdNHhfVlGsSH:/OMwBprwjGfue9/0jCRrndbLEKv
                                                                                                                                                            MD5:1ED0B196AB58EDB58FCF84E1739C63CE
                                                                                                                                                            SHA1:AC7D6C77629BDEE1DF7E380CC9559E09D51D75B7
                                                                                                                                                            SHA-256:8664222823E122FCA724620FD8B72187FC5336C737D891D3CEF85F4F533B8DE2
                                                                                                                                                            SHA-512:E1FA7F14F39C97AAA3104F3E13098626B5F7CFD665BA52DCB2312A329639AAF5083A9177E4686D11C4213E28ACC40E2C027988074B6CC13C5016D5C5E9EF897B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...w............" .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12240
                                                                                                                                                            Entropy (8bit):6.659218747104705
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:2E+tWthWvWf9BvVVWQ4mWxHD7DiqnajKswzGIAf:T+tWthWiNcGlGswzLAf
                                                                                                                                                            MD5:721BAEA26A27134792C5CCC613F212B2
                                                                                                                                                            SHA1:2A27DCD2436DF656A8264A949D9CE00EAB4E35E8
                                                                                                                                                            SHA-256:5D9767D8CCA0FBFD5801BFF2E0C2ADDDD1BAAAA8175543625609ABCE1A9257BD
                                                                                                                                                            SHA-512:9FD6058407AA95058ED2FDA9D391B7A35FA99395EC719B83C5116E91C9B448A6D853ECC731D0BDF448D1436382EECC1FA9101F73FA242D826CC13C4FD881D9BD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...,OT..........." .........................................................0...........`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11728
                                                                                                                                                            Entropy (8bit):6.739082809754283
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:vdWthW8Wf9BvVVWQ4mWG2P+CjAWqnajKsNt:lWthWJNUP+CcWlGsNt
                                                                                                                                                            MD5:B3F887142F40CB176B59E58458F8C46D
                                                                                                                                                            SHA1:A05948ABA6F58EB99BBAC54FA3ED0338D40CBFAD
                                                                                                                                                            SHA-256:8E015CDF2561450ED9A0773BE1159463163C19EAB2B6976155117D16C36519DA
                                                                                                                                                            SHA-512:7B762319EC58E3FCB84B215AE142699B766FA9D5A26E1A727572EE6ED4F5D19C859EFB568C0268846B4AA5506422D6DD9B4854DA2C9B419BFEC754F547203F7E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.j..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12752
                                                                                                                                                            Entropy (8bit):6.601112204637961
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:GFPWthW5Wf9BvVVWQ4mWc0ZD7DiqnajKswzczr:GFPWthWsNiGlGswzq
                                                                                                                                                            MD5:89F35CB1212A1FD8FBE960795C92D6E8
                                                                                                                                                            SHA1:061AE273A75324885DD098EE1FF4246A97E1E60C
                                                                                                                                                            SHA-256:058EB7CE88C22D2FF7D3E61E6593CA4E3D6DF449F984BF251D9432665E1517D1
                                                                                                                                                            SHA-512:F9E81F1FEAB1535128B16E9FF389BD3DAAAB8D1DABF64270F9E563BE9D370C023DE5D5306DD0DE6D27A5A099E7C073D17499442F058EC1D20B9D37F56BCFE6D2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...ig............" .........................................................0......H.....`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14288
                                                                                                                                                            Entropy (8bit):6.521808801015781
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:/uUk1Jzb9cKcIzWthWzaWf9BvVVWQ4mWmrcLUVT/gqnajKsrCOV:/bk1JzBcKcIzWthWzXNz1IlGsrCOV
                                                                                                                                                            MD5:0C933A4B3C2FCF1F805EDD849428C732
                                                                                                                                                            SHA1:B8B19318DBB1D2B7D262527ABD1468D099DE3FB6
                                                                                                                                                            SHA-256:A5B733E3DCE21AB62BD4010F151B3578C6F1246DA4A96D51AC60817865648DD3
                                                                                                                                                            SHA-512:B25ED54345A5B14E06AA9DADD07B465C14C23225023D7225E04FBD8A439E184A7D43AB40DF80E3F8A3C0F2D5C7A79B402DDC6B9093D0D798E612F4406284E39D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....U..........." .........................................................0......Y.....`A........................................p................ ...................!..............p............................................................................rdata..4...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12240
                                                                                                                                                            Entropy (8bit):6.671157737548847
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:7oDfIeVWthWZWf9BvVVWQ4mWaHvP+CjAWqnajKsNZ:7oDfIeVWthWMNVP+CcWlGsNZ
                                                                                                                                                            MD5:7E8B61D27A9D04E28D4DAE0BFA0902ED
                                                                                                                                                            SHA1:861A7B31022915F26FB49C79AC357C65782C9F4B
                                                                                                                                                            SHA-256:1EF06C600C451E66E744B2CA356B7F4B7B88BA2F52EC7795858D21525848AC8C
                                                                                                                                                            SHA-512:1C5B35026937B45BEB76CB8D79334A306342C57A8E36CC15D633458582FC8F7D9AB70ACE7A92144288C6C017F33ECFC20477A04432619B40A21C9CDA8D249F6D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......N.....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11728
                                                                                                                                                            Entropy (8bit):6.599056003106114
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:gR7WthWTVWf9BvVVWQ4mWg2a5P+CjAWqnajKsNQbWl:gVWthWkN/P+CcWlGsNMg
                                                                                                                                                            MD5:8D12FFD920314B71F2C32614CC124FEC
                                                                                                                                                            SHA1:251A98F2C75C2E25FFD0580F90657A3EA7895F30
                                                                                                                                                            SHA-256:E63550608DD58040304EA85367E9E0722038BA8E7DC7BF9D91C4D84F0EC65887
                                                                                                                                                            SHA-512:5084C739D7DE465A9A78BCDBB8A3BD063B84A68DCFD3C9EF1BFA224C1CC06580E2A2523FD4696CFC48E9FD068A2C44DBC794DD9BDB43DC74B4E854C82ECD3EA5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....X4.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12240
                                                                                                                                                            Entropy (8bit):6.602527553095181
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:zGeVfcWthW+Wf9BvVVWQ4mWMiSID7DiqnajKswz5g:zGeVfcWthWjN6SIGlGswza
                                                                                                                                                            MD5:9FA3FC24186D912B0694A572847D6D74
                                                                                                                                                            SHA1:93184E00CBDDACAB7F2AD78447D0EAC1B764114D
                                                                                                                                                            SHA-256:91508AB353B90B30FF2551020E9755D7AB0E860308F16C2F6417DFB2E9A75014
                                                                                                                                                            SHA-512:95AD31C9082F57EA57F5B4C605331FCAD62735A1862AFB01EF8A67FEA4E450154C1AE0C411CF3AC5B9CD35741F8100409CC1910F69C1B2D807D252389812F594
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....P..........." .........................................................0.......`....`A........................................p................ ...................!..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11728
                                                                                                                                                            Entropy (8bit):6.6806369134652055
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:qyMv0WthWPWf9BvVVWQ4mWIv/r+YVqnajKsSF:qyMv0WthWCNBfVlGsSF
                                                                                                                                                            MD5:C9CBAD5632D4D42A1BC25CCFA8833601
                                                                                                                                                            SHA1:09F37353A89F1BFE49F7508559DA2922B8EFEB05
                                                                                                                                                            SHA-256:F3A7A9C98EBE915B1B57C16E27FFFD4DDF31A82F0F21C06FE292878E48F5883E
                                                                                                                                                            SHA-512:2412E0AFFDC6DB069DE7BD9666B7BAA1CD76AA8D976C9649A4C2F1FFCE27F8269C9B02DA5FD486EC86B54231B1A5EBF6A1C72790815B7C253FEE1F211086892F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....E.=.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..,...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13776
                                                                                                                                                            Entropy (8bit):6.573983778839785
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:miwidv3V0dfpkXc0vVauzIWthWLN3fVlGsStY:nHdv3VqpkXc0vVaKbiYlY
                                                                                                                                                            MD5:4CCDE2D1681217E282996E27F3D9ED2E
                                                                                                                                                            SHA1:8EDA134B0294ED35E4BBAC4911DA620301A3F34D
                                                                                                                                                            SHA-256:D6708D1254ED88A948871771D6D1296945E1AA3AEB7E33E16CC378F396C61045
                                                                                                                                                            SHA-512:93FE6AE9A947AC88CC5ED78996E555700340E110D12B2651F11956DB7CEE66322C269717D31FCCB31744F4C572A455B156B368F08B70EDA9EFFEC6DE01DBAB23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k,..........." .........................................................0......3.....`A........................................p...X............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12240
                                                                                                                                                            Entropy (8bit):6.7137872023984055
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:TtZ3KjWthWzWf9BvVVWQ4mWXU0P+CjAWqnajKsN2v:TtZ3KjWthWeNwP+CcWlGsNa
                                                                                                                                                            MD5:E86CFC5E1147C25972A5EEFED7BE989F
                                                                                                                                                            SHA1:0075091C0B1F2809393C5B8B5921586BDD389B29
                                                                                                                                                            SHA-256:72C639D1AFDA32A65143BCBE016FE5D8B46D17924F5F5190EB04EFE954C1199A
                                                                                                                                                            SHA-512:EA58A8D5AA587B7F5BDE74B4D394921902412617100ED161A7E0BEF6B3C91C5DAE657065EA7805A152DD76992997017E070F5415EF120812B0D61A401AA8C110
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...jN/..........." .........................................................0............`A........................................p...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12768
                                                                                                                                                            Entropy (8bit):6.614330511483598
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:vgdKIMFYJWthW2Wf9BvVVWQ4SW2zZ7uUgxfzfqnaj0OGWh:0hJWthW7NBzIrloYh
                                                                                                                                                            MD5:206ADCB409A1C9A026F7AFDFC2933202
                                                                                                                                                            SHA1:BB67E1232A536A4D1AE63370BD1A9B5431335E77
                                                                                                                                                            SHA-256:76D8E4ED946DEEFEEFA0D0012C276F0B61F3D1C84AF00533F4931546CBB2F99E
                                                                                                                                                            SHA-512:727AA0C4CD1A0B7E2AFFDCED5DA3A0E898E9BAE3C731FF804406AD13864CEE2B27E5BAAC653BAB9A0D2D961489915D4FCAD18557D4383ECB0A066902276955A7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....~y..........." .........................................................0............`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12240
                                                                                                                                                            Entropy (8bit):6.704366348384627
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:Ha2WthWKOWf9BvVVWQ4mWNOrVT/gqnajKsrCkb:Ha2WthWKTNz1IlGsrCo
                                                                                                                                                            MD5:91A2AE3C4EB79CF748E15A58108409AD
                                                                                                                                                            SHA1:D402B9DF99723EA26A141BFC640D78EAF0B0111B
                                                                                                                                                            SHA-256:B0EDA99EABD32FEFECC478FD9FE7439A3F646A864FDAB4EC3C1F18574B5F8B34
                                                                                                                                                            SHA-512:8527AF610C1E2101B6F336A142B1A85AC9C19BB3AF4AD4A245CFB6FD602DC185DA0F7803358067099475102F3A8F10A834DC75B56D3E6DED2ED833C00AD217ED
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....%j.........." .........................................................0......|B....`A........................................p...P............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11728
                                                                                                                                                            Entropy (8bit):6.623077637622405
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:jWthWYWf9BvVVWQ4mWd8l1P+CjAWqnajKsNeCw:jWthW9NnP+CcWlGsNex
                                                                                                                                                            MD5:1E4C4C8E643DE249401E954488744997
                                                                                                                                                            SHA1:DB1C4C0FC907100F204B21474E8CD2DB0135BC61
                                                                                                                                                            SHA-256:F28A8FE2CD7E8E00B6D2EC273C16DB6E6EEA9B6B16F7F69887154B6228AF981E
                                                                                                                                                            SHA-512:EF8411FD321C0E363C2E5742312CC566E616D4B0A65EFF4FB6F1B22FDBEA3410E1D75B99E889939FF70AD4629C84CEDC88F6794896428C5F0355143443FDC3A3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....R..........." .........................................................0............`A........................................p...<............ ...................!..............p............................................................................rdata..p...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12752
                                                                                                                                                            Entropy (8bit):6.643812426159955
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:fSWthWvWf9BvVVWQ4mWFl5P+CjAWqnajKsNifl:aWthWiN+5P+CcWlGsNiN
                                                                                                                                                            MD5:FA770BCD70208A479BDE8086D02C22DA
                                                                                                                                                            SHA1:28EE5F3CE3732A55CA60AEE781212F117C6F3B26
                                                                                                                                                            SHA-256:E677497C1BAEFFFB33A17D22A99B76B7FA7AE7A0C84E12FDA27D9BE5C3D104CF
                                                                                                                                                            SHA-512:F8D81E350CEBDBA5AFB579A072BAD7986691E9F3D4C9FEBCA8756B807301782EE6EB5BA16B045CFA29B6E4F4696E0554C718D36D4E64431F46D1E4B1F42DC2B8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................" .........................................................0......l.....`A........................................P................ ...................!..............p............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):15824
                                                                                                                                                            Entropy (8bit):6.438848882089563
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:yjQ/w8u4cyNWthWYWf9BvVVWQ4mWhu1BVT/gqnajKsrC74m:8yNWthW9Np1IlGsrCEm
                                                                                                                                                            MD5:4EC4790281017E616AF632DA1DC624E1
                                                                                                                                                            SHA1:342B15C5D3E34AB4AC0B9904B95D0D5B074447B7
                                                                                                                                                            SHA-256:5CF5BBB861608131B5F560CBF34A3292C80886B7C75357ACC779E0BF98E16639
                                                                                                                                                            SHA-512:80C4E20D37EFF29C7577B2D0ED67539A9C2C228EDB48AB05D72648A6ED38F5FF537715C130342BEB0E3EF16EB11179B9B484303354A026BDA3A86D5414D24E69
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....P............" .........................................................@............`A........................................P................0...................!..............p............................................................................rdata..>...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12240
                                                                                                                                                            Entropy (8bit):6.6061629057490245
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:vWOPWthWAWf9BvVVWQ4mWWbgftmP+CjAWqnajKsNURPblh:BWthWFN+f8P+CcWlGsNURzv
                                                                                                                                                            MD5:7A859E91FDCF78A584AC93AA85371BC9
                                                                                                                                                            SHA1:1FA9D9CAD7CC26808E697373C1F5F32AAF59D6B7
                                                                                                                                                            SHA-256:B7EE468F5B6C650DADA7DB3AD9E115A0E97135B3DF095C3220DFD22BA277B607
                                                                                                                                                            SHA-512:A368F21ECA765AFCA86E03D59CF953500770F4A5BFF8B86B2AC53F1B5174C627E061CE9A1F781DC56506774E0D0B09725E9698D4DC2D3A59E93DA7EF3D900887
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...t............." .........................................................0......H.....`A........................................P..."............ ...................!..............p............................................................................rdata..r...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13776
                                                                                                                                                            Entropy (8bit):6.65347762698107
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:WxSnWlC0i5ClWthWTWf9BvVVWQ4mW+hkKVT/gqnajKsrCw/:WxSnWm5ClWthW+NkK1IlGsrCY
                                                                                                                                                            MD5:972544ADE7E32BFDEB28B39BC734CDEE
                                                                                                                                                            SHA1:87816F4AFABBDEC0EC2CFEB417748398505C5AA9
                                                                                                                                                            SHA-256:7102F8D9D0F3F689129D7FE071B234077FBA4DD3687071D1E2AEAA137B123F86
                                                                                                                                                            SHA-512:5E1131B405E0C7A255B1C51073AFF99E2D5C0D28FD3E55CABC04D463758A575A954008EA1BA5B4E2B345B49AF448B93AD21DFC4A01573B3CB6E7256D9ECCEEF1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...1............" .........................................................0......':....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12752
                                                                                                                                                            Entropy (8bit):6.58394079658593
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:YFY17aFBRQWthWIWf9BvVVWQ4mWHhOP+CjAWqnajKsNngJ:YQtWthWNNdP+CcWlGsNI
                                                                                                                                                            MD5:8906279245F7385B189A6B0B67DF2D7C
                                                                                                                                                            SHA1:FCF03D9043A2DAAFE8E28DEE0B130513677227E4
                                                                                                                                                            SHA-256:F5183B8D7462C01031992267FE85680AB9C5B279BEDC0B25AB219F7C2184766F
                                                                                                                                                            SHA-512:67CAC89AE58CC715976107F3BDF279B1E78945AFD07E6F657E076D78E92EE1A98E3E7B8FEAE295AF5CE35E00C804F3F53A890895BADB1EED32377D85C21672B9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0.......l....`A........................................P................ ...................!..............p............................................................................rdata..f...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12240
                                                                                                                                                            Entropy (8bit):6.696904963591775
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:m8qWthWLWf9BvVVWQ4WWLXlyBZr+YVqnajKsS1:mlWthWWN0uZfVlGsS1
                                                                                                                                                            MD5:DD8176E132EEDEA3322443046AC35CA2
                                                                                                                                                            SHA1:D13587C7CC52B2C6FBCAA548C8ED2C771A260769
                                                                                                                                                            SHA-256:2EB96422375F1A7B687115B132A4005D2E7D3D5DC091FB0EB22A6471E712848E
                                                                                                                                                            SHA-512:77CB8C44C8CC8DD29997FBA4424407579AC91176482DB3CF7BC37E1F9F6AA4C4F5BA14862D2F3A9C05D1FDD7CA5A043B5F566BD0E9A9E1ED837DA9C11803B253
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...r..[.........." .........................................................0.......P....`A........................................P...e............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):20944
                                                                                                                                                            Entropy (8bit):6.216554714002396
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:rQM4Oe59Ckb1hgmLRWthW0N0JBJ1IlGsrC5W:sMq59Bb1jYNABHJc
                                                                                                                                                            MD5:A6A3D6D11D623E16866F38185853FACD
                                                                                                                                                            SHA1:FBEADD1E9016908ECCE5753DE1D435D6FCF3D0B5
                                                                                                                                                            SHA-256:A768339F0B03674735404248A039EC8591FCBA6FF61A3C6812414537BADD23B0
                                                                                                                                                            SHA-512:ABBF32CEB35E5EC6C1562F9F3B2652B96B7DBD97BFC08D918F987C0EC0503E8390DD697476B2A2389F0172CD8CF16029FD2EC5F32A9BA3688BF2EBEEFB081B2C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........,...............................................P............`A........................................P....%...........@...............0...!..............p............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12752
                                                                                                                                                            Entropy (8bit):6.604643094751227
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:uFdyqjd7NWthWxWf9BvVVWQ4mW+JZD7DiqnajKswzR1:YQsWthWkNfZGlGswzR1
                                                                                                                                                            MD5:074B81A625FB68159431BB556D28FAB5
                                                                                                                                                            SHA1:20F8EAD66D548CFA861BC366BB1250CED165BE24
                                                                                                                                                            SHA-256:3AF38920E767BD9EBC08F88EAF2D08C748A267C7EC60EAB41C49B3F282A4CF65
                                                                                                                                                            SHA-512:36388C3EFFA0D94CF626DECAA1DA427801CC5607A2106ABDADF92252C6F6FD2CE5BF0802F5D0A4245A1FFDB4481464C99D60510CF95E83EBAF17BD3D6ACBC3DC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u..........." .........................................................0............`A........................................P...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16336
                                                                                                                                                            Entropy (8bit):6.449023660091811
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:eUW9MPrpJhhf4AN5/KihWthWBWf9BvVVWQ4mWRXwsD7DiqnajKswzK:eUZr7HWthWUNkGlGswzK
                                                                                                                                                            MD5:F1A23C251FCBB7041496352EC9BCFFBE
                                                                                                                                                            SHA1:BE4A00642EC82465BC7B3D0CC07D4E8DF72094E8
                                                                                                                                                            SHA-256:D899C2F061952B3B97AB9CDBCA2450290B0F005909DDD243ED0F4C511D32C198
                                                                                                                                                            SHA-512:31F8C5CD3B6E153073E2E2EDF0CA8072D0F787784F1611A57219349C1D57D6798A3ADBD6942B0F16CEF781634DD8691A5EC0B506DF21B24CB70AEE5523A03FD9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....h.y.........." .........................................................@............`A........................................P...4............0...................!..............p............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):17872
                                                                                                                                                            Entropy (8bit):6.3934828478655685
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:hA2uWYFxEpahDWthWDWf9BvVVWQ4mWR3ir+YVqnajKsSO:hIFVhDWthWONlfVlGsSO
                                                                                                                                                            MD5:55B2EB7F17F82B2096E94BCA9D2DB901
                                                                                                                                                            SHA1:44D85F1B1134EE7A609165E9C142188C0F0B17E0
                                                                                                                                                            SHA-256:F9D3F380023A4C45E74170FE69B32BCA506EE1E1FBE670D965D5B50C616DA0CB
                                                                                                                                                            SHA-512:0CF0770F5965A83F546253DECFA967D8F85C340B5F6EA220D3CAA14245F3CDB37C53BF8D3DA6C35297B22A3FA88E7621202634F6B3649D7D9C166A221D3456A5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......w.........." ......... ...............................................@......>>....`A........................................P...a............0...............$...!..............p............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):18384
                                                                                                                                                            Entropy (8bit):6.279474608881223
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:jvEvevdv8vPozmVx0C5yguNvZ5VQgx3SbwA7yMVIkFGlPWthWXNjqujGlGswz7:2ozmT5yguNvZ5VQgx3SbwA71IkFFaJft
                                                                                                                                                            MD5:9B79965F06FD756A5EFDE11E8D373108
                                                                                                                                                            SHA1:3B9DE8BF6B912F19F7742AD34A875CBE2B5FFA50
                                                                                                                                                            SHA-256:1A916C0DB285DEB02C0B9DF4D08DAD5EA95700A6A812EA067BD637A91101A9F6
                                                                                                                                                            SHA-512:7D4155C00D65C3554E90575178A80D20DC7C80D543C4B5C4C3F508F0811482515638FE513E291B82F958B4D7A63C9876BE4E368557B07FF062961197ED4286FB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...$............" ........."...............................................@............`A........................................P................0...............&...!..............p............................................................................rdata../...........................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14288
                                                                                                                                                            Entropy (8bit):6.547753630184197
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:ENDCWthWHWf9BvVVWQ4mWG5xqcVT/gqnajKsrC/V:TWthW6N/xqc1IlGsrC/V
                                                                                                                                                            MD5:1D48A3189A55B632798F0E859628B0FB
                                                                                                                                                            SHA1:61569A8E4F37ADC353986D83EFC90DC043CDC673
                                                                                                                                                            SHA-256:B56BC94E8539603DD2F0FEA2F25EFD17966315067442507DB4BFFAFCBC2955B0
                                                                                                                                                            SHA-512:47F329102B703BFBB1EBAEB5203D1C8404A0C912019193C93D150A95BB0C5BA8DC101AC56D3283285F9F91239FC64A66A5357AFE428A919B0BE7194BADA1F64F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...E............" .........................................................0......f.....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):12240
                                                                                                                                                            Entropy (8bit):6.686357863452704
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:ZjfHQdufWthWCWf9BvVVWQ4mWMlUteSP+CjAWqnajKsN0c:ZfZWthW/Nd4P+CcWlGsN0c
                                                                                                                                                            MD5:DBC27D384679916BA76316FB5E972EA6
                                                                                                                                                            SHA1:FB9F021F2220C852F6FF4EA94E8577368F0616A4
                                                                                                                                                            SHA-256:DD14133ADF5C534539298422F6C4B52739F80ACA8C5A85CA8C966DEA9964CEB1
                                                                                                                                                            SHA-512:CC0D8C56749CCB9D007B6D3F5C4A8F1D4E368BB81446EBCD7CC7B40399BBD56D0ACABA588CA172ECB7472A8CBDDBD4C366FFA38094A832F6D7E343B813BA565E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....@n#.........." .........................................................0............`A........................................P...^............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\base_library.zip

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):831584
                                                                                                                                                            Entropy (8bit):5.700271369361031
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:PEHYKPY+WygVqFcIWuA4a2YCddVw9lfJEawKxSRMNu4:PEHYMVgWLa2XVw9lfJEawKIMNu4
                                                                                                                                                            MD5:7719A70E13EA044395004367AD974E87
                                                                                                                                                            SHA1:79B8E8566CE74706773D8F57FDC29B0C84B36E82
                                                                                                                                                            SHA-256:01A29D17FD7833D475D0004426315DDE5823916E6329E9FCED9BC425EA4630A5
                                                                                                                                                            SHA-512:31165C9C82FFE8F48FAC297A20FFD569E6D8CA79F15E1C47564CD215E1ECFD295ECA3AECCF5651AD25BF46A99BAE63EFD85F6BDB295B4BA4367214A5D37F63BE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:PK..........!."..u............_collections_abc.pyco........k..u.s{.....................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\certifi\cacert.pem

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):285222
                                                                                                                                                            Entropy (8bit):6.049584029751259
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:QW1H/M8f9R0mNpliXCRrwADwYCuMEigT/Q5MSRqNb7d8l:QWN/vRLNL4CRrBC5MWavd0
                                                                                                                                                            MD5:B18E918767D99291F8771414B76A8E65
                                                                                                                                                            SHA1:EA544791B23E4A8F47ACE99B9D08B3609D511293
                                                                                                                                                            SHA-256:A59FDE883A0EF9D74AB9DAD009689E00173D28595B57416C98B2EE83280C6E4C
                                                                                                                                                            SHA-512:78A4EAC65754FB8D37C1DA85534D6E1DD0EB2B3535EF59D75C34A91D716AFC94258599B1078C03A4B81E142945B13E671EC46B5F2FCB8C8C46150AE7506E0D8D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):9611776
                                                                                                                                                            Entropy (8bit):7.132840075726061
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:HVkWIClCGc1roEcdyWkPZA0E6666666666666666666666666666666x6666666p:HVvHrIBqLJs/PfRMFpc5WnJJSDLmR
                                                                                                                                                            MD5:9852F17EAD7D340A03B4E559F8D47F66
                                                                                                                                                            SHA1:4BEE6349D6A5D79FDAAEBB8AC117170A75BCE2AC
                                                                                                                                                            SHA-256:3AEA9B61FB3A2364B6C01A862CB4A5343B586A6D3198F8C1446672718EE9DE40
                                                                                                                                                            SHA-512:0B89C64D12076CC23AC253EA59AB4B0BBF44D1F113458AC4057D492815250D3190008A07A1B3B1C1A2DC942B9D0DB9EBA9E6CF97EEF995B5B9082DD518A424B7
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....8._..........".......f...+.......c...........@.......................................@.............................Y...m...@....................................................................f...............................................text.....f.......f................. ..`.rdata..d.(...f...(...f.............@..@.data........p...2...\..............@....00cfg.......0......................@..@.rodata......@...................... ..`.tls.........`......................@....voltbl.X....p..........................CPADinfo(...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\libcrypto-1_1.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3439512
                                                                                                                                                            Entropy (8bit):6.096012359425593
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
                                                                                                                                                            MD5:AB01C808BED8164133E5279595437D3D
                                                                                                                                                            SHA1:0F512756A8DB22576EC2E20CF0CAFEC7786FB12B
                                                                                                                                                            SHA-256:9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
                                                                                                                                                            SHA-512:4043CDA02F6950ABDC47413CFD8A0BA5C462F16BCD4F339F9F5A690823F4D0916478CAB5CAE81A3D5B03A8A196E17A716B06AFEE3F92DEC3102E3BBC674774F2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........R.m.R.m.R.m.[...@.m.0.l.P.m.0.h.^.m.0.i.Z.m.0.n.V.m.R.l..m..l.Y.m...n.O.m...i.+.m...m.S.m....S.m...o.S.m.RichR.m.........................PE..d...`.0b.........." ......$...................................................5......4...`..........................................x/..h...:4.@....p4.|....p2.8....\4.......4..O....,.8...........................`.,.@............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......p2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..u....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\libssl-1_1.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):698784
                                                                                                                                                            Entropy (8bit):5.533720236597082
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz
                                                                                                                                                            MD5:DE72697933D7673279FB85FD48D1A4DD
                                                                                                                                                            SHA1:085FD4C6FB6D89FFCC9B2741947B74F0766FC383
                                                                                                                                                            SHA-256:ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
                                                                                                                                                            SHA-512:0FD4678C65DA181D7C27B19056D5AB0E5DD0E9714E9606E524CDAD9E46EC4D0B35FE22D594282309F718B30E065F6896674D3EDCE6B3B0C8EB637A3680715C2C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.T.?.:.?.:.?.:.6f..3.:.]f;.=.:..l;.=.:.]f?.3.:.]f>.7.:.]f9.;.:..g;.<.:.?.;...:..g>...:..g:.>.:..g.>.:..g8.>.:.Rich?.:.........PE..d.....0b.........." .....<...T......<................................................[....`.........................................00...N..HE..........s.......|M..............h... ...8...............................@............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..u............d..............@..@.rsrc...s............f..............@..@.reloc..a............n..............@..B................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\pyexpat.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):194000
                                                                                                                                                            Entropy (8bit):6.329514930714924
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:7nQ4xikRdMcLkEI0YULfRVCAdfaYXySx2aQzMad42xy+YqNgrKqNrEqNTqNkypFd:7Q4b3MokE9VRUAdfaYXHQzM+Dy+UrZMj
                                                                                                                                                            MD5:8B9855E1B442B22984DC07A8C6D9D2ED
                                                                                                                                                            SHA1:2E708FBF1344731BCA3C603763E409190C019D7F
                                                                                                                                                            SHA-256:4D0F50757A4D9ABE249BD7EBEA35243D4897911A72DE213DDB6C6945FEF49E06
                                                                                                                                                            SHA-512:59CA1CBC51A0B9857E921E769587B021BC3F157D8680BB8F7D7F99DEB90405DB92051E9BE8891399379D918AFC5D8CB36123297D748C5265AE0855613B277809
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B.J.B.J.B.J.::J.B.J.7.K.B.J.7.K.B.J.7.K.B.J.7.K.B.J`7.K.B.J.0.K.B.J.B.J.B.J`7.K.B.J`7.K.B.J`7VJ.B.J`7.K.B.JRich.B.J........PE..d...T.;b.........." ......................................................................`.........................................p...P............................................4..T...........................P5..8............ ...............................text............................... ..`.rdata...... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\python310.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4445648
                                                                                                                                                            Entropy (8bit):6.4546320595851725
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:49152:kAz5zjppNAQdRnpoFPN7RhvPSUrRBthux243ahuxZplZTJycg7gpP7Bz5AIu35H8:9NPNE1NJpGgk7J3uJHsMraSSFP+4j
                                                                                                                                                            MD5:A1185BEF38FDBA5E3FE6A71F93A9D142
                                                                                                                                                            SHA1:E2B40F5E518AD000002B239A84C153FDC35DF4EB
                                                                                                                                                            SHA-256:8D0BEC69554317CCF1796C505D749D5C9F3BE74CCBFCE1D9E4D5FE64A536AE9E
                                                                                                                                                            SHA-512:CB9BAEA9B483B9153EFE2F453D6AC0F0846B140E465D07244F651C946900BFCD768A6B4C0C335ECEBB45810BF08B7324501EA22B40CC7061B2F2BB98ED7897F4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4...4...4...A...4...[n..4...A...4...A...4...A...4...L...4..mF...4...4...5...A..~4...A...4...Al..4...A...4..Rich.4..................PE..d...8.;b.........." .....J#..\!...............................................D.......D...`..........................................<......g=.|....PD......0B.......C......`D..t..@.$.T.............................$.8............`#.(............................text....H#......J#................. ..`.rdata...*...`#..,...N#.............@..@.data.........=......z=.............@....pdata.......0B......&A.............@..@PyRuntim`....@D......2C.............@....rsrc........PD......6C.............@..@.reloc...t...`D..v...@C.............@..B................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\select.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):26064
                                                                                                                                                            Entropy (8bit):6.3375169098613195
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:dPjk/7e12hwheCnHqJYBsVRXFIM7Gh+IYiSy1pCQyvUhD:NUC2hwhjHqWYVFIM7GdYiSyvdhD
                                                                                                                                                            MD5:63EDE3C60EE921074647EC0278E6AA45
                                                                                                                                                            SHA1:A02C42D3849AD8C03CE60F2FD1797B1901441F26
                                                                                                                                                            SHA-256:CB643556C2DCDB957137B25C8A33855067E0D07547E547587C9886238253BFE5
                                                                                                                                                            SHA-512:D0BABC48B0E470ABDAFAD6205CC0824EEC66DBB5BFF771CEE6D99A0577373A2DE2FFAB93E86C42C7642E49999A03546F94E7630D3C58DB2CFF8F26DEBC67FCAD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...N...N...N.......N...O...N...K...N...J...N...M...N.O.O...N...O...N.!.O...N.O.C...N.O.N...N.O.....N.O.L...N.Rich..N.........................PE..d...P.;b.........." .........0......................................................#{....`.........................................`@..L....@..x....p.......`.......F..........H....2..T............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..H............D..............@..B................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\selenium\webdriver\common\mutation-listener.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1944
                                                                                                                                                            Entropy (8bit):4.675116854336413
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:G+SxKWxZZCg10kH11G4UQzNgxgWLlAziLhVGYTo:G+SQWbZC8hHnG4JRgxgWOJ
                                                                                                                                                            MD5:81F59E36BDE07E051C3CB92A4986B327
                                                                                                                                                            SHA1:676E0A28A5A1353E89469ACAAD1B08ADC62C795D
                                                                                                                                                            SHA-256:2C2083C9A49F65C510D68D3620A57D4DFEDC8DC0FCC32524C1CCB11C6329EA07
                                                                                                                                                            SHA-512:02562FC9AC369BC1994934B371DB8D550638430CBC7F7729DD7B3A95E90F4E53A205A62318803D021041DE362B0ED47752AD910CBDC742BEF6645A20AA96A1FA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:// Licensed to the Software Freedom Conservancy (SFC) under one.// or more contributor license agreements. See the NOTICE file.// distributed with this work for additional information.// regarding copyright ownership. The SFC licenses this file.// to you under the Apache License, Version 2.0 (the.// "License"); you may not use this file except in compliance.// with the License. You may obtain a copy of the License at.//.// http://www.apache.org/licenses/LICENSE-2.0.//.// Unless required by applicable law or agreed to in writing,.// software distributed under the License is distributed on an.// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY.// KIND, either express or implied. See the License for the.// specific language governing permissions and limitations.// under the License...(function () {. const observer = new MutationObserver((mutations) => {. for (const mutation of mutations) {. switch (mutation.type) {. case 'attributes':. // Don't report

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\selenium\webdriver\firefox\webdriver_prefs.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2826
                                                                                                                                                            Entropy (8bit):4.690644304617203
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:9SVI+Lhz3Oa0KUP8OZsUR4lckTgo6OxRLi//FPa+tLkglKgfgfOHSllrK/rTDzL+:/+trOa0KUP8OZ4ZUFPa+tAFEkOy7aTD+
                                                                                                                                                            MD5:648D3DABABB0C714EE9A2D4A8FA4E39F
                                                                                                                                                            SHA1:762AC0A8D883C8C05059F1815A35F6B55464B7C2
                                                                                                                                                            SHA-256:946ADD298A5E2346E3D53D1CBE8AD7C33E4994130511F6D8B79268BE50B7A34C
                                                                                                                                                            SHA-512:51B2ED36C8BB61EBA99406492B2F6928DB0DB413A8F60E30FDAB74D689247B8C83F0E790D8F6AEE370E0F2E27FD565F4A87608CDC547C752514F1476E6DC89AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{. "frozen": {. "app.update.auto": false,. "app.update.enabled": false,. "browser.displayedE10SNotice": 4,. "browser.download.manager.showWhenStarting": false,. "browser.EULA.override": true,. "browser.EULA.3.accepted": true,. "browser.link.open_external": 2,. "browser.link.open_newwindow": 2,. "browser.offline": false,. "browser.reader.detectedFirstArticle": true,. "browser.safebrowsing.enabled": false,. "browser.safebrowsing.malware.enabled": false,. "browser.search.update": false,. "browser.selfsupport.url" : "",. "browser.sessionstore.resume_from_crash": false,. "browser.shell.checkDefaultBrowser": false,. "browser.tabs.warnOnClose": false,. "browser.tabs.warnOnOpen": false,. "datareporting.healthreport.service.enabled": false,. "datareporting.healthreport.uploadEnabled": false,. "datareporting.healthreport.service.firstRun": false,. "datareporting.healthreport.logging.consoleEnabled": false,. "datareporting.poli

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\selenium\webdriver\remote\findElements.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:ASCII text, with very long lines
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):53824
                                                                                                                                                            Entropy (8bit):5.477971537716615
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:AXJFPWr+DEqXMn9XM3UkGdEMT8TZZ/6B0clWuF2ZCtYuSn6B:ITU7dW62clW02s3
                                                                                                                                                            MD5:9E69F9A88022723BC82E0591C5E157C4
                                                                                                                                                            SHA1:C081C09A148FE317F740A3F0054DF6579BF60A96
                                                                                                                                                            SHA-256:79C706A9230B156A30EE530803CFD87C0AC06BA5FECFED2243D1D60529C1113A
                                                                                                                                                            SHA-512:2856971F9CB3BCA8887F9BB84E66610750366402B4B80892AC1269EB9D6078FD546AECFFB048CE0E5EA9027B276C51414594CC7052292076D74972414FD3C638
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:function(){return (function(){var aa=this||self;function ba(a){return"string"==typeof a}function ca(a,b){a=a.split(".");var c=aa;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function da(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function ea(a){return"function"==da(a)}function ha(a){var b=typeof a;return

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\selenium\webdriver\remote\getAttribute.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:ASCII text, with very long lines
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):43157
                                                                                                                                                            Entropy (8bit):5.4711439829805295
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:V7p/8YXWW4BJinqX46z3wlU0koCF2TPO2bRmeJbNV9c:V7p/JWFBJinqXNm3nCwPgAc
                                                                                                                                                            MD5:F05A5E91E83CD5CA39FBDED566E30E4C
                                                                                                                                                            SHA1:A7273098A868272944881E6F87838E69CDF9DB44
                                                                                                                                                            SHA-256:2186EA70072C63DDB4AD89F2315A7909A9B4A97F52A69957C74DA72641CDAE6A
                                                                                                                                                            SHA-512:72819C5DDA934955C9F35ECD8724AF965634C1C50B530A81D48A4F167CC815A896180E414790BC0E33C8BC4176C8C777AAB01D3C47C7FFE2818C242EDE8160AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:function(){return (function(){var h=this||self;function aa(a){return"string"==typeof a}function ba(a,b){a=a.split(".");var c=h;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function ca(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function da(a){var b=typeof a;return"object"==b&&null!=a||"function"==b}funct

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\selenium\webdriver\remote\isDisplayed.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:ASCII text, with very long lines
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):43996
                                                                                                                                                            Entropy (8bit):5.482916356843218
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:i5WDMeWWcwpdin/XLwXEWb1sHddFZ/R0o7BnF6LRkVZhYiJEKLuP:i50VWWppdin/Xk7buHdp/R0cF6+VZhzW
                                                                                                                                                            MD5:B3122D6B9700A669111247D95460AC05
                                                                                                                                                            SHA1:A14AF0130FC408719B1BA1AF81C03F54AC9D3F20
                                                                                                                                                            SHA-256:EBDA4033FAA32130BFCA4B7A0B3DF41565A99301DF9331054B18F7932B34C388
                                                                                                                                                            SHA-512:B74BACEBDE59767E18151F5A6E9E735C0243ADA4915BC1B9BBBFE276ADF4830D4B071C1A7AFE52E7A7558A8F9D3C464F329748CAB67864BAEBF05D5E398C7ED4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:function(){return (function(){var k=this||self;function aa(a){return"string"==typeof a}function ba(a,b){a=a.split(".");var c=k;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function ca(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function da(a,b,c){return a.call.apply(a.bind,arguments)}function ea(a,b,c){i

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\ucrtbase.dll

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1035728
                                                                                                                                                            Entropy (8bit):6.630126944065657
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:EsKxVJ/pRRK0Y/9fCrl4NbpjONcncXEomxvSZX0yp49C:lKxDPHQCrlQBXxw
                                                                                                                                                            MD5:849959A003FA63C5A42AE87929FCD18B
                                                                                                                                                            SHA1:D1B80B3265E31A2B5D8D7DA6183146BBD5FB791B
                                                                                                                                                            SHA-256:6238CBFE9F57C142B75E153C399C478D492252FDA8CB40EE539C2DCB0F2EB232
                                                                                                                                                            SHA-512:64958DABDB94D21B59254C2F074DB5D51E914DDBC8437452115DFF369B0C134E50462C3FDBBC14B6FA809A6EE19AB2FB83D654061601CC175CDDCB7D74778E09
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d.....$%.........." .....:..........0Z..............................................7^....`A................................................................. ...........!.............p........................... f..............................................text...09.......:.................. ..`.rdata..^....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\unicodedata.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1118672
                                                                                                                                                            Entropy (8bit):5.37577736945913
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:ZrlBMmuZ63N5QCb5Pfhnzr0ql8L8kdM7IRG5eeme6VZyrIBHdQLhfFE+uOK4:JlBueZV0m81MMREtV6Vo4uYOK4
                                                                                                                                                            MD5:D67AC58DA9E60E5B7EF3745FDDA74F7D
                                                                                                                                                            SHA1:092FAA0A13F99FD05C63395EE8EE9AA2BB1CA478
                                                                                                                                                            SHA-256:09E1D1E9190160959696AEDDB0324667FEF39F338EDC28F49B5F518B92F27F5F
                                                                                                                                                            SHA-512:9D510135E4106FEF0640565E73D438B4398F7AA65A36E3EA21D8241F07FEC7A23E721E8696B3605147E5CE5365684E84E8145001201A19D7537E8F61B20CF32C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,.$zhOJ)hOJ)hOJ)a7.)nOJ)::K(jOJ)::O(dOJ)::N(`OJ)::I(kOJ).:K(kOJ).=K(jOJ)hOK)9OJ).:G(iOJ).:J(iOJ).:.)iOJ).:H(iOJ)RichhOJ)................PE..d...Q.;b.........." .....B..........`*.......................................@......Pv....`.............................................X...(........ .......................0......0L..T............................L..8............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI64122\yaml\_yaml.cp310-win_amd64.pyd

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):249856
                                                                                                                                                            Entropy (8bit):6.177312891120855
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:LPUJDGw4UAFh0g4muSr3Tu1OdYH49EhkYBazLBbUlUcj1uBLRe:LPKD14dH0pmPT5gkuklUfuLR
                                                                                                                                                            MD5:32215679920FE87809632B99CE179CDE
                                                                                                                                                            SHA1:6BA6BABF24D9E5E47C2DEA87F89BBD8E077C8BE4
                                                                                                                                                            SHA-256:F5886D7FE3253498B625C6EB28522983084B905C73CAE00CCAC4C643AF9A4CC9
                                                                                                                                                            SHA-512:919D1FF516BDF891C3D6FFAE5F54B2D891ED80EFE17CACB19326CDF52487F5CFC3A5ED55F46487A4B30E07740F29C89C779D91355802341E1C5A80B45A8F4D4C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........;...U.U.U....U...T.U...T.U.....U...P.U...Q.U...V.U./.T.U.T.4.U.?.Q.U.?.].U.?.U.U.?..U.?.W.U.Rich..U.........................PE..d...N0ga.........." .................1....................................... ............`.............................................\...l...................$....................o.............................. o...............@...............................text....-.......................... ..`.rdata...[...@...\...2..............@..@.data...p;.......(..................@....pdata..$...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                            \Device\ConDrv

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):68
                                                                                                                                                            Entropy (8bit):4.364543495719876
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:t3vBFReNmI4S2UUAuF5QEyn:d7MmI4S2UP3
                                                                                                                                                            MD5:A7F5BBF43C58ACD9EB90BA863538346C
                                                                                                                                                            SHA1:0A18AC3438974DFEAFA22E13DBC6F6341D72B7D4
                                                                                                                                                            SHA-256:9AE53A925512404DA85F4330583724275E7AA2FF37D34AB19CB66611E56F8AFC
                                                                                                                                                            SHA-512:8CD099E885BC4E9E6CA2E89C1F80BEFE43D610D8C8D92519B15700A9572DBABD6E3F47607620B4C942FE3BC6AEA3FCD83BF2E2F05F846146AB3086D3139B2A74
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[7088] Failed to execute script 'main' due to unhandled exception!..

                                                                                                                                                            \Device\Null

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):316
                                                                                                                                                            Entropy (8bit):5.0805715382443655
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:j8Na+Ggy7VD1gU7e5zTyZZqEqz9+hOVYIa9hECr+IIKVGLv8xwECAZ2AGN8e:j8Nzy7V+Ua5zoZ/qz9+h9IchHVMv8RC9
                                                                                                                                                            MD5:63666B5587DD234B735593AD6B10C041
                                                                                                                                                            SHA1:06AECA1FBED53DC098B9D615CDF51250F783AF61
                                                                                                                                                            SHA-256:3237CA6C50FB0E468F994168BEA8C735F1032F98441D0613C76EAF68802DA842
                                                                                                                                                            SHA-512:CF829950036F6E4F5689436A5EA5B35D39223482D16DE7C5EA0A82CE4226009E6B327C54150D073D59896FEE3A49305C0CF7A0C312D5B82638514EB78B02779A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Starting ChromeDriver 85.0.4183.38 (9047dbc2c693f044042bbec5c91401c708c7c26a-refs/branch-heads/4183@{#779}) on port 49747..Only local connections are allowed...Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe...ChromeDriver was started successfully...

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                            Entropy (8bit):7.990502747630313
                                                                                                                                                            TrID:
                                                                                                                                                            • Win64 Executable Console (202006/5) 92.65%
                                                                                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                            File name:CapsuleFarmer.exe
                                                                                                                                                            File size:7654945
                                                                                                                                                            MD5:656cefd8d3ccc079158ecfc7a06c35ed
                                                                                                                                                            SHA1:f0adcd44e7d22bd107e6fd03cd61719ba3178cd0
                                                                                                                                                            SHA256:8e9d7cb05e025962ae2f55ff514dd9580d664849b99d444f6225a130c9be1f9c
                                                                                                                                                            SHA512:6e11b768e633d8ccef51a4c8b76d72d0d79a1b34f0b6e4aa62757ac163402c32acb413e1a745e5d684f69919cbd7b64bec2f86c6702d3088ddd6c30784da8488
                                                                                                                                                            SSDEEP:196608:E5PosTL2V76+DBnNgwQ+dtLZW27koJH5QtJDcJfs8v:s/TL2V76mNNj1W27DJZQofs8
                                                                                                                                                            TLSH:5076335032100DF9DCB6857A9486D939C6763C1A6329C98B47E0BEB33F375B06DB6B90
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............@I..@I..@Ir.CH..@Ir.EH..@Ir.DH..@I...I..@I..EH..@I..DH..@I..CH..@Ir.AH..@I..AI..@I..DH..@I..BH..@IRich..@I...............

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:10f0e8e8c6c4e400

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x14000a330
                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                            Digitally signed:false
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            Subsystem:windows cui
                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0x62C2838E [Mon Jul 4 06:07:10 2022 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:5
                                                                                                                                                            OS Version Minor:2
                                                                                                                                                            File Version Major:5
                                                                                                                                                            File Version Minor:2
                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                            Subsystem Version Minor:2
                                                                                                                                                            Import Hash:0bbecc8e9f9f17b0ea9cc3899b15e5cf

                                                                                                                                                            Entrypoint Preview

                                                                                                                                                            Instruction
                                                                                                                                                            dec eax
                                                                                                                                                            sub esp, 28h
                                                                                                                                                            call 00007FFA6CC87BCCh
                                                                                                                                                            dec eax
                                                                                                                                                            add esp, 28h
                                                                                                                                                            jmp 00007FFA6CC8752Fh
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            inc eax
                                                                                                                                                            push ebx
                                                                                                                                                            dec eax
                                                                                                                                                            sub esp, 20h
                                                                                                                                                            dec eax
                                                                                                                                                            mov ebx, ecx
                                                                                                                                                            xor ecx, ecx
                                                                                                                                                            call dword ptr [0001FDC3h]
                                                                                                                                                            dec eax
                                                                                                                                                            mov ecx, ebx
                                                                                                                                                            call dword ptr [0001FDB2h]
                                                                                                                                                            call dword ptr [0001FD3Ch]
                                                                                                                                                            dec eax
                                                                                                                                                            mov ecx, eax
                                                                                                                                                            mov edx, C0000409h
                                                                                                                                                            dec eax
                                                                                                                                                            add esp, 20h
                                                                                                                                                            pop ebx
                                                                                                                                                            dec eax
                                                                                                                                                            jmp dword ptr [0001FDA8h]
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            dec eax
                                                                                                                                                            mov dword ptr [esp+08h], ecx
                                                                                                                                                            dec eax
                                                                                                                                                            sub esp, 38h
                                                                                                                                                            mov ecx, 00000017h
                                                                                                                                                            call dword ptr [0001FD94h]
                                                                                                                                                            test eax, eax
                                                                                                                                                            je 00007FFA6CC876C9h
                                                                                                                                                            mov ecx, 00000002h
                                                                                                                                                            int 29h
                                                                                                                                                            dec eax
                                                                                                                                                            lea ecx, dword ptr [00041CEAh]
                                                                                                                                                            call 00007FFA6CC8788Eh
                                                                                                                                                            dec eax
                                                                                                                                                            mov eax, dword ptr [esp+38h]
                                                                                                                                                            dec eax
                                                                                                                                                            mov dword ptr [00041DD1h], eax
                                                                                                                                                            dec eax
                                                                                                                                                            lea eax, dword ptr [esp+38h]
                                                                                                                                                            dec eax
                                                                                                                                                            add eax, 08h
                                                                                                                                                            dec eax
                                                                                                                                                            mov dword ptr [00041D61h], eax
                                                                                                                                                            dec eax
                                                                                                                                                            mov eax, dword ptr [00041DBAh]
                                                                                                                                                            dec eax
                                                                                                                                                            mov dword ptr [00041C2Bh], eax
                                                                                                                                                            dec eax
                                                                                                                                                            mov eax, dword ptr [esp+40h]
                                                                                                                                                            dec eax
                                                                                                                                                            mov dword ptr [00041D2Fh], eax
                                                                                                                                                            mov dword ptr [00041C05h], C0000409h
                                                                                                                                                            mov dword ptr [00041BFFh], 00000001h
                                                                                                                                                            mov dword ptr [00000009h], 00000000h

                                                                                                                                                            Data Directories

                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3b8e40x3c.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x61e0.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20c4.pdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x590000x754.reloc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x392c00x1c.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x391800x140.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x350.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                            Sections

                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            .text0x10000x287b00x28800False0.5567551601080247zlib compressed data6.497436024881472IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rdata0x2a0000x1246a0x12600False0.5137250212585034data5.832772576127445IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .data0x3d0000x103e80xe00False0.130859375data1.806338290884056IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            .pdata0x4e0000x20c40x2200False0.4762178308823529data5.314207607074194IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            _RDATA0x510000x15c0x200False0.39453125data2.8411284312485376IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rsrc0x520000x61e00x6200False0.4055723852040816data4.885236942075751IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .reloc0x590000x7540x800False0.54345703125data5.23056010770353IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                            Resources

                                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                                            RT_ICON0x521a80x468GLS_BINARY_LSB_FIRST
                                                                                                                                                            RT_ICON0x526100x988data
                                                                                                                                                            RT_ICON0x52f980x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4278190080, next used block 4278190080
                                                                                                                                                            RT_ICON0x540400x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4278190080, next used block 4278190080
                                                                                                                                                            RT_ICON0x565e80x161ePNG image data, 256 x 256, 8-bit grayscale, non-interlaced
                                                                                                                                                            RT_GROUP_ICON0x57c080x4cdata
                                                                                                                                                            RT_MANIFEST0x57c540x589XML 1.0 document, ASCII text, with CRLF line terminators

                                                                                                                                                            Imports

                                                                                                                                                            DLLImport
                                                                                                                                                            KERNEL32.dllGetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, FreeLibrary, LoadLibraryExW, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, SetEndOfFile, GetProcAddress, GetModuleFileNameW, SetDllDirectoryW, GetStartupInfoW, GetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, HeapReAlloc, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW
                                                                                                                                                            ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                                                                                                            Network Behavior

                                                                                                                                                            No network behavior found

                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:17:23:22
                                                                                                                                                            Start date:06/07/2022
                                                                                                                                                            Path:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\Desktop\CapsuleFarmer.exe"
                                                                                                                                                            Imagebase:0x7ff78ec60000
                                                                                                                                                            File size:7654945 bytes
                                                                                                                                                            MD5 hash:656CEFD8D3CCC079158ECFC7A06C35ED
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low

                                                                                                                                                            General

                                                                                                                                                            Target ID:1
                                                                                                                                                            Start time:17:23:22
                                                                                                                                                            Start date:06/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7c9170000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:9
                                                                                                                                                            Start time:17:23:42
                                                                                                                                                            Start date:06/07/2022
                                                                                                                                                            Path:C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\Desktop\CapsuleFarmer.exe"
                                                                                                                                                            Imagebase:0x7ff78ec60000
                                                                                                                                                            File size:7654945 bytes
                                                                                                                                                            MD5 hash:656CEFD8D3CCC079158ECFC7A06C35ED
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low

                                                                                                                                                            General

                                                                                                                                                            Target ID:13
                                                                                                                                                            Start time:17:23:45
                                                                                                                                                            Start date:06/07/2022
                                                                                                                                                            Path:C:\Windows\System32\reg.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:reg query HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon /v version
                                                                                                                                                            Imagebase:0x7ff732680000
                                                                                                                                                            File size:72704 bytes
                                                                                                                                                            MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:17
                                                                                                                                                            Start time:17:23:59
                                                                                                                                                            Start date:06/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                            Imagebase:0x7ff65aad0000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:18
                                                                                                                                                            Start time:17:24:00
                                                                                                                                                            Start date:06/07/2022
                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\_MEI64122\chromedriver_autoinstaller\85\chromedriver.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:chromedriver --port=49747
                                                                                                                                                            Imagebase:0x1f0000
                                                                                                                                                            File size:9611776 bytes
                                                                                                                                                            MD5 hash:9852F17EAD7D340A03B4E559F8D47F66
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low

                                                                                                                                                            Disassembly

                                                                                                                                                            Reset < >

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:13.8%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:16.8%
                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                              Total number of Limit Nodes:66
                                                                                                                                                              execution_graph 15011 7ff78ec78c5d 15023 7ff78ec79588 15011->15023 15028 7ff78ec7aab0 GetLastError 15023->15028 15029 7ff78ec7aad4 FlsGetValue 15028->15029 15030 7ff78ec7aaf1 FlsSetValue 15028->15030 15031 7ff78ec7aaeb 15029->15031 15047 7ff78ec7aae1 SetLastError 15029->15047 15032 7ff78ec7ab03 15030->15032 15030->15047 15031->15030 15059 7ff78ec7e248 15032->15059 15036 7ff78ec7ab7d 15040 7ff78ec796bc __CxxCallCatchBlock 38 API calls 15036->15040 15037 7ff78ec79591 15050 7ff78ec796bc 15037->15050 15038 7ff78ec7ab30 FlsSetValue 15043 7ff78ec7ab4e 15038->15043 15044 7ff78ec7ab3c FlsSetValue 15038->15044 15039 7ff78ec7ab20 FlsSetValue 15042 7ff78ec7ab29 15039->15042 15041 7ff78ec7ab82 15040->15041 15066 7ff78ec7a2b8 15042->15066 15072 7ff78ec7a860 15043->15072 15044->15042 15047->15036 15047->15037 15120 7ff78ec76f78 15050->15120 15064 7ff78ec7e259 memcpy_s 15059->15064 15060 7ff78ec7e2aa 15080 7ff78ec75e08 15060->15080 15061 7ff78ec7e28e RtlAllocateHeap 15062 7ff78ec7ab12 15061->15062 15061->15064 15062->15038 15062->15039 15064->15060 15064->15061 15077 7ff78ec82a40 15064->15077 15067 7ff78ec7a2bd RtlReleasePrivilege 15066->15067 15068 7ff78ec7a2ec 15066->15068 15067->15068 15069 7ff78ec7a2d8 GetLastError 15067->15069 15068->15047 15070 7ff78ec7a2e5 Concurrency::details::SchedulerProxy::DeleteThis 15069->15070 15071 7ff78ec75e08 memcpy_s 9 API calls 15070->15071 15071->15068 15106 7ff78ec7a738 15072->15106 15083 7ff78ec82a7c 15077->15083 15089 7ff78ec7ac28 GetLastError 15080->15089 15082 7ff78ec75e11 15082->15062 15088 7ff78ec7fb48 EnterCriticalSection 15083->15088 15090 7ff78ec7ac69 FlsSetValue 15089->15090 15095 7ff78ec7ac4c 15089->15095 15091 7ff78ec7ac7b 15090->15091 15094 7ff78ec7ac59 15090->15094 15093 7ff78ec7e248 memcpy_s 5 API calls 15091->15093 15092 7ff78ec7acd5 SetLastError 15092->15082 15096 7ff78ec7ac8a 15093->15096 15094->15092 15095->15090 15095->15094 15097 7ff78ec7aca8 FlsSetValue 15096->15097 15098 7ff78ec7ac98 FlsSetValue 15096->15098 15100 7ff78ec7acc6 15097->15100 15101 7ff78ec7acb4 FlsSetValue 15097->15101 15099 7ff78ec7aca1 15098->15099 15102 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15099->15102 15103 7ff78ec7a860 memcpy_s 5 API calls 15100->15103 15101->15099 15102->15094 15104 7ff78ec7acce 15103->15104 15105 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15104->15105 15105->15092 15118 7ff78ec7fb48 EnterCriticalSection 15106->15118 15154 7ff78ec76e54 15120->15154 15159 7ff78ec7fb48 EnterCriticalSection 15154->15159 19343 7ff78ec89559 19344 7ff78ec89572 19343->19344 19345 7ff78ec89568 19343->19345 19347 7ff78ec7fba8 LeaveCriticalSection 19345->19347 19348 7ff78ec89495 19349 7ff78ec894a5 19348->19349 19352 7ff78ec74138 LeaveCriticalSection 19349->19352 18814 7ff78ec68990 18815 7ff78ec689be 18814->18815 18816 7ff78ec689a5 18814->18816 18816->18815 18818 7ff78ec7cfa0 12 API calls 18816->18818 18817 7ff78ec68a1c 18818->18817 18693 7ff78ec765f8 18694 7ff78ec76626 18693->18694 18695 7ff78ec7665f 18693->18695 18696 7ff78ec75e08 memcpy_s 11 API calls 18694->18696 18695->18694 18697 7ff78ec76664 FindFirstFileExW 18695->18697 18698 7ff78ec7662b 18696->18698 18699 7ff78ec766cd 18697->18699 18700 7ff78ec76686 GetLastError 18697->18700 18703 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18698->18703 18753 7ff78ec76868 18699->18753 18701 7ff78ec76691 18700->18701 18702 7ff78ec766a0 18700->18702 18705 7ff78ec766bd 18701->18705 18709 7ff78ec766ad 18701->18709 18710 7ff78ec7669b 18701->18710 18706 7ff78ec75e08 memcpy_s 11 API calls 18702->18706 18707 7ff78ec76636 18703->18707 18711 7ff78ec75e08 memcpy_s 11 API calls 18705->18711 18706->18707 18715 7ff78ec6a040 _wfindfirst32i64 8 API calls 18707->18715 18714 7ff78ec75e08 memcpy_s 11 API calls 18709->18714 18710->18702 18710->18705 18711->18707 18712 7ff78ec76868 _wfindfirst32i64 10 API calls 18713 7ff78ec766f3 18712->18713 18716 7ff78ec76868 _wfindfirst32i64 10 API calls 18713->18716 18714->18707 18717 7ff78ec7664a 18715->18717 18718 7ff78ec76701 18716->18718 18719 7ff78ec7fce4 _wfindfirst32i64 37 API calls 18718->18719 18720 7ff78ec7671f 18719->18720 18720->18707 18721 7ff78ec7672b 18720->18721 18722 7ff78ec7a270 _wfindfirst32i64 17 API calls 18721->18722 18723 7ff78ec7673f 18722->18723 18724 7ff78ec76769 18723->18724 18726 7ff78ec767a8 FindNextFileW 18723->18726 18725 7ff78ec75e08 memcpy_s 11 API calls 18724->18725 18727 7ff78ec7676e 18725->18727 18728 7ff78ec767b7 GetLastError 18726->18728 18729 7ff78ec767f8 18726->18729 18730 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18727->18730 18732 7ff78ec767d1 18728->18732 18736 7ff78ec767c2 18728->18736 18731 7ff78ec76868 _wfindfirst32i64 10 API calls 18729->18731 18733 7ff78ec76779 18730->18733 18734 7ff78ec76810 18731->18734 18737 7ff78ec75e08 memcpy_s 11 API calls 18732->18737 18742 7ff78ec6a040 _wfindfirst32i64 8 API calls 18733->18742 18738 7ff78ec76868 _wfindfirst32i64 10 API calls 18734->18738 18735 7ff78ec767eb 18741 7ff78ec75e08 memcpy_s 11 API calls 18735->18741 18736->18735 18739 7ff78ec767de 18736->18739 18740 7ff78ec767cc 18736->18740 18737->18733 18744 7ff78ec7681e 18738->18744 18745 7ff78ec75e08 memcpy_s 11 API calls 18739->18745 18740->18732 18740->18735 18741->18733 18743 7ff78ec7678c 18742->18743 18746 7ff78ec76868 _wfindfirst32i64 10 API calls 18744->18746 18745->18733 18747 7ff78ec7682c 18746->18747 18748 7ff78ec7fce4 _wfindfirst32i64 37 API calls 18747->18748 18749 7ff78ec7684a 18748->18749 18749->18733 18750 7ff78ec76852 18749->18750 18751 7ff78ec7a270 _wfindfirst32i64 17 API calls 18750->18751 18752 7ff78ec76866 18751->18752 18754 7ff78ec76886 FileTimeToSystemTime 18753->18754 18755 7ff78ec76880 18753->18755 18756 7ff78ec76895 SystemTimeToTzSpecificLocalTime 18754->18756 18758 7ff78ec768ab 18754->18758 18755->18754 18755->18758 18756->18758 18757 7ff78ec6a040 _wfindfirst32i64 8 API calls 18759 7ff78ec766e5 18757->18759 18758->18757 18759->18712 18917 7ff78ec78f00 18920 7ff78ec78e80 18917->18920 18927 7ff78ec7fb48 EnterCriticalSection 18920->18927 15221 7ff78ec6a1ac 15246 7ff78ec6a62c 15221->15246 15224 7ff78ec6a1cd __scrt_acquire_startup_lock 15227 7ff78ec6a30d 15224->15227 15228 7ff78ec6a1eb 15224->15228 15225 7ff78ec6a303 15363 7ff78ec6a95c IsProcessorFeaturePresent 15225->15363 15229 7ff78ec6a95c 7 API calls 15227->15229 15236 7ff78ec6a22d __scrt_release_startup_lock 15228->15236 15254 7ff78ec78b18 15228->15254 15230 7ff78ec6a318 __CxxCallCatchBlock 15229->15230 15233 7ff78ec6a210 15235 7ff78ec6a296 15264 7ff78ec78a7c 15235->15264 15236->15235 15352 7ff78ec78e34 15236->15352 15239 7ff78ec6a29b 15270 7ff78ec61000 15239->15270 15243 7ff78ec6a2bf 15243->15230 15359 7ff78ec6a7c0 15243->15359 15370 7ff78ec6abfc 15246->15370 15249 7ff78ec6a65b 15372 7ff78ec7953c 15249->15372 15253 7ff78ec6a1c5 15253->15224 15253->15225 15255 7ff78ec78b2b 15254->15255 15256 7ff78ec6a20c 15255->15256 15639 7ff78ec73f90 15255->15639 15651 7ff78ec6a0c0 15255->15651 15256->15233 15259 7ff78ec78ad4 15256->15259 15260 7ff78ec78ad9 15259->15260 15261 7ff78ec78b0a 15259->15261 15260->15261 15734 7ff78ec740d0 15260->15734 15743 7ff78ec6a190 15260->15743 15261->15236 15265 7ff78ec78a8c 15264->15265 15266 7ff78ec78aa1 15264->15266 15265->15266 15766 7ff78ec7850c 15265->15766 15266->15239 15271 7ff78ec61011 15270->15271 15828 7ff78ec66720 15271->15828 15273 7ff78ec61023 15835 7ff78ec74d20 15273->15835 15275 7ff78ec6278b 15842 7ff78ec61af0 15275->15842 15279 7ff78ec6a040 _wfindfirst32i64 8 API calls 15280 7ff78ec628be 15279->15280 15357 7ff78ec6aab0 GetModuleHandleW 15280->15357 15281 7ff78ec627a9 15344 7ff78ec628aa 15281->15344 15858 7ff78ec62c30 15281->15858 15283 7ff78ec627db 15283->15344 15861 7ff78ec65ab0 15283->15861 15285 7ff78ec627f7 15286 7ff78ec62843 15285->15286 15287 7ff78ec65ab0 92 API calls 15285->15287 15876 7ff78ec66050 15286->15876 15292 7ff78ec62818 __vcrt_freefls 15287->15292 15289 7ff78ec62858 15880 7ff78ec619d0 15289->15880 15292->15286 15297 7ff78ec66050 89 API calls 15292->15297 15293 7ff78ec6294d 15295 7ff78ec62978 15293->15295 16010 7ff78ec62480 15293->16010 15294 7ff78ec619d0 121 API calls 15296 7ff78ec6288e 15294->15296 15304 7ff78ec629bb 15295->15304 15891 7ff78ec66d10 15295->15891 15300 7ff78ec628d0 15296->15300 15301 7ff78ec62892 15296->15301 15297->15286 15300->15293 15987 7ff78ec62dc0 15300->15987 15981 7ff78ec61c50 15301->15981 15302 7ff78ec62998 15305 7ff78ec629ae SetDllDirectoryW 15302->15305 15306 7ff78ec6299d 15302->15306 15905 7ff78ec64f80 15304->15905 15305->15304 15307 7ff78ec61c50 86 API calls 15306->15307 15307->15344 15312 7ff78ec62a16 15320 7ff78ec62ad6 15312->15320 15326 7ff78ec62a29 15312->15326 15313 7ff78ec628f2 15316 7ff78ec61c50 86 API calls 15313->15316 15316->15344 15317 7ff78ec629d8 15317->15312 16024 7ff78ec64780 15317->16024 15318 7ff78ec62920 15318->15293 15319 7ff78ec62925 15318->15319 16006 7ff78ec6e528 15319->16006 15909 7ff78ec62310 15320->15909 15334 7ff78ec62a75 15326->15334 16118 7ff78ec61b30 15326->16118 15327 7ff78ec62a0c 15329 7ff78ec649d0 FreeLibrary 15327->15329 15328 7ff78ec629ed 16044 7ff78ec64710 15328->16044 15329->15312 15333 7ff78ec62b0b 15336 7ff78ec65ab0 92 API calls 15333->15336 15334->15344 16122 7ff78ec622b0 15334->16122 15335 7ff78ec629f7 15335->15327 15338 7ff78ec629fb 15335->15338 15342 7ff78ec62b17 15336->15342 16112 7ff78ec64dd0 15338->16112 15340 7ff78ec62ab1 15343 7ff78ec649d0 FreeLibrary 15340->15343 15342->15344 15926 7ff78ec66090 15342->15926 15343->15344 15344->15279 15353 7ff78ec78e6c 15352->15353 15354 7ff78ec78e4b 15352->15354 15355 7ff78ec79588 45 API calls 15353->15355 15354->15235 15356 7ff78ec78e71 15355->15356 15358 7ff78ec6aac1 15357->15358 15358->15243 15360 7ff78ec6a7d1 15359->15360 15361 7ff78ec6a2d6 15360->15361 15362 7ff78ec6bd58 __scrt_initialize_crt 7 API calls 15360->15362 15361->15233 15362->15361 15364 7ff78ec6a982 _wfindfirst32i64 memcpy_s 15363->15364 15365 7ff78ec6a9a1 RtlCaptureContext RtlLookupFunctionEntry 15364->15365 15366 7ff78ec6a9ca RtlVirtualUnwind 15365->15366 15367 7ff78ec6aa06 memcpy_s 15365->15367 15366->15367 15368 7ff78ec6aa38 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15367->15368 15369 7ff78ec6aa8a _wfindfirst32i64 15368->15369 15369->15227 15371 7ff78ec6a64e __scrt_dllmain_crt_thread_attach 15370->15371 15371->15249 15371->15253 15373 7ff78ec8295c 15372->15373 15374 7ff78ec6a660 15373->15374 15384 7ff78ec7beb0 15373->15384 15395 7ff78ec81a28 15373->15395 15410 7ff78ec81ae0 15373->15410 15374->15253 15378 7ff78ec6bd58 15374->15378 15379 7ff78ec6bd6a 15378->15379 15380 7ff78ec6bd60 15378->15380 15379->15253 15618 7ff78ec6c0d4 15380->15618 15416 7ff78ec7fb48 EnterCriticalSection 15384->15416 15396 7ff78ec81a4b 15395->15396 15397 7ff78ec81a55 15396->15397 15460 7ff78ec7fb48 EnterCriticalSection 15396->15460 15399 7ff78ec81ac7 15397->15399 15402 7ff78ec796bc __CxxCallCatchBlock 45 API calls 15397->15402 15399->15373 15403 7ff78ec81adf 15402->15403 15406 7ff78ec81b32 15403->15406 15417 7ff78ec7ab84 15403->15417 15406->15373 15411 7ff78ec81aed 15410->15411 15412 7ff78ec81b32 15410->15412 15413 7ff78ec7ab84 50 API calls 15411->15413 15412->15373 15414 7ff78ec81b1c 15413->15414 15415 7ff78ec817b8 65 API calls 15414->15415 15415->15412 15418 7ff78ec7ab95 FlsGetValue 15417->15418 15419 7ff78ec7abb0 FlsSetValue 15417->15419 15421 7ff78ec7aba2 15418->15421 15422 7ff78ec7abaa 15418->15422 15420 7ff78ec7abbd 15419->15420 15419->15421 15425 7ff78ec7e248 memcpy_s 11 API calls 15420->15425 15423 7ff78ec7aba8 15421->15423 15424 7ff78ec796bc __CxxCallCatchBlock 45 API calls 15421->15424 15422->15419 15437 7ff78ec817b8 15423->15437 15426 7ff78ec7ac25 15424->15426 15427 7ff78ec7abcc 15425->15427 15428 7ff78ec7abea FlsSetValue 15427->15428 15429 7ff78ec7abda FlsSetValue 15427->15429 15431 7ff78ec7ac08 15428->15431 15432 7ff78ec7abf6 FlsSetValue 15428->15432 15430 7ff78ec7abe3 15429->15430 15433 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15430->15433 15434 7ff78ec7a860 memcpy_s 11 API calls 15431->15434 15432->15430 15433->15421 15435 7ff78ec7ac10 15434->15435 15436 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15435->15436 15436->15423 15438 7ff78ec81a28 65 API calls 15437->15438 15439 7ff78ec817ed 15438->15439 15461 7ff78ec814b8 15439->15461 15444 7ff78ec81823 15445 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15444->15445 15457 7ff78ec8180a 15445->15457 15446 7ff78ec81832 15446->15446 15475 7ff78ec81b5c 15446->15475 15449 7ff78ec8192e 15451 7ff78ec75e08 memcpy_s 11 API calls 15449->15451 15450 7ff78ec81948 15455 7ff78ec81989 15450->15455 15458 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15450->15458 15452 7ff78ec81933 15451->15452 15453 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15452->15453 15453->15457 15454 7ff78ec819f0 15456 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15454->15456 15455->15454 15486 7ff78ec812e8 15455->15486 15456->15457 15457->15406 15458->15455 15501 7ff78ec74824 15461->15501 15464 7ff78ec814ea 15466 7ff78ec814ff 15464->15466 15467 7ff78ec814ef GetACP 15464->15467 15465 7ff78ec814d8 GetOEMCP 15465->15466 15466->15457 15468 7ff78ec7cfa0 15466->15468 15467->15466 15469 7ff78ec7cfeb 15468->15469 15473 7ff78ec7cfaf memcpy_s 15468->15473 15471 7ff78ec75e08 memcpy_s 11 API calls 15469->15471 15470 7ff78ec7cfd2 RtlAllocateHeap 15472 7ff78ec7cfe9 15470->15472 15470->15473 15471->15472 15472->15444 15472->15446 15473->15469 15473->15470 15474 7ff78ec82a40 memcpy_s 2 API calls 15473->15474 15474->15473 15476 7ff78ec814b8 47 API calls 15475->15476 15477 7ff78ec81b89 15476->15477 15478 7ff78ec81bc6 IsValidCodePage 15477->15478 15484 7ff78ec81c09 memcpy_s 15477->15484 15480 7ff78ec81bd7 15478->15480 15478->15484 15479 7ff78ec6a040 _wfindfirst32i64 8 API calls 15481 7ff78ec81925 15479->15481 15482 7ff78ec81c0e GetCPInfo 15480->15482 15485 7ff78ec81be0 memcpy_s 15480->15485 15481->15449 15481->15450 15482->15484 15482->15485 15484->15479 15533 7ff78ec815d0 15485->15533 15617 7ff78ec7fb48 EnterCriticalSection 15486->15617 15502 7ff78ec74848 15501->15502 15503 7ff78ec74843 15501->15503 15502->15503 15504 7ff78ec7aab0 __CxxCallCatchBlock 45 API calls 15502->15504 15503->15464 15503->15465 15505 7ff78ec74863 15504->15505 15509 7ff78ec7d000 15505->15509 15510 7ff78ec74886 15509->15510 15511 7ff78ec7d015 15509->15511 15513 7ff78ec7d06c 15510->15513 15511->15510 15517 7ff78ec827b8 15511->15517 15514 7ff78ec7d094 15513->15514 15515 7ff78ec7d081 15513->15515 15514->15503 15515->15514 15530 7ff78ec81b40 15515->15530 15518 7ff78ec7aab0 __CxxCallCatchBlock 45 API calls 15517->15518 15519 7ff78ec827c7 15518->15519 15520 7ff78ec82812 15519->15520 15529 7ff78ec7fb48 EnterCriticalSection 15519->15529 15520->15510 15531 7ff78ec7aab0 __CxxCallCatchBlock 45 API calls 15530->15531 15532 7ff78ec81b49 15531->15532 15534 7ff78ec8160d GetCPInfo 15533->15534 15543 7ff78ec81703 15533->15543 15538 7ff78ec81620 15534->15538 15534->15543 15535 7ff78ec6a040 _wfindfirst32i64 8 API calls 15537 7ff78ec817a2 15535->15537 15537->15484 15544 7ff78ec822e8 15538->15544 15543->15535 15545 7ff78ec74824 45 API calls 15544->15545 15546 7ff78ec8232a 15545->15546 15564 7ff78ec7ec04 15546->15564 15565 7ff78ec7ec0c MultiByteToWideChar 15564->15565 15619 7ff78ec6c0e3 15618->15619 15620 7ff78ec6bd65 15618->15620 15626 7ff78ec6c310 15619->15626 15622 7ff78ec6c140 15620->15622 15623 7ff78ec6c16b 15622->15623 15624 7ff78ec6c14e DeleteCriticalSection 15623->15624 15625 7ff78ec6c16f 15623->15625 15624->15623 15625->15379 15630 7ff78ec6c178 15626->15630 15631 7ff78ec6c292 TlsFree 15630->15631 15637 7ff78ec6c1bc __vcrt_InitializeCriticalSectionEx 15630->15637 15632 7ff78ec6c1ea LoadLibraryExW 15634 7ff78ec6c20b GetLastError 15632->15634 15635 7ff78ec6c261 15632->15635 15633 7ff78ec6c281 GetProcAddress 15633->15631 15634->15637 15635->15633 15636 7ff78ec6c278 FreeLibrary 15635->15636 15636->15633 15637->15631 15637->15632 15637->15633 15638 7ff78ec6c22d LoadLibraryExW 15637->15638 15638->15635 15638->15637 15640 7ff78ec73fba 15639->15640 15641 7ff78ec7e248 memcpy_s 11 API calls 15640->15641 15642 7ff78ec73fd9 15641->15642 15643 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15642->15643 15644 7ff78ec73fe7 15643->15644 15645 7ff78ec7e248 memcpy_s 11 API calls 15644->15645 15648 7ff78ec74011 15644->15648 15646 7ff78ec74003 15645->15646 15649 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15646->15649 15650 7ff78ec7401a 15648->15650 15668 7ff78ec7e628 15648->15668 15649->15648 15650->15255 15652 7ff78ec6a0d0 15651->15652 15673 7ff78ec755ac 15652->15673 15654 7ff78ec6a0dc 15679 7ff78ec6a678 15654->15679 15656 7ff78ec6a95c 7 API calls 15658 7ff78ec6a175 15656->15658 15657 7ff78ec6a0f4 _RTC_Initialize 15666 7ff78ec6a149 15657->15666 15684 7ff78ec6a828 15657->15684 15658->15255 15660 7ff78ec6a109 15687 7ff78ec78314 15660->15687 15666->15656 15667 7ff78ec6a165 15666->15667 15667->15255 15669 7ff78ec7e2c0 __crtLCMapStringW 5 API calls 15668->15669 15670 7ff78ec7e65e 15669->15670 15671 7ff78ec7e67d InitializeCriticalSectionAndSpinCount 15670->15671 15672 7ff78ec7e663 15670->15672 15671->15672 15672->15648 15674 7ff78ec755bd 15673->15674 15675 7ff78ec75e08 memcpy_s 11 API calls 15674->15675 15677 7ff78ec755c5 15674->15677 15676 7ff78ec755d4 15675->15676 15678 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 15676->15678 15677->15654 15678->15677 15680 7ff78ec6a689 15679->15680 15683 7ff78ec6a68e __scrt_release_startup_lock 15679->15683 15681 7ff78ec6a95c 7 API calls 15680->15681 15680->15683 15682 7ff78ec6a702 15681->15682 15683->15657 15713 7ff78ec6a7ec 15684->15713 15686 7ff78ec6a831 15686->15660 15688 7ff78ec78334 15687->15688 15689 7ff78ec6a115 15687->15689 15690 7ff78ec7833c 15688->15690 15691 7ff78ec78352 GetModuleFileNameW 15688->15691 15689->15666 15712 7ff78ec6a8fc InitializeSListHead 15689->15712 15692 7ff78ec75e08 memcpy_s 11 API calls 15690->15692 15695 7ff78ec7837d 15691->15695 15693 7ff78ec78341 15692->15693 15694 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 15693->15694 15694->15689 15728 7ff78ec782b4 15695->15728 15698 7ff78ec783c5 15699 7ff78ec75e08 memcpy_s 11 API calls 15698->15699 15700 7ff78ec783ca 15699->15700 15703 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15700->15703 15701 7ff78ec783dd 15702 7ff78ec783ff 15701->15702 15706 7ff78ec7842b 15701->15706 15707 7ff78ec78444 15701->15707 15705 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15702->15705 15704 7ff78ec783d8 15703->15704 15704->15689 15705->15689 15708 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15706->15708 15710 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15707->15710 15709 7ff78ec78434 15708->15709 15711 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15709->15711 15710->15702 15711->15704 15714 7ff78ec6a806 15713->15714 15716 7ff78ec6a7ff 15713->15716 15717 7ff78ec7939c 15714->15717 15716->15686 15720 7ff78ec78fd8 15717->15720 15727 7ff78ec7fb48 EnterCriticalSection 15720->15727 15729 7ff78ec782cc 15728->15729 15733 7ff78ec78304 15728->15733 15730 7ff78ec7e248 memcpy_s 11 API calls 15729->15730 15729->15733 15731 7ff78ec782fa 15730->15731 15732 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15731->15732 15732->15733 15733->15698 15733->15701 15735 7ff78ec740db 15734->15735 15751 7ff78ec7e864 15735->15751 15765 7ff78ec6ab04 SetUnhandledExceptionFilter 15743->15765 15764 7ff78ec7fb48 EnterCriticalSection 15751->15764 15767 7ff78ec78525 15766->15767 15778 7ff78ec78521 15766->15778 15787 7ff78ec81f2c GetEnvironmentStringsW 15767->15787 15770 7ff78ec7853e 15794 7ff78ec7868c 15770->15794 15771 7ff78ec78532 15773 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15771->15773 15773->15778 15775 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15776 7ff78ec78565 15775->15776 15777 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15776->15777 15777->15778 15778->15266 15779 7ff78ec788cc 15778->15779 15780 7ff78ec788ef 15779->15780 15785 7ff78ec78906 15779->15785 15780->15266 15781 7ff78ec7ec04 MultiByteToWideChar _fread_nolock 15781->15785 15782 7ff78ec7e248 memcpy_s 11 API calls 15782->15785 15783 7ff78ec7897a 15784 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15783->15784 15784->15780 15785->15780 15785->15781 15785->15782 15785->15783 15786 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15785->15786 15786->15785 15788 7ff78ec7852a 15787->15788 15789 7ff78ec81f50 15787->15789 15788->15770 15788->15771 15790 7ff78ec7cfa0 _fread_nolock 12 API calls 15789->15790 15791 7ff78ec81f87 memcpy_s 15790->15791 15792 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15791->15792 15793 7ff78ec81fa7 FreeEnvironmentStringsW 15792->15793 15793->15788 15795 7ff78ec786b4 15794->15795 15796 7ff78ec7e248 memcpy_s 11 API calls 15795->15796 15808 7ff78ec786ef 15796->15808 15797 7ff78ec786f7 15798 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15797->15798 15800 7ff78ec78546 15798->15800 15799 7ff78ec78771 15801 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15799->15801 15800->15775 15801->15800 15802 7ff78ec7e248 memcpy_s 11 API calls 15802->15808 15803 7ff78ec78760 15822 7ff78ec787a8 15803->15822 15807 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15807->15797 15808->15797 15808->15799 15808->15802 15808->15803 15809 7ff78ec78794 15808->15809 15811 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15808->15811 15813 7ff78ec7fce4 15808->15813 15810 7ff78ec7a270 _wfindfirst32i64 17 API calls 15809->15810 15812 7ff78ec787a6 15810->15812 15811->15808 15814 7ff78ec7fcfb 15813->15814 15815 7ff78ec7fcf1 15813->15815 15816 7ff78ec75e08 memcpy_s 11 API calls 15814->15816 15815->15814 15819 7ff78ec7fd17 15815->15819 15821 7ff78ec7fd03 15816->15821 15817 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 15818 7ff78ec7fd0f 15817->15818 15818->15808 15819->15818 15820 7ff78ec75e08 memcpy_s 11 API calls 15819->15820 15820->15821 15821->15817 15823 7ff78ec78768 15822->15823 15824 7ff78ec787ad 15822->15824 15823->15807 15825 7ff78ec787d6 15824->15825 15826 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15824->15826 15827 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15825->15827 15826->15824 15827->15823 15830 7ff78ec6673f 15828->15830 15829 7ff78ec66790 WideCharToMultiByte 15829->15830 15832 7ff78ec66838 15829->15832 15830->15829 15831 7ff78ec667e6 WideCharToMultiByte 15830->15831 15830->15832 15834 7ff78ec66747 __vcrt_freefls 15830->15834 15831->15830 15831->15832 16150 7ff78ec61cb0 15832->16150 15834->15273 15838 7ff78ec7f01c 15835->15838 15836 7ff78ec7f06f 15837 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 15836->15837 15841 7ff78ec7f098 15837->15841 15838->15836 15839 7ff78ec7f0c5 15838->15839 16457 7ff78ec7eef4 15839->16457 15841->15275 15843 7ff78ec61b05 15842->15843 15844 7ff78ec61b20 15843->15844 16465 7ff78ec61c10 15843->16465 15844->15344 15846 7ff78ec62cb0 15844->15846 16488 7ff78ec6a070 15846->16488 15849 7ff78ec62ceb 15852 7ff78ec61cb0 86 API calls 15849->15852 15850 7ff78ec62d02 16490 7ff78ec66e20 15850->16490 15854 7ff78ec62cfe 15852->15854 15856 7ff78ec6a040 _wfindfirst32i64 8 API calls 15854->15856 15855 7ff78ec61c50 86 API calls 15855->15854 15857 7ff78ec62d3f 15856->15857 15857->15281 15859 7ff78ec61b30 49 API calls 15858->15859 15860 7ff78ec62c4d 15859->15860 15860->15283 15862 7ff78ec65aba 15861->15862 15863 7ff78ec66d10 88 API calls 15862->15863 15864 7ff78ec65adc GetEnvironmentVariableW 15863->15864 15865 7ff78ec65af4 ExpandEnvironmentStringsW 15864->15865 15866 7ff78ec65b46 15864->15866 15868 7ff78ec66e20 88 API calls 15865->15868 15867 7ff78ec6a040 _wfindfirst32i64 8 API calls 15866->15867 15869 7ff78ec65b58 15867->15869 15870 7ff78ec65b1c 15868->15870 15869->15285 15870->15866 15871 7ff78ec65b26 15870->15871 16501 7ff78ec795bc 15871->16501 15874 7ff78ec6a040 _wfindfirst32i64 8 API calls 15875 7ff78ec65b3e 15874->15875 15875->15285 15877 7ff78ec66d10 88 API calls 15876->15877 15878 7ff78ec66067 SetEnvironmentVariableW 15877->15878 15879 7ff78ec6607f __vcrt_freefls 15878->15879 15879->15289 15881 7ff78ec61b30 49 API calls 15880->15881 15882 7ff78ec61a00 15881->15882 15883 7ff78ec61b30 49 API calls 15882->15883 15890 7ff78ec61a7a 15882->15890 15884 7ff78ec61a22 15883->15884 15885 7ff78ec62c30 49 API calls 15884->15885 15884->15890 15886 7ff78ec61a3b 15885->15886 16508 7ff78ec617b0 15886->16508 15889 7ff78ec6e528 74 API calls 15889->15890 15890->15293 15890->15294 15892 7ff78ec66db7 MultiByteToWideChar 15891->15892 15893 7ff78ec66d31 MultiByteToWideChar 15891->15893 15894 7ff78ec66dda 15892->15894 15895 7ff78ec66dff 15892->15895 15896 7ff78ec66d7c 15893->15896 15897 7ff78ec66d57 15893->15897 15898 7ff78ec61cb0 86 API calls 15894->15898 15895->15302 15896->15892 15902 7ff78ec66d92 15896->15902 15899 7ff78ec61cb0 86 API calls 15897->15899 15900 7ff78ec66ded 15898->15900 15901 7ff78ec66d6a 15899->15901 15900->15302 15901->15302 15903 7ff78ec61cb0 86 API calls 15902->15903 15904 7ff78ec66da5 15903->15904 15904->15302 15906 7ff78ec64f95 15905->15906 15907 7ff78ec629c0 15906->15907 15908 7ff78ec61c10 86 API calls 15906->15908 15907->15312 16014 7ff78ec64c20 15907->16014 15908->15907 15910 7ff78ec623c4 15909->15910 15916 7ff78ec62383 15909->15916 15911 7ff78ec62403 15910->15911 15912 7ff78ec61ab0 74 API calls 15910->15912 15913 7ff78ec6a040 _wfindfirst32i64 8 API calls 15911->15913 15912->15910 15914 7ff78ec62415 15913->15914 15914->15344 15919 7ff78ec65fe0 15914->15919 15916->15910 16581 7ff78ec61440 15916->16581 16615 7ff78ec61dc0 15916->16615 16669 7ff78ec61780 15916->16669 15920 7ff78ec66d10 88 API calls 15919->15920 15921 7ff78ec65fff 15920->15921 15922 7ff78ec66d10 88 API calls 15921->15922 15923 7ff78ec6600f 15922->15923 15924 7ff78ec76598 38 API calls 15923->15924 15925 7ff78ec6601d __vcrt_freefls 15924->15925 15925->15333 15927 7ff78ec660a0 15926->15927 15928 7ff78ec66d10 88 API calls 15927->15928 15929 7ff78ec660d1 15928->15929 17485 7ff78ec77248 15929->17485 15932 7ff78ec77248 14 API calls 15933 7ff78ec660ea 15932->15933 15934 7ff78ec77248 14 API calls 15933->15934 15982 7ff78ec61c6e 15981->15982 15983 7ff78ec61b90 78 API calls 15982->15983 15984 7ff78ec61c8c 15983->15984 15985 7ff78ec61d00 86 API calls 15984->15985 15986 7ff78ec61c9b 15985->15986 15986->15344 15988 7ff78ec62dcc 15987->15988 15989 7ff78ec66d10 88 API calls 15988->15989 15990 7ff78ec62df7 15989->15990 15991 7ff78ec66d10 88 API calls 15990->15991 15992 7ff78ec62e0a 15991->15992 17559 7ff78ec752d8 15992->17559 15995 7ff78ec6a040 _wfindfirst32i64 8 API calls 15996 7ff78ec628ea 15995->15996 15996->15313 15997 7ff78ec662c0 15996->15997 15998 7ff78ec662e4 15997->15998 15999 7ff78ec6eb90 73 API calls 15998->15999 16000 7ff78ec663bb __vcrt_freefls 15998->16000 16001 7ff78ec662fe 15999->16001 16000->15318 16001->16000 17938 7ff78ec77de4 16001->17938 16003 7ff78ec6eb90 73 API calls 16005 7ff78ec66313 16003->16005 16004 7ff78ec6e878 _fread_nolock 53 API calls 16004->16005 16005->16000 16005->16003 16005->16004 16007 7ff78ec6e558 16006->16007 17953 7ff78ec6e308 16007->17953 16009 7ff78ec6e571 16009->15313 16011 7ff78ec62497 16010->16011 16012 7ff78ec624c0 16010->16012 16011->16012 16013 7ff78ec61780 86 API calls 16011->16013 16012->15295 16013->16011 16015 7ff78ec64c44 16014->16015 16020 7ff78ec64c71 16014->16020 16016 7ff78ec64c6c 16015->16016 16017 7ff78ec64c67 memcpy_s __vcrt_freefls 16015->16017 16018 7ff78ec61780 86 API calls 16015->16018 16015->16020 17964 7ff78ec612b0 16016->17964 16017->15317 16018->16015 16020->16017 17990 7ff78ec62e40 16020->17990 16022 7ff78ec64cd7 16022->16017 16023 7ff78ec61c50 86 API calls 16022->16023 16023->16017 16025 7ff78ec6479a memcpy_s 16024->16025 16026 7ff78ec648bf 16025->16026 16028 7ff78ec648db 16025->16028 16032 7ff78ec62e40 49 API calls 16025->16032 16033 7ff78ec648a0 16025->16033 16041 7ff78ec61440 158 API calls 16025->16041 16042 7ff78ec648c1 16025->16042 17993 7ff78ec61650 16025->17993 16029 7ff78ec62e40 49 API calls 16026->16029 16031 7ff78ec61c50 86 API calls 16028->16031 16030 7ff78ec64938 16029->16030 16034 7ff78ec62e40 49 API calls 16030->16034 16035 7ff78ec648d1 __vcrt_freefls 16031->16035 16032->16025 16033->16026 16036 7ff78ec62e40 49 API calls 16033->16036 16037 7ff78ec64968 16034->16037 16038 7ff78ec6a040 _wfindfirst32i64 8 API calls 16035->16038 16036->16026 16040 7ff78ec62e40 49 API calls 16037->16040 16039 7ff78ec629e9 16038->16039 16039->15327 16039->15328 16040->16035 16041->16025 16043 7ff78ec61c50 86 API calls 16042->16043 16043->16035 17998 7ff78ec66270 16044->17998 16046 7ff78ec64722 16047 7ff78ec66270 89 API calls 16046->16047 16048 7ff78ec64735 16047->16048 16049 7ff78ec6475a 16048->16049 16050 7ff78ec6474d GetProcAddress 16048->16050 16051 7ff78ec61c50 86 API calls 16049->16051 16054 7ff78ec650dc GetProcAddress 16050->16054 16055 7ff78ec650b9 16050->16055 16053 7ff78ec64766 16051->16053 16053->15335 16054->16055 16056 7ff78ec65101 GetProcAddress 16054->16056 16057 7ff78ec61cb0 86 API calls 16055->16057 16056->16055 16058 7ff78ec65126 GetProcAddress 16056->16058 16059 7ff78ec650cc 16057->16059 16058->16055 16060 7ff78ec6514e GetProcAddress 16058->16060 16059->15335 16060->16055 16061 7ff78ec65176 GetProcAddress 16060->16061 16061->16055 16062 7ff78ec6519e GetProcAddress 16061->16062 16113 7ff78ec64df4 16112->16113 16119 7ff78ec61b55 16118->16119 16120 7ff78ec73a20 49 API calls 16119->16120 16121 7ff78ec61b78 16120->16121 16121->15334 18002 7ff78ec63aa0 16122->18002 16125 7ff78ec622fd 16125->15340 16127 7ff78ec622d4 16127->16125 18058 7ff78ec63820 16127->18058 16129 7ff78ec622e0 16129->16125 16157 7ff78ec61d00 16150->16157 16158 7ff78ec61d10 16157->16158 16182 7ff78ec73a20 16158->16182 16162 7ff78ec61d70 16215 7ff78ec61b90 16162->16215 16165 7ff78ec6a040 _wfindfirst32i64 8 API calls 16166 7ff78ec61cd7 GetLastError 16165->16166 16167 7ff78ec665d0 16166->16167 16168 7ff78ec665dc 16167->16168 16169 7ff78ec665fd FormatMessageW 16168->16169 16170 7ff78ec665f7 GetLastError 16168->16170 16171 7ff78ec6664c WideCharToMultiByte 16169->16171 16172 7ff78ec66630 16169->16172 16170->16169 16174 7ff78ec66686 16171->16174 16175 7ff78ec66643 16171->16175 16173 7ff78ec61cb0 83 API calls 16172->16173 16173->16175 16176 7ff78ec61cb0 83 API calls 16174->16176 16177 7ff78ec6a040 _wfindfirst32i64 8 API calls 16175->16177 16176->16175 16178 7ff78ec61ce4 16177->16178 16179 7ff78ec61be0 16178->16179 16180 7ff78ec61d00 86 API calls 16179->16180 16181 7ff78ec61c02 16180->16181 16181->15834 16183 7ff78ec73a7a 16182->16183 16184 7ff78ec73a9f 16183->16184 16186 7ff78ec73adb 16183->16186 16185 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16184->16185 16188 7ff78ec73ac9 16185->16188 16219 7ff78ec714e8 16186->16219 16189 7ff78ec6a040 _wfindfirst32i64 8 API calls 16188->16189 16191 7ff78ec61d58 16189->16191 16190 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16190->16188 16200 7ff78ec66b50 MultiByteToWideChar 16191->16200 16193 7ff78ec73bdc 16194 7ff78ec73bb8 16193->16194 16196 7ff78ec73be6 16193->16196 16194->16190 16195 7ff78ec73b84 16195->16194 16199 7ff78ec73b8d 16195->16199 16198 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16196->16198 16197 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16197->16188 16198->16188 16199->16197 16201 7ff78ec66b99 16200->16201 16202 7ff78ec66bb3 16200->16202 16203 7ff78ec61cb0 82 API calls 16201->16203 16204 7ff78ec66bc9 16202->16204 16205 7ff78ec66be3 MultiByteToWideChar 16202->16205 16214 7ff78ec66bac __vcrt_freefls 16203->16214 16208 7ff78ec61cb0 82 API calls 16204->16208 16206 7ff78ec66c06 16205->16206 16207 7ff78ec66c20 WideCharToMultiByte 16205->16207 16209 7ff78ec61cb0 82 API calls 16206->16209 16210 7ff78ec66c4d 16207->16210 16211 7ff78ec66c56 16207->16211 16208->16214 16209->16214 16213 7ff78ec61cb0 82 API calls 16210->16213 16211->16210 16212 7ff78ec66c7b WideCharToMultiByte 16211->16212 16212->16210 16212->16214 16213->16214 16214->16162 16216 7ff78ec61bb6 16215->16216 16442 7ff78ec738fc 16216->16442 16218 7ff78ec61bcc 16218->16165 16220 7ff78ec7151f 16219->16220 16221 7ff78ec7150f 16219->16221 16222 7ff78ec71525 16220->16222 16229 7ff78ec71555 16220->16229 16225 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16221->16225 16223 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16222->16223 16224 7ff78ec7154d 16223->16224 16224->16193 16224->16194 16224->16195 16224->16199 16225->16224 16227 7ff78ec7180e 16231 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16227->16231 16229->16221 16229->16224 16229->16227 16233 7ff78ec72418 16229->16233 16258 7ff78ec71cb4 16229->16258 16287 7ff78ec7103c 16229->16287 16290 7ff78ec735d0 16229->16290 16231->16221 16234 7ff78ec7245e 16233->16234 16235 7ff78ec724bb 16233->16235 16236 7ff78ec7251e 16234->16236 16249 7ff78ec72464 16234->16249 16237 7ff78ec7252b 16235->16237 16238 7ff78ec724bf 16235->16238 16318 7ff78ec6ffd8 16236->16318 16325 7ff78ec72d34 16237->16325 16238->16236 16242 7ff78ec72517 16238->16242 16243 7ff78ec724c7 16238->16243 16241 7ff78ec72496 16245 7ff78ec72534 16241->16245 16296 7ff78ec731e0 16241->16296 16314 7ff78ec73368 16242->16314 16247 7ff78ec724cb 16243->16247 16248 7ff78ec724f7 16243->16248 16251 7ff78ec6a040 _wfindfirst32i64 8 API calls 16245->16251 16247->16236 16254 7ff78ec724b1 16247->16254 16256 7ff78ec724a5 16247->16256 16307 7ff78ec6fc04 16248->16307 16249->16237 16249->16241 16249->16245 16253 7ff78ec7248a 16249->16253 16249->16254 16249->16256 16252 7ff78ec727c6 16251->16252 16252->16229 16253->16237 16253->16241 16253->16256 16254->16245 16300 7ff78ec703ac 16254->16300 16256->16245 16335 7ff78ec7def0 16256->16335 16259 7ff78ec71cd5 16258->16259 16260 7ff78ec71cbf 16258->16260 16261 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16259->16261 16268 7ff78ec71d13 16259->16268 16262 7ff78ec7245e 16260->16262 16263 7ff78ec724bb 16260->16263 16260->16268 16261->16268 16264 7ff78ec7251e 16262->16264 16277 7ff78ec72464 16262->16277 16265 7ff78ec7252b 16263->16265 16266 7ff78ec724bf 16263->16266 16269 7ff78ec6ffd8 38 API calls 16264->16269 16267 7ff78ec72d34 47 API calls 16265->16267 16266->16264 16271 7ff78ec72517 16266->16271 16272 7ff78ec724c7 16266->16272 16285 7ff78ec724a5 16267->16285 16268->16229 16269->16285 16270 7ff78ec72496 16273 7ff78ec731e0 47 API calls 16270->16273 16286 7ff78ec72534 16270->16286 16274 7ff78ec73368 37 API calls 16271->16274 16275 7ff78ec724cb 16272->16275 16276 7ff78ec724f7 16272->16276 16273->16285 16274->16285 16275->16264 16283 7ff78ec724b1 16275->16283 16275->16285 16279 7ff78ec6fc04 38 API calls 16276->16279 16277->16265 16277->16270 16281 7ff78ec7248a 16277->16281 16277->16283 16277->16285 16277->16286 16278 7ff78ec6a040 _wfindfirst32i64 8 API calls 16280 7ff78ec727c6 16278->16280 16279->16285 16280->16229 16281->16265 16281->16270 16281->16285 16282 7ff78ec703ac 38 API calls 16282->16285 16283->16282 16283->16286 16284 7ff78ec7def0 47 API calls 16284->16285 16285->16284 16285->16286 16286->16278 16417 7ff78ec6f1fc 16287->16417 16291 7ff78ec735e7 16290->16291 16434 7ff78ec7d034 16291->16434 16297 7ff78ec731f4 16296->16297 16298 7ff78ec73253 16296->16298 16297->16298 16299 7ff78ec7def0 47 API calls 16297->16299 16298->16256 16299->16298 16301 7ff78ec703d2 16300->16301 16302 7ff78ec703fc 16301->16302 16304 7ff78ec704b3 16301->16304 16306 7ff78ec70438 16302->16306 16345 7ff78ec6f068 16302->16345 16305 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16304->16305 16305->16306 16306->16256 16308 7ff78ec6fc2a 16307->16308 16309 7ff78ec6fc54 16308->16309 16311 7ff78ec6fd0b 16308->16311 16310 7ff78ec6f068 12 API calls 16309->16310 16313 7ff78ec6fc90 16309->16313 16310->16313 16312 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16311->16312 16312->16313 16313->16256 16317 7ff78ec73387 16314->16317 16315 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16316 7ff78ec733b8 16315->16316 16316->16256 16317->16315 16317->16316 16319 7ff78ec6fffe 16318->16319 16320 7ff78ec70028 16319->16320 16322 7ff78ec700df 16319->16322 16321 7ff78ec6f068 12 API calls 16320->16321 16324 7ff78ec70064 16320->16324 16321->16324 16323 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16322->16323 16323->16324 16324->16256 16326 7ff78ec72d56 16325->16326 16327 7ff78ec6f068 12 API calls 16326->16327 16328 7ff78ec72da0 16327->16328 16353 7ff78ec7dc08 16328->16353 16331 7ff78ec72e8c 16333 7ff78ec735d0 45 API calls 16331->16333 16334 7ff78ec72f15 16331->16334 16332 7ff78ec735d0 45 API calls 16332->16331 16333->16334 16334->16256 16336 7ff78ec7df18 16335->16336 16337 7ff78ec735d0 45 API calls 16336->16337 16338 7ff78ec7df5d 16336->16338 16342 7ff78ec7df1d memcpy_s 16336->16342 16344 7ff78ec7df46 memcpy_s 16336->16344 16337->16338 16340 7ff78ec7f4a4 WideCharToMultiByte 16338->16340 16338->16342 16338->16344 16339 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16339->16342 16341 7ff78ec7e039 16340->16341 16341->16342 16343 7ff78ec7e04e GetLastError 16341->16343 16342->16256 16343->16342 16343->16344 16344->16339 16344->16342 16346 7ff78ec6f09f 16345->16346 16352 7ff78ec6f08e 16345->16352 16347 7ff78ec7cfa0 _fread_nolock 12 API calls 16346->16347 16346->16352 16348 7ff78ec6f0cc 16347->16348 16349 7ff78ec6f0e0 16348->16349 16350 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16348->16350 16351 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16349->16351 16350->16349 16351->16352 16352->16306 16354 7ff78ec7dc58 16353->16354 16355 7ff78ec7dc25 16353->16355 16354->16355 16357 7ff78ec7dc8a 16354->16357 16356 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16355->16356 16365 7ff78ec72e6a 16356->16365 16358 7ff78ec7dd9d 16357->16358 16368 7ff78ec7dcd2 16357->16368 16359 7ff78ec7de8f 16358->16359 16361 7ff78ec7de55 16358->16361 16363 7ff78ec7de24 16358->16363 16364 7ff78ec7dde7 16358->16364 16367 7ff78ec7dddd 16358->16367 16408 7ff78ec7d0d8 16359->16408 16401 7ff78ec7d48c 16361->16401 16394 7ff78ec7d76c 16363->16394 16384 7ff78ec7d99c 16364->16384 16365->16331 16365->16332 16367->16361 16370 7ff78ec7dde2 16367->16370 16368->16365 16375 7ff78ec7965c 16368->16375 16370->16363 16370->16364 16373 7ff78ec7a270 _wfindfirst32i64 17 API calls 16374 7ff78ec7deec 16373->16374 16376 7ff78ec79669 16375->16376 16377 7ff78ec79673 16375->16377 16376->16377 16382 7ff78ec7968e 16376->16382 16378 7ff78ec75e08 memcpy_s 11 API calls 16377->16378 16379 7ff78ec7967a 16378->16379 16380 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 16379->16380 16381 7ff78ec79686 16380->16381 16381->16365 16381->16373 16382->16381 16383 7ff78ec75e08 memcpy_s 11 API calls 16382->16383 16383->16379 16385 7ff78ec831cc 38 API calls 16384->16385 16386 7ff78ec7d9e9 16385->16386 16387 7ff78ec82bb8 37 API calls 16386->16387 16388 7ff78ec7da44 16387->16388 16389 7ff78ec7da99 16388->16389 16391 7ff78ec7da64 16388->16391 16393 7ff78ec7da48 16388->16393 16390 7ff78ec7d588 45 API calls 16389->16390 16390->16393 16392 7ff78ec7d844 45 API calls 16391->16392 16392->16393 16393->16365 16395 7ff78ec831cc 38 API calls 16394->16395 16396 7ff78ec7d7b6 16395->16396 16397 7ff78ec82bb8 37 API calls 16396->16397 16398 7ff78ec7d806 16397->16398 16399 7ff78ec7d80a 16398->16399 16400 7ff78ec7d844 45 API calls 16398->16400 16399->16365 16400->16399 16402 7ff78ec831cc 38 API calls 16401->16402 16403 7ff78ec7d4d7 16402->16403 16404 7ff78ec82bb8 37 API calls 16403->16404 16405 7ff78ec7d52f 16404->16405 16406 7ff78ec7d533 16405->16406 16407 7ff78ec7d588 45 API calls 16405->16407 16406->16365 16407->16406 16409 7ff78ec7d11d 16408->16409 16410 7ff78ec7d150 16408->16410 16413 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16409->16413 16411 7ff78ec7d16b 16410->16411 16412 7ff78ec7d1ef 16410->16412 16414 7ff78ec7d48c 46 API calls 16411->16414 16415 7ff78ec735d0 45 API calls 16412->16415 16416 7ff78ec7d149 memcpy_s 16412->16416 16413->16416 16414->16416 16415->16416 16416->16365 16418 7ff78ec6f23c 16417->16418 16419 7ff78ec6f22a 16417->16419 16422 7ff78ec6f249 16418->16422 16425 7ff78ec6f286 16418->16425 16420 7ff78ec75e08 memcpy_s 11 API calls 16419->16420 16421 7ff78ec6f22f 16420->16421 16423 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 16421->16423 16424 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16422->16424 16433 7ff78ec6f23a 16423->16433 16424->16433 16426 7ff78ec75e08 memcpy_s 11 API calls 16425->16426 16427 7ff78ec6f332 16425->16427 16428 7ff78ec6f327 16426->16428 16429 7ff78ec75e08 memcpy_s 11 API calls 16427->16429 16427->16433 16430 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 16428->16430 16431 7ff78ec6f3df 16429->16431 16430->16427 16432 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 16431->16432 16432->16433 16433->16229 16435 7ff78ec7d04d 16434->16435 16436 7ff78ec7360f 16434->16436 16435->16436 16437 7ff78ec827b8 45 API calls 16435->16437 16438 7ff78ec7d0a0 16436->16438 16437->16436 16439 7ff78ec7d0b9 16438->16439 16440 7ff78ec7361f 16438->16440 16439->16440 16441 7ff78ec81b40 45 API calls 16439->16441 16440->16229 16441->16440 16443 7ff78ec73926 16442->16443 16444 7ff78ec7395e 16443->16444 16445 7ff78ec73991 16443->16445 16446 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16444->16446 16449 7ff78ec6f028 16445->16449 16448 7ff78ec73987 16446->16448 16448->16218 16456 7ff78ec7412c EnterCriticalSection 16449->16456 16464 7ff78ec7412c EnterCriticalSection 16457->16464 16466 7ff78ec61d00 86 API calls 16465->16466 16467 7ff78ec61c37 16466->16467 16470 7ff78ec74280 16467->16470 16471 7ff78ec742ab 16470->16471 16474 7ff78ec74144 16471->16474 16487 7ff78ec76ad0 EnterCriticalSection 16474->16487 16489 7ff78ec62cbc GetModuleFileNameW 16488->16489 16489->15849 16489->15850 16491 7ff78ec66e44 WideCharToMultiByte 16490->16491 16492 7ff78ec66eb2 WideCharToMultiByte 16490->16492 16495 7ff78ec66e6e 16491->16495 16496 7ff78ec66e85 16491->16496 16493 7ff78ec62d15 16492->16493 16494 7ff78ec66edf 16492->16494 16493->15854 16493->15855 16497 7ff78ec61cb0 86 API calls 16494->16497 16498 7ff78ec61cb0 86 API calls 16495->16498 16496->16492 16499 7ff78ec66e9b 16496->16499 16497->16493 16498->16493 16500 7ff78ec61cb0 86 API calls 16499->16500 16500->16493 16502 7ff78ec795d3 16501->16502 16505 7ff78ec65b2e 16501->16505 16503 7ff78ec7965c __std_exception_copy 37 API calls 16502->16503 16502->16505 16504 7ff78ec79600 16503->16504 16504->16505 16506 7ff78ec7a270 _wfindfirst32i64 17 API calls 16504->16506 16505->15874 16507 7ff78ec79630 16506->16507 16509 7ff78ec617d4 16508->16509 16510 7ff78ec617e4 16508->16510 16511 7ff78ec62dc0 120 API calls 16509->16511 16512 7ff78ec662c0 83 API calls 16510->16512 16541 7ff78ec61842 16510->16541 16511->16510 16513 7ff78ec61815 16512->16513 16513->16541 16542 7ff78ec6eb90 16513->16542 16515 7ff78ec6a040 _wfindfirst32i64 8 API calls 16517 7ff78ec619c0 16515->16517 16516 7ff78ec6182b 16518 7ff78ec6184c 16516->16518 16519 7ff78ec6182f 16516->16519 16517->15889 16517->15890 16546 7ff78ec6e878 16518->16546 16520 7ff78ec61c10 86 API calls 16519->16520 16520->16541 16523 7ff78ec61867 16525 7ff78ec61c10 86 API calls 16523->16525 16524 7ff78ec6eb90 73 API calls 16526 7ff78ec618d1 16524->16526 16525->16541 16527 7ff78ec618fe 16526->16527 16528 7ff78ec618e3 16526->16528 16530 7ff78ec6e878 _fread_nolock 53 API calls 16527->16530 16529 7ff78ec61c10 86 API calls 16528->16529 16529->16541 16531 7ff78ec61913 16530->16531 16531->16523 16532 7ff78ec61925 16531->16532 16549 7ff78ec6e5ec 16532->16549 16535 7ff78ec6193d 16536 7ff78ec61c50 86 API calls 16535->16536 16536->16541 16537 7ff78ec61993 16539 7ff78ec6e528 74 API calls 16537->16539 16537->16541 16538 7ff78ec61950 16538->16537 16540 7ff78ec61c50 86 API calls 16538->16540 16539->16541 16540->16537 16541->16515 16543 7ff78ec6ebc0 16542->16543 16555 7ff78ec6e940 16543->16555 16545 7ff78ec6ebd9 16545->16516 16567 7ff78ec6e898 16546->16567 16550 7ff78ec6e5f5 16549->16550 16551 7ff78ec61939 16549->16551 16552 7ff78ec75e08 memcpy_s 11 API calls 16550->16552 16551->16535 16551->16538 16553 7ff78ec6e5fa 16552->16553 16554 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 16553->16554 16554->16551 16556 7ff78ec6e9aa 16555->16556 16557 7ff78ec6e96a 16555->16557 16556->16557 16559 7ff78ec6e9af 16556->16559 16558 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16557->16558 16565 7ff78ec6e991 16558->16565 16566 7ff78ec7412c EnterCriticalSection 16559->16566 16565->16545 16568 7ff78ec61861 16567->16568 16569 7ff78ec6e8c2 16567->16569 16568->16523 16568->16524 16569->16568 16570 7ff78ec6e90e 16569->16570 16571 7ff78ec6e8d1 memcpy_s 16569->16571 16580 7ff78ec7412c EnterCriticalSection 16570->16580 16574 7ff78ec75e08 memcpy_s 11 API calls 16571->16574 16576 7ff78ec6e8e6 16574->16576 16578 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 16576->16578 16578->16568 16673 7ff78ec65840 16581->16673 16583 7ff78ec61454 16584 7ff78ec61459 16583->16584 16682 7ff78ec65b60 16583->16682 16584->15916 16587 7ff78ec614a7 16589 7ff78ec614e0 16587->16589 16592 7ff78ec62dc0 120 API calls 16587->16592 16588 7ff78ec61487 16590 7ff78ec61c10 86 API calls 16588->16590 16593 7ff78ec6eb90 73 API calls 16589->16593 16591 7ff78ec6149d 16590->16591 16591->15916 16594 7ff78ec614bf 16592->16594 16595 7ff78ec614f2 16593->16595 16594->16589 16596 7ff78ec614c7 16594->16596 16597 7ff78ec61516 16595->16597 16598 7ff78ec614f6 16595->16598 16599 7ff78ec61c50 86 API calls 16596->16599 16601 7ff78ec6151c 16597->16601 16602 7ff78ec61534 16597->16602 16600 7ff78ec61c10 86 API calls 16598->16600 16614 7ff78ec614d6 __vcrt_freefls 16599->16614 16600->16614 16702 7ff78ec61050 16601->16702 16604 7ff78ec61556 16602->16604 16610 7ff78ec61575 16602->16610 16606 7ff78ec61c10 86 API calls 16604->16606 16605 7ff78ec6e528 74 API calls 16605->16591 16606->16614 16607 7ff78ec6e528 74 API calls 16608 7ff78ec61624 16607->16608 16608->16605 16609 7ff78ec6e878 _fread_nolock 53 API calls 16609->16610 16610->16609 16611 7ff78ec615d5 16610->16611 16610->16614 16720 7ff78ec6ef84 16610->16720 16613 7ff78ec61c10 86 API calls 16611->16613 16613->16614 16614->16607 16614->16608 16616 7ff78ec61dd6 16615->16616 16617 7ff78ec61b30 49 API calls 16616->16617 16619 7ff78ec61e0b 16617->16619 16618 7ff78ec621f9 16619->16618 16620 7ff78ec62c30 49 API calls 16619->16620 16621 7ff78ec61e87 16620->16621 17272 7ff78ec62210 16621->17272 16624 7ff78ec61f17 16626 7ff78ec65840 127 API calls 16624->16626 16625 7ff78ec62210 75 API calls 16627 7ff78ec61f13 16625->16627 16628 7ff78ec61f1f 16626->16628 16627->16624 16629 7ff78ec61f85 16627->16629 16634 7ff78ec61f3c 16628->16634 17280 7ff78ec65720 16628->17280 16630 7ff78ec62210 75 API calls 16629->16630 16633 7ff78ec61fae 16630->16633 16632 7ff78ec61c50 86 API calls 16636 7ff78ec61f56 16632->16636 16635 7ff78ec62008 16633->16635 16637 7ff78ec62210 75 API calls 16633->16637 16634->16632 16634->16636 16635->16634 16638 7ff78ec65840 127 API calls 16635->16638 16639 7ff78ec6a040 _wfindfirst32i64 8 API calls 16636->16639 16640 7ff78ec61fdb 16637->16640 16644 7ff78ec62018 16638->16644 16641 7ff78ec61f7a 16639->16641 16640->16635 16642 7ff78ec62210 75 API calls 16640->16642 16641->15916 16642->16635 16643 7ff78ec61af0 86 API calls 16645 7ff78ec6206f 16643->16645 16644->16634 16644->16643 16646 7ff78ec62136 16644->16646 16645->16634 16647 7ff78ec61b30 49 API calls 16645->16647 16646->16634 16660 7ff78ec6214e 16646->16660 16657 7ff78ec61440 158 API calls 16657->16660 16658 7ff78ec61780 86 API calls 16658->16660 16660->16636 16660->16657 16660->16658 16670 7ff78ec617a1 16669->16670 16671 7ff78ec61795 16669->16671 16670->15916 16672 7ff78ec61c50 86 API calls 16671->16672 16672->16670 16674 7ff78ec65888 16673->16674 16675 7ff78ec65852 16673->16675 16674->16583 16724 7ff78ec616d0 16675->16724 16683 7ff78ec65b70 16682->16683 16684 7ff78ec61b30 49 API calls 16683->16684 16685 7ff78ec65ba1 16684->16685 16686 7ff78ec65d29 16685->16686 16687 7ff78ec61b30 49 API calls 16685->16687 16688 7ff78ec6a040 _wfindfirst32i64 8 API calls 16686->16688 16690 7ff78ec65bc8 16687->16690 16689 7ff78ec6147f 16688->16689 16689->16587 16689->16588 16690->16686 17235 7ff78ec74ef8 16690->17235 16692 7ff78ec65cd9 16693 7ff78ec66d10 88 API calls 16692->16693 16695 7ff78ec65cf1 16693->16695 16694 7ff78ec65d18 16697 7ff78ec62dc0 120 API calls 16694->16697 16695->16694 16696 7ff78ec61c50 86 API calls 16695->16696 16696->16694 16697->16686 16698 7ff78ec65bfd 16698->16686 16698->16692 16699 7ff78ec74ef8 49 API calls 16698->16699 16700 7ff78ec66d10 88 API calls 16698->16700 16701 7ff78ec669c0 58 API calls 16698->16701 16699->16698 16700->16698 16701->16698 16703 7ff78ec610a6 16702->16703 16704 7ff78ec610ad 16703->16704 16705 7ff78ec610d3 16703->16705 16706 7ff78ec61c50 86 API calls 16704->16706 16708 7ff78ec610ed 16705->16708 16709 7ff78ec61109 16705->16709 16707 7ff78ec610c0 16706->16707 16707->16614 16710 7ff78ec61c10 86 API calls 16708->16710 16711 7ff78ec6111b 16709->16711 16718 7ff78ec61137 memcpy_s 16709->16718 16714 7ff78ec61104 __vcrt_freefls 16710->16714 16712 7ff78ec61c10 86 API calls 16711->16712 16712->16714 16713 7ff78ec6e878 _fread_nolock 53 API calls 16713->16718 16714->16614 16715 7ff78ec611fe 16717 7ff78ec6ef84 76 API calls 16717->16718 16718->16713 16718->16714 16718->16715 16718->16717 16719 7ff78ec6e5ec 37 API calls 16718->16719 16719->16718 16721 7ff78ec6efb4 16720->16721 17257 7ff78ec6ece8 16721->17257 16723 7ff78ec6efd2 16723->16610 16727 7ff78ec616f5 16724->16727 16725 7ff78ec61738 16728 7ff78ec658a0 16725->16728 16726 7ff78ec61c50 86 API calls 16726->16725 16727->16725 16727->16726 16729 7ff78ec658b8 16728->16729 16730 7ff78ec6592b 16729->16730 16731 7ff78ec658d8 16729->16731 16732 7ff78ec65930 GetTempPathW GetCurrentProcessId 16730->16732 16733 7ff78ec65ab0 92 API calls 16731->16733 16767 7ff78ec66570 16732->16767 16735 7ff78ec658e4 16733->16735 16791 7ff78ec655a0 16735->16791 16742 7ff78ec6a040 _wfindfirst32i64 8 API calls 16743 7ff78ec6586d 16742->16743 16743->16674 16744 7ff78ec65a06 16747 7ff78ec66e20 88 API calls 16744->16747 16745 7ff78ec6595e __vcrt_freefls 16745->16744 16749 7ff78ec65991 16745->16749 16771 7ff78ec7782c 16745->16771 16774 7ff78ec669c0 16745->16774 16752 7ff78ec65a17 __vcrt_freefls 16747->16752 16751 7ff78ec66d10 88 API calls 16749->16751 16766 7ff78ec659ca __vcrt_freefls 16749->16766 16753 7ff78ec659a7 16751->16753 16752->16766 16766->16742 16768 7ff78ec66595 16767->16768 16825 7ff78ec73c74 16768->16825 16993 7ff78ec7744c 16771->16993 16775 7ff78ec6a070 16774->16775 16776 7ff78ec669d0 GetCurrentProcess OpenProcessToken 16775->16776 16777 7ff78ec66a1b GetTokenInformation 16776->16777 16778 7ff78ec66a91 __vcrt_freefls 16776->16778 16792 7ff78ec655ac 16791->16792 16793 7ff78ec66d10 88 API calls 16792->16793 16794 7ff78ec655ce 16793->16794 16795 7ff78ec655e9 ExpandEnvironmentStringsW 16794->16795 16796 7ff78ec655d6 16794->16796 16798 7ff78ec6560f __vcrt_freefls 16795->16798 16797 7ff78ec61c50 86 API calls 16796->16797 16804 7ff78ec655e2 16797->16804 16799 7ff78ec65613 16798->16799 16800 7ff78ec65626 16798->16800 16802 7ff78ec61c50 86 API calls 16799->16802 16805 7ff78ec65634 16800->16805 16806 7ff78ec65640 16800->16806 16801 7ff78ec6a040 _wfindfirst32i64 8 API calls 16803 7ff78ec65708 16801->16803 16802->16804 16803->16766 16815 7ff78ec76598 16803->16815 16804->16801 17128 7ff78ec75e28 16805->17128 17135 7ff78ec75158 16806->17135 16809 7ff78ec6563e 16810 7ff78ec6565a 16809->16810 16813 7ff78ec6566d memcpy_s 16809->16813 16816 7ff78ec765b8 16815->16816 16817 7ff78ec765a5 16815->16817 17227 7ff78ec7621c 16816->17227 16818 7ff78ec75e08 memcpy_s 11 API calls 16817->16818 16826 7ff78ec73cce 16825->16826 16827 7ff78ec73cf3 16826->16827 16829 7ff78ec73d2f 16826->16829 16828 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16827->16828 16831 7ff78ec73d1d 16828->16831 16843 7ff78ec7186c 16829->16843 16832 7ff78ec6a040 _wfindfirst32i64 8 API calls 16831->16832 16834 7ff78ec665b4 16832->16834 16833 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16833->16831 16834->16745 16836 7ff78ec73de5 16841 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16836->16841 16837 7ff78ec73e10 16837->16833 16838 7ff78ec73ddc 16838->16836 16838->16837 16839 7ff78ec73e36 16839->16837 16840 7ff78ec73e40 16839->16840 16842 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16840->16842 16841->16831 16842->16831 16844 7ff78ec718aa 16843->16844 16845 7ff78ec7189a 16843->16845 16846 7ff78ec718b0 16844->16846 16851 7ff78ec718e0 16844->16851 16847 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16845->16847 16848 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16846->16848 16849 7ff78ec718d8 16847->16849 16848->16849 16849->16836 16849->16837 16849->16838 16849->16839 16851->16845 16851->16849 16854 7ff78ec727e4 16851->16854 16885 7ff78ec71e38 16851->16885 16920 7ff78ec710cc 16851->16920 16855 7ff78ec7289a 16854->16855 16856 7ff78ec72828 16854->16856 16858 7ff78ec72918 16855->16858 16859 7ff78ec728a0 16855->16859 16857 7ff78ec7290b 16856->16857 16869 7ff78ec7282e 16856->16869 16947 7ff78ec701c0 16857->16947 16954 7ff78ec72f80 16858->16954 16859->16857 16862 7ff78ec728ac 16859->16862 16863 7ff78ec72904 16859->16863 16861 7ff78ec7286d 16883 7ff78ec72923 16861->16883 16923 7ff78ec732a4 16861->16923 16866 7ff78ec728e4 16862->16866 16867 7ff78ec728b2 16862->16867 16865 7ff78ec73368 37 API calls 16863->16865 16872 7ff78ec728cd 16867->16872 16878 7ff78ec7288d 16867->16878 16869->16858 16869->16861 16869->16872 16873 7ff78ec72858 16869->16873 16869->16883 16870 7ff78ec6a040 _wfindfirst32i64 8 API calls 16936 7ff78ec734b4 16872->16936 16877 7ff78ec7285d 16873->16877 16873->16878 16877->16858 16877->16861 16878->16883 16883->16870 16886 7ff78ec71e5c 16885->16886 16887 7ff78ec71e46 16885->16887 16890 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16886->16890 16895 7ff78ec71e9c 16886->16895 16888 7ff78ec7289a 16887->16888 16889 7ff78ec72828 16887->16889 16887->16895 16892 7ff78ec72918 16888->16892 16893 7ff78ec728a0 16888->16893 16891 7ff78ec7290b 16889->16891 16904 7ff78ec7282e 16889->16904 16890->16895 16899 7ff78ec701c0 38 API calls 16891->16899 16894 7ff78ec72f80 47 API calls 16892->16894 16893->16891 16897 7ff78ec728ac 16893->16897 16898 7ff78ec72904 16893->16898 16915 7ff78ec7287e 16894->16915 16895->16851 16896 7ff78ec7286d 16903 7ff78ec732a4 46 API calls 16896->16903 16918 7ff78ec72923 16896->16918 16901 7ff78ec728e4 16897->16901 16902 7ff78ec728b2 16897->16902 16900 7ff78ec73368 37 API calls 16898->16900 16899->16915 16900->16915 16905 7ff78ec728cd 16902->16905 16910 7ff78ec7288d 16902->16910 16903->16915 16904->16892 16904->16896 16904->16905 16909 7ff78ec72858 16904->16909 16904->16918 16911 7ff78ec734b4 45 API calls 16905->16911 16909->16910 16913 7ff78ec7285d 16909->16913 16910->16918 16911->16915 16913->16892 16913->16896 16913->16915 16915->16918 16976 7ff78ec6f4ac 16920->16976 16948 7ff78ec701e6 16947->16948 16955 7ff78ec72fa6 16954->16955 16977 7ff78ec6f4f3 16976->16977 16978 7ff78ec6f4e1 16976->16978 16981 7ff78ec6f501 16977->16981 16984 7ff78ec6f53d 16977->16984 16979 7ff78ec75e08 memcpy_s 11 API calls 16978->16979 16980 7ff78ec6f4e6 16979->16980 16983 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 16981->16983 16985 7ff78ec6f89d 16984->16985 16987 7ff78ec75e08 memcpy_s 11 API calls 16984->16987 17034 7ff78ec80a48 16993->17034 17093 7ff78ec807c0 17034->17093 17129 7ff78ec75e79 17128->17129 17130 7ff78ec75e46 17128->17130 17129->16809 17130->17129 17131 7ff78ec7fce4 _wfindfirst32i64 37 API calls 17130->17131 17132 7ff78ec75e75 17131->17132 17132->17129 17136 7ff78ec75174 17135->17136 17137 7ff78ec751e2 17135->17137 17136->17137 17139 7ff78ec75179 17136->17139 17172 7ff78ec7f47c 17137->17172 17140 7ff78ec751ae 17139->17140 17141 7ff78ec75191 17139->17141 17175 7ff78ec7f280 17172->17175 17236 7ff78ec7aab0 __CxxCallCatchBlock 45 API calls 17235->17236 17238 7ff78ec74f0d 17236->17238 17237 7ff78ec7f279 17244 7ff78ec6a454 17237->17244 17238->17237 17241 7ff78ec7f192 17238->17241 17242 7ff78ec6a040 _wfindfirst32i64 8 API calls 17241->17242 17243 7ff78ec7f271 17242->17243 17243->16698 17247 7ff78ec6a468 IsProcessorFeaturePresent 17244->17247 17248 7ff78ec6a47f 17247->17248 17253 7ff78ec6a504 RtlCaptureContext RtlLookupFunctionEntry 17248->17253 17254 7ff78ec6a493 17253->17254 17255 7ff78ec6a534 RtlVirtualUnwind 17253->17255 17256 7ff78ec6a344 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17254->17256 17255->17254 17258 7ff78ec6ed08 17257->17258 17263 7ff78ec6ed35 17257->17263 17259 7ff78ec6ed3d 17258->17259 17260 7ff78ec6ed12 17258->17260 17258->17263 17263->16723 17273 7ff78ec62244 17272->17273 17274 7ff78ec73a20 49 API calls 17273->17274 17275 7ff78ec6226a 17274->17275 17276 7ff78ec6227b 17275->17276 17304 7ff78ec74c14 17275->17304 17278 7ff78ec6a040 _wfindfirst32i64 8 API calls 17276->17278 17279 7ff78ec61ec6 17278->17279 17279->16624 17279->16625 17281 7ff78ec6572e 17280->17281 17282 7ff78ec62dc0 120 API calls 17281->17282 17283 7ff78ec65755 17282->17283 17284 7ff78ec65b60 134 API calls 17283->17284 17285 7ff78ec65763 17284->17285 17286 7ff78ec65813 17285->17286 17288 7ff78ec6577d 17285->17288 17287 7ff78ec6580f 17286->17287 17289 7ff78ec6e528 74 API calls 17286->17289 17459 7ff78ec6e5c0 17288->17459 17289->17287 17305 7ff78ec74c3d 17304->17305 17306 7ff78ec74c31 17304->17306 17308 7ff78ec74824 45 API calls 17305->17308 17321 7ff78ec74488 17306->17321 17309 7ff78ec74c65 17308->17309 17310 7ff78ec74c75 17309->17310 17346 7ff78ec7e4d8 17309->17346 17349 7ff78ec7430c 17310->17349 17314 7ff78ec74ce5 17317 7ff78ec74488 69 API calls 17314->17317 17315 7ff78ec74cd1 17316 7ff78ec74c36 17315->17316 17319 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17315->17319 17316->17276 17318 7ff78ec74cf1 17317->17318 17318->17316 17320 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17318->17320 17319->17316 17320->17316 17322 7ff78ec744a2 17321->17322 17323 7ff78ec744bf 17321->17323 17324 7ff78ec75de8 _fread_nolock 11 API calls 17322->17324 17323->17322 17325 7ff78ec744d2 CreateFileW 17323->17325 17326 7ff78ec744a7 17324->17326 17327 7ff78ec7453c 17325->17327 17328 7ff78ec74506 17325->17328 17331 7ff78ec75e08 memcpy_s 11 API calls 17326->17331 17397 7ff78ec74b04 17327->17397 17371 7ff78ec745dc GetFileType 17328->17371 17334 7ff78ec744af 17331->17334 17339 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 17334->17339 17335 7ff78ec7451b CloseHandle 17340 7ff78ec744ba 17335->17340 17336 7ff78ec74531 CloseHandle 17336->17340 17337 7ff78ec74545 17341 7ff78ec75d7c _fread_nolock 11 API calls 17337->17341 17338 7ff78ec74570 17418 7ff78ec748c0 17338->17418 17339->17340 17340->17316 17347 7ff78ec7e2c0 __crtLCMapStringW 5 API calls 17346->17347 17348 7ff78ec7e4f8 17347->17348 17348->17310 17350 7ff78ec7435a 17349->17350 17351 7ff78ec74336 17349->17351 17352 7ff78ec743b4 17350->17352 17353 7ff78ec7435f 17350->17353 17354 7ff78ec74345 17351->17354 17356 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17351->17356 17355 7ff78ec7ec04 _fread_nolock MultiByteToWideChar 17352->17355 17353->17354 17357 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17353->17357 17362 7ff78ec74374 17353->17362 17354->17314 17354->17315 17359 7ff78ec743d0 17355->17359 17356->17354 17357->17362 17358 7ff78ec7cfa0 _fread_nolock 12 API calls 17358->17354 17360 7ff78ec743d7 GetLastError 17359->17360 17361 7ff78ec74412 17359->17361 17364 7ff78ec74405 17359->17364 17367 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17359->17367 17363 7ff78ec75d7c _fread_nolock 11 API calls 17360->17363 17361->17354 17365 7ff78ec7ec04 _fread_nolock MultiByteToWideChar 17361->17365 17362->17358 17366 7ff78ec743e4 17363->17366 17368 7ff78ec7cfa0 _fread_nolock 12 API calls 17364->17368 17369 7ff78ec74456 17365->17369 17367->17364 17368->17361 17369->17354 17369->17360 17372 7ff78ec7462a 17371->17372 17373 7ff78ec746e7 17371->17373 17374 7ff78ec74656 GetFileInformationByHandle 17372->17374 17378 7ff78ec749fc 21 API calls 17372->17378 17375 7ff78ec74711 17373->17375 17376 7ff78ec746ef 17373->17376 17379 7ff78ec74702 GetLastError 17374->17379 17380 7ff78ec7467f 17374->17380 17377 7ff78ec74734 PeekNamedPipe 17375->17377 17386 7ff78ec746d2 17375->17386 17376->17379 17381 7ff78ec746f3 17376->17381 17377->17386 17383 7ff78ec74644 17378->17383 17382 7ff78ec75d7c _fread_nolock 11 API calls 17379->17382 17384 7ff78ec748c0 51 API calls 17380->17384 17385 7ff78ec75e08 memcpy_s 11 API calls 17381->17385 17382->17386 17383->17374 17383->17386 17388 7ff78ec7468a 17384->17388 17385->17386 17387 7ff78ec6a040 _wfindfirst32i64 8 API calls 17386->17387 17389 7ff78ec74514 17387->17389 17435 7ff78ec74784 17388->17435 17389->17335 17389->17336 17398 7ff78ec74b3a 17397->17398 17399 7ff78ec75e08 memcpy_s 11 API calls 17398->17399 17417 7ff78ec74bd2 __vcrt_freefls 17398->17417 17401 7ff78ec74b4c 17399->17401 17400 7ff78ec6a040 _wfindfirst32i64 8 API calls 17403 7ff78ec74541 17400->17403 17402 7ff78ec75e08 memcpy_s 11 API calls 17401->17402 17404 7ff78ec74b54 17402->17404 17403->17337 17403->17338 17405 7ff78ec75158 45 API calls 17404->17405 17417->17400 17420 7ff78ec748e8 17418->17420 17486 7ff78ec77270 17485->17486 17496 7ff78ec77322 memcpy_s 17485->17496 17487 7ff78ec77332 17486->17487 17489 7ff78ec77287 17486->17489 17491 7ff78ec7ac28 memcpy_s 11 API calls 17487->17491 17487->17496 17488 7ff78ec75e08 memcpy_s 11 API calls 17501 7ff78ec660e0 17488->17501 17520 7ff78ec7fb48 EnterCriticalSection 17489->17520 17493 7ff78ec7734e 17491->17493 17493->17496 17498 7ff78ec7cfa0 _fread_nolock 12 API calls 17493->17498 17496->17488 17496->17501 17498->17496 17501->15932 17562 7ff78ec7520c 17559->17562 17560 7ff78ec75232 17561 7ff78ec75e08 memcpy_s 11 API calls 17560->17561 17563 7ff78ec75237 17561->17563 17562->17560 17564 7ff78ec75265 17562->17564 17567 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 17563->17567 17565 7ff78ec7526b 17564->17565 17566 7ff78ec75278 17564->17566 17568 7ff78ec75e08 memcpy_s 11 API calls 17565->17568 17578 7ff78ec7a598 17566->17578 17570 7ff78ec62e19 17567->17570 17568->17570 17570->15995 17591 7ff78ec7fb48 EnterCriticalSection 17578->17591 17939 7ff78ec77e14 17938->17939 17942 7ff78ec778f8 17939->17942 17941 7ff78ec77e2d 17941->16005 17943 7ff78ec77913 17942->17943 17944 7ff78ec77942 17942->17944 17945 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 17943->17945 17952 7ff78ec7412c EnterCriticalSection 17944->17952 17947 7ff78ec77933 17945->17947 17947->17941 17954 7ff78ec6e323 17953->17954 17955 7ff78ec6e351 17953->17955 17956 7ff78ec7a180 _invalid_parameter_noinfo 37 API calls 17954->17956 17958 7ff78ec6e343 17955->17958 17963 7ff78ec7412c EnterCriticalSection 17955->17963 17956->17958 17958->16009 17965 7ff78ec612f8 17964->17965 17966 7ff78ec612c6 17964->17966 17968 7ff78ec6eb90 73 API calls 17965->17968 17967 7ff78ec62dc0 120 API calls 17966->17967 17969 7ff78ec612d6 17967->17969 17970 7ff78ec6130a 17968->17970 17969->17965 17973 7ff78ec612de 17969->17973 17971 7ff78ec6130e 17970->17971 17972 7ff78ec6132f 17970->17972 17974 7ff78ec61c10 86 API calls 17971->17974 17978 7ff78ec61364 17972->17978 17979 7ff78ec61344 17972->17979 17975 7ff78ec61c50 86 API calls 17973->17975 17976 7ff78ec61325 17974->17976 17977 7ff78ec612ee 17975->17977 17976->16020 17977->16020 17981 7ff78ec6137e 17978->17981 17982 7ff78ec61395 17978->17982 17980 7ff78ec61c10 86 API calls 17979->17980 17988 7ff78ec6135f __vcrt_freefls 17980->17988 17983 7ff78ec61050 94 API calls 17981->17983 17984 7ff78ec6e878 _fread_nolock 53 API calls 17982->17984 17987 7ff78ec613de 17982->17987 17982->17988 17983->17988 17984->17982 17985 7ff78ec61421 17985->16020 17986 7ff78ec6e528 74 API calls 17986->17985 17989 7ff78ec61c10 86 API calls 17987->17989 17988->17985 17988->17986 17989->17988 17991 7ff78ec61b30 49 API calls 17990->17991 17992 7ff78ec62e70 17991->17992 17992->16022 17994 7ff78ec616aa 17993->17994 17995 7ff78ec61666 17993->17995 17994->16025 17995->17994 17996 7ff78ec61c50 86 API calls 17995->17996 17997 7ff78ec616be 17996->17997 17997->16025 17999 7ff78ec66d10 88 API calls 17998->17999 18000 7ff78ec66287 LoadLibraryExW 17999->18000 18001 7ff78ec662a4 __vcrt_freefls 18000->18001 18001->16046 18003 7ff78ec63ab0 18002->18003 18004 7ff78ec61b30 49 API calls 18003->18004 18005 7ff78ec63ae2 18004->18005 18006 7ff78ec63b0b 18005->18006 18007 7ff78ec63aeb 18005->18007 18009 7ff78ec63b62 18006->18009 18011 7ff78ec62e40 49 API calls 18006->18011 18008 7ff78ec61c50 86 API calls 18007->18008 18029 7ff78ec63b01 18008->18029 18010 7ff78ec62e40 49 API calls 18009->18010 18012 7ff78ec63b7b 18010->18012 18013 7ff78ec63b2c 18011->18013 18014 7ff78ec63b99 18012->18014 18018 7ff78ec61c50 86 API calls 18012->18018 18015 7ff78ec63b4a 18013->18015 18020 7ff78ec61c50 86 API calls 18013->18020 18019 7ff78ec66270 89 API calls 18014->18019 18073 7ff78ec62d50 18015->18073 18016 7ff78ec6a040 _wfindfirst32i64 8 API calls 18017 7ff78ec622be 18016->18017 18017->16125 18030 7ff78ec63e20 18017->18030 18018->18014 18022 7ff78ec63ba6 18019->18022 18020->18015 18024 7ff78ec63bab 18022->18024 18025 7ff78ec63bcd 18022->18025 18027 7ff78ec61cb0 86 API calls 18024->18027 18079 7ff78ec62f00 GetProcAddress 18025->18079 18026 7ff78ec66270 89 API calls 18026->18009 18027->18029 18029->18016 18031 7ff78ec65ab0 92 API calls 18030->18031 18034 7ff78ec63e35 18031->18034 18032 7ff78ec63e50 18033 7ff78ec66d10 88 API calls 18032->18033 18035 7ff78ec63e94 18033->18035 18034->18032 18036 7ff78ec61c50 86 API calls 18034->18036 18037 7ff78ec63e99 18035->18037 18038 7ff78ec63eb0 18035->18038 18036->18032 18039 7ff78ec61c50 86 API calls 18037->18039 18041 7ff78ec66d10 88 API calls 18038->18041 18040 7ff78ec63ea5 18039->18040 18040->16127 18042 7ff78ec63ee5 18041->18042 18045 7ff78ec61b30 49 API calls 18042->18045 18056 7ff78ec63eea __vcrt_freefls 18042->18056 18043 7ff78ec61c50 86 API calls 18044 7ff78ec64091 18043->18044 18044->16127 18046 7ff78ec63f67 18045->18046 18047 7ff78ec63f6e 18046->18047 18048 7ff78ec63f93 18046->18048 18049 7ff78ec61c50 86 API calls 18047->18049 18050 7ff78ec66d10 88 API calls 18048->18050 18051 7ff78ec63f83 18049->18051 18052 7ff78ec63fac 18050->18052 18051->16127 18052->18056 18186 7ff78ec63c00 18052->18186 18056->18043 18057 7ff78ec6407a 18056->18057 18057->16127 18059 7ff78ec63837 18058->18059 18059->18059 18060 7ff78ec63860 18059->18060 18067 7ff78ec63877 __vcrt_freefls 18059->18067 18061 7ff78ec61c50 86 API calls 18060->18061 18062 7ff78ec6386c 18061->18062 18062->16129 18063 7ff78ec6395f 18063->16129 18064 7ff78ec612b0 120 API calls 18064->18067 18065 7ff78ec61780 86 API calls 18065->18067 18066 7ff78ec61c50 86 API calls 18066->18067 18067->18063 18067->18064 18067->18065 18067->18066 18074 7ff78ec62d5a 18073->18074 18075 7ff78ec66d10 88 API calls 18074->18075 18076 7ff78ec62d82 18075->18076 18077 7ff78ec6a040 _wfindfirst32i64 8 API calls 18076->18077 18078 7ff78ec62daa 18077->18078 18078->18009 18078->18026 18080 7ff78ec62f4b GetProcAddress 18079->18080 18081 7ff78ec62f28 18079->18081 18080->18081 18082 7ff78ec62f70 GetProcAddress 18080->18082 18084 7ff78ec61cb0 86 API calls 18081->18084 18082->18081 18083 7ff78ec62f95 GetProcAddress 18082->18083 18083->18081 18086 7ff78ec62fbd GetProcAddress 18083->18086 18085 7ff78ec62f3b 18084->18085 18085->18029 18086->18081 18087 7ff78ec62fe5 GetProcAddress 18086->18087 18087->18081 18088 7ff78ec6300d GetProcAddress 18087->18088 18089 7ff78ec63029 18088->18089 18090 7ff78ec63035 GetProcAddress 18088->18090 18089->18090 18091 7ff78ec6305d GetProcAddress 18090->18091 18092 7ff78ec63051 18090->18092 18093 7ff78ec63079 18091->18093 18092->18091 18094 7ff78ec6308d GetProcAddress 18093->18094 18095 7ff78ec630b5 GetProcAddress 18093->18095 18094->18095 19359 7ff78ec7a930 19360 7ff78ec7a935 19359->19360 19361 7ff78ec7a94a 19359->19361 19365 7ff78ec7a950 19360->19365 19366 7ff78ec7a99a 19365->19366 19367 7ff78ec7a992 19365->19367 19369 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19366->19369 19368 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19367->19368 19368->19366 19370 7ff78ec7a9a7 19369->19370 19371 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19370->19371 19372 7ff78ec7a9b4 19371->19372 19373 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19372->19373 19374 7ff78ec7a9c1 19373->19374 19375 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19374->19375 19376 7ff78ec7a9ce 19375->19376 19377 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19376->19377 19378 7ff78ec7a9db 19377->19378 19379 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19378->19379 19380 7ff78ec7a9e8 19379->19380 19381 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19380->19381 19382 7ff78ec7a9f5 19381->19382 19383 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19382->19383 19384 7ff78ec7aa05 19383->19384 19385 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19384->19385 19386 7ff78ec7aa15 19385->19386 19391 7ff78ec7a800 19386->19391 19405 7ff78ec7fb48 EnterCriticalSection 19391->19405 18819 7ff78ec68c30 18820 7ff78ec68c53 18819->18820 18821 7ff78ec68c6f memcpy_s 18819->18821 18822 7ff78ec7cfa0 12 API calls 18820->18822 18822->18821 18973 7ff78ec80ba0 18984 7ff78ec86700 18973->18984 18985 7ff78ec8670d 18984->18985 18986 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18985->18986 18987 7ff78ec86729 18985->18987 18986->18985 18988 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18987->18988 18989 7ff78ec80ba9 18987->18989 18988->18987 18990 7ff78ec7fb48 EnterCriticalSection 18989->18990 18995 7ff78ec76ea0 19000 7ff78ec7fb48 EnterCriticalSection 18995->19000 18298 7ff78ec7fdc8 18299 7ff78ec7fdec 18298->18299 18302 7ff78ec7fdfc 18298->18302 18300 7ff78ec75e08 memcpy_s 11 API calls 18299->18300 18323 7ff78ec7fdf1 18300->18323 18301 7ff78ec800dc 18304 7ff78ec75e08 memcpy_s 11 API calls 18301->18304 18302->18301 18303 7ff78ec7fe1e 18302->18303 18305 7ff78ec7fe3f 18303->18305 18444 7ff78ec80484 18303->18444 18306 7ff78ec800e1 18304->18306 18309 7ff78ec7feb1 18305->18309 18310 7ff78ec7fe65 18305->18310 18315 7ff78ec7fea5 18305->18315 18308 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18306->18308 18308->18323 18312 7ff78ec7e248 memcpy_s 11 API calls 18309->18312 18327 7ff78ec7fe74 18309->18327 18459 7ff78ec789c0 18310->18459 18311 7ff78ec7ff5e 18322 7ff78ec7ff7b 18311->18322 18328 7ff78ec7ffcd 18311->18328 18316 7ff78ec7fec7 18312->18316 18315->18311 18315->18327 18465 7ff78ec86448 18315->18465 18319 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18316->18319 18318 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18318->18323 18324 7ff78ec7fed5 18319->18324 18320 7ff78ec7fe8d 18320->18315 18330 7ff78ec80484 45 API calls 18320->18330 18321 7ff78ec7fe6f 18325 7ff78ec75e08 memcpy_s 11 API calls 18321->18325 18326 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18322->18326 18324->18315 18324->18327 18332 7ff78ec7e248 memcpy_s 11 API calls 18324->18332 18325->18327 18329 7ff78ec7ff84 18326->18329 18327->18318 18328->18327 18331 7ff78ec82890 40 API calls 18328->18331 18337 7ff78ec7ff89 18329->18337 18501 7ff78ec82890 18329->18501 18330->18315 18333 7ff78ec8000a 18331->18333 18334 7ff78ec7fef7 18332->18334 18335 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18333->18335 18340 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18334->18340 18341 7ff78ec80014 18335->18341 18338 7ff78ec800d0 18337->18338 18344 7ff78ec7e248 memcpy_s 11 API calls 18337->18344 18343 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18338->18343 18339 7ff78ec7ffb5 18342 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18339->18342 18340->18315 18341->18327 18341->18337 18342->18337 18343->18323 18345 7ff78ec80058 18344->18345 18346 7ff78ec80069 18345->18346 18347 7ff78ec80060 18345->18347 18349 7ff78ec7965c __std_exception_copy 37 API calls 18346->18349 18348 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18347->18348 18350 7ff78ec80067 18348->18350 18351 7ff78ec80078 18349->18351 18355 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18350->18355 18352 7ff78ec8010b 18351->18352 18353 7ff78ec80080 18351->18353 18354 7ff78ec7a270 _wfindfirst32i64 17 API calls 18352->18354 18510 7ff78ec86560 18353->18510 18357 7ff78ec8011f 18354->18357 18355->18323 18359 7ff78ec80148 18357->18359 18369 7ff78ec80158 18357->18369 18362 7ff78ec75e08 memcpy_s 11 API calls 18359->18362 18360 7ff78ec800c8 18363 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18360->18363 18361 7ff78ec800a7 18364 7ff78ec75e08 memcpy_s 11 API calls 18361->18364 18366 7ff78ec8014d 18362->18366 18363->18338 18365 7ff78ec800ac 18364->18365 18367 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18365->18367 18367->18350 18368 7ff78ec8043a 18371 7ff78ec75e08 memcpy_s 11 API calls 18368->18371 18369->18368 18370 7ff78ec8017a 18369->18370 18372 7ff78ec80197 18370->18372 18429 7ff78ec8056c 18370->18429 18373 7ff78ec8043f 18371->18373 18376 7ff78ec8020b 18372->18376 18377 7ff78ec801ff 18372->18377 18379 7ff78ec801bf 18372->18379 18375 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18373->18375 18375->18366 18382 7ff78ec7e248 memcpy_s 11 API calls 18376->18382 18393 7ff78ec801ce 18376->18393 18397 7ff78ec80233 18376->18397 18378 7ff78ec802be 18377->18378 18377->18393 18535 7ff78ec86308 18377->18535 18389 7ff78ec802db 18378->18389 18392 7ff78ec8032e 18378->18392 18529 7ff78ec789fc 18379->18529 18386 7ff78ec80225 18382->18386 18384 7ff78ec7e248 memcpy_s 11 API calls 18388 7ff78ec80255 18384->18388 18385 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18385->18366 18390 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18386->18390 18387 7ff78ec801c9 18391 7ff78ec75e08 memcpy_s 11 API calls 18387->18391 18394 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18388->18394 18395 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18389->18395 18390->18397 18391->18393 18392->18393 18400 7ff78ec82890 40 API calls 18392->18400 18393->18385 18394->18377 18398 7ff78ec802e4 18395->18398 18396 7ff78ec801e7 18396->18377 18399 7ff78ec8056c 45 API calls 18396->18399 18397->18377 18397->18384 18397->18393 18402 7ff78ec82890 40 API calls 18398->18402 18406 7ff78ec802ea 18398->18406 18399->18377 18401 7ff78ec8036c 18400->18401 18403 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18401->18403 18404 7ff78ec80316 18402->18404 18407 7ff78ec80376 18403->18407 18408 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18404->18408 18405 7ff78ec8042e 18409 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18405->18409 18406->18405 18410 7ff78ec7e248 memcpy_s 11 API calls 18406->18410 18407->18393 18407->18406 18408->18406 18409->18366 18411 7ff78ec803bb 18410->18411 18412 7ff78ec803cc 18411->18412 18413 7ff78ec803c3 18411->18413 18415 7ff78ec7fce4 _wfindfirst32i64 37 API calls 18412->18415 18414 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18413->18414 18416 7ff78ec803ca 18414->18416 18417 7ff78ec803da 18415->18417 18421 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18416->18421 18418 7ff78ec8046e 18417->18418 18419 7ff78ec803e2 SetEnvironmentVariableW 18417->18419 18420 7ff78ec7a270 _wfindfirst32i64 17 API calls 18418->18420 18422 7ff78ec80426 18419->18422 18423 7ff78ec80405 18419->18423 18424 7ff78ec80482 18420->18424 18421->18366 18425 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18422->18425 18426 7ff78ec75e08 memcpy_s 11 API calls 18423->18426 18425->18405 18427 7ff78ec8040a 18426->18427 18428 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18427->18428 18428->18416 18430 7ff78ec805ac 18429->18430 18436 7ff78ec8058f 18429->18436 18431 7ff78ec7e248 memcpy_s 11 API calls 18430->18431 18439 7ff78ec805d0 18431->18439 18432 7ff78ec80631 18434 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18432->18434 18433 7ff78ec796bc __CxxCallCatchBlock 45 API calls 18435 7ff78ec8065a 18433->18435 18434->18436 18436->18372 18437 7ff78ec7e248 memcpy_s 11 API calls 18437->18439 18438 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18438->18439 18439->18432 18439->18437 18439->18438 18440 7ff78ec7fce4 _wfindfirst32i64 37 API calls 18439->18440 18441 7ff78ec80640 18439->18441 18443 7ff78ec80654 18439->18443 18440->18439 18442 7ff78ec7a270 _wfindfirst32i64 17 API calls 18441->18442 18442->18443 18443->18433 18445 7ff78ec804b9 18444->18445 18446 7ff78ec804a1 18444->18446 18447 7ff78ec7e248 memcpy_s 11 API calls 18445->18447 18446->18305 18453 7ff78ec804dd 18447->18453 18448 7ff78ec796bc __CxxCallCatchBlock 45 API calls 18450 7ff78ec80568 18448->18450 18449 7ff78ec8053e 18451 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18449->18451 18451->18446 18452 7ff78ec7e248 memcpy_s 11 API calls 18452->18453 18453->18449 18453->18452 18454 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18453->18454 18455 7ff78ec7965c __std_exception_copy 37 API calls 18453->18455 18456 7ff78ec8054d 18453->18456 18458 7ff78ec80562 18453->18458 18454->18453 18455->18453 18457 7ff78ec7a270 _wfindfirst32i64 17 API calls 18456->18457 18457->18458 18458->18448 18460 7ff78ec789d9 18459->18460 18461 7ff78ec789d0 18459->18461 18460->18320 18460->18321 18461->18460 18559 7ff78ec78498 18461->18559 18466 7ff78ec855fc 18465->18466 18467 7ff78ec86455 18465->18467 18468 7ff78ec85609 18466->18468 18473 7ff78ec8563f 18466->18473 18469 7ff78ec74824 45 API calls 18467->18469 18472 7ff78ec75e08 memcpy_s 11 API calls 18468->18472 18474 7ff78ec855b0 18468->18474 18470 7ff78ec86489 18469->18470 18478 7ff78ec8649f 18470->18478 18482 7ff78ec864b6 18470->18482 18493 7ff78ec8648e 18470->18493 18471 7ff78ec85669 18475 7ff78ec75e08 memcpy_s 11 API calls 18471->18475 18476 7ff78ec85613 18472->18476 18473->18471 18477 7ff78ec8568e 18473->18477 18474->18315 18479 7ff78ec8566e 18475->18479 18480 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18476->18480 18487 7ff78ec74824 45 API calls 18477->18487 18499 7ff78ec85679 18477->18499 18483 7ff78ec75e08 memcpy_s 11 API calls 18478->18483 18484 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18479->18484 18481 7ff78ec8561e 18480->18481 18481->18315 18485 7ff78ec864d2 18482->18485 18486 7ff78ec864c0 18482->18486 18488 7ff78ec864a4 18483->18488 18484->18499 18491 7ff78ec864fa 18485->18491 18492 7ff78ec864e3 18485->18492 18490 7ff78ec75e08 memcpy_s 11 API calls 18486->18490 18487->18499 18489 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18488->18489 18489->18493 18494 7ff78ec864c5 18490->18494 18630 7ff78ec88308 18491->18630 18621 7ff78ec8564c 18492->18621 18493->18315 18497 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18494->18497 18497->18493 18499->18315 18500 7ff78ec75e08 memcpy_s 11 API calls 18500->18493 18502 7ff78ec828b2 18501->18502 18503 7ff78ec828cf 18501->18503 18502->18503 18504 7ff78ec828c0 18502->18504 18507 7ff78ec828d9 18503->18507 18670 7ff78ec86f48 18503->18670 18505 7ff78ec75e08 memcpy_s 11 API calls 18504->18505 18509 7ff78ec828c5 memcpy_s 18505->18509 18677 7ff78ec7fd4c 18507->18677 18509->18339 18511 7ff78ec74824 45 API calls 18510->18511 18512 7ff78ec865c6 18511->18512 18513 7ff78ec865d4 18512->18513 18514 7ff78ec7e4d8 5 API calls 18512->18514 18515 7ff78ec7430c 14 API calls 18513->18515 18514->18513 18516 7ff78ec86630 18515->18516 18517 7ff78ec866c0 18516->18517 18518 7ff78ec74824 45 API calls 18516->18518 18520 7ff78ec866d1 18517->18520 18521 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18517->18521 18519 7ff78ec86643 18518->18519 18523 7ff78ec7e4d8 5 API calls 18519->18523 18525 7ff78ec8664c 18519->18525 18522 7ff78ec800a3 18520->18522 18524 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18520->18524 18521->18520 18522->18360 18522->18361 18523->18525 18524->18522 18526 7ff78ec7430c 14 API calls 18525->18526 18527 7ff78ec866a7 18526->18527 18527->18517 18528 7ff78ec866af SetEnvironmentVariableW 18527->18528 18528->18517 18530 7ff78ec78a0c 18529->18530 18531 7ff78ec78a15 18529->18531 18530->18531 18532 7ff78ec7850c 40 API calls 18530->18532 18531->18387 18531->18396 18533 7ff78ec78a1e 18532->18533 18533->18531 18534 7ff78ec788cc 12 API calls 18533->18534 18534->18531 18536 7ff78ec86315 18535->18536 18541 7ff78ec86342 18535->18541 18537 7ff78ec8631a 18536->18537 18536->18541 18538 7ff78ec75e08 memcpy_s 11 API calls 18537->18538 18539 7ff78ec8631f 18538->18539 18543 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18539->18543 18540 7ff78ec86386 18542 7ff78ec75e08 memcpy_s 11 API calls 18540->18542 18541->18540 18544 7ff78ec863a5 18541->18544 18557 7ff78ec8637a __crtLCMapStringW 18541->18557 18545 7ff78ec8638b 18542->18545 18546 7ff78ec8632a 18543->18546 18547 7ff78ec863c1 18544->18547 18548 7ff78ec863af 18544->18548 18549 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18545->18549 18546->18377 18551 7ff78ec74824 45 API calls 18547->18551 18550 7ff78ec75e08 memcpy_s 11 API calls 18548->18550 18549->18557 18552 7ff78ec863b4 18550->18552 18553 7ff78ec863ce 18551->18553 18554 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18552->18554 18553->18557 18689 7ff78ec87ec8 18553->18689 18554->18557 18557->18377 18558 7ff78ec75e08 memcpy_s 11 API calls 18558->18557 18560 7ff78ec784ad 18559->18560 18561 7ff78ec784b1 18559->18561 18560->18460 18574 7ff78ec787ec 18560->18574 18562 7ff78ec81ae0 65 API calls 18561->18562 18563 7ff78ec784b6 18562->18563 18582 7ff78ec81e1c GetEnvironmentStringsW 18563->18582 18566 7ff78ec784c3 18568 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18566->18568 18567 7ff78ec784cf 18602 7ff78ec7857c 18567->18602 18568->18560 18571 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18572 7ff78ec784f6 18571->18572 18573 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18572->18573 18573->18560 18575 7ff78ec78815 18574->18575 18580 7ff78ec7882e 18574->18580 18575->18460 18576 7ff78ec7e248 memcpy_s 11 API calls 18576->18580 18577 7ff78ec788be 18579 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18577->18579 18578 7ff78ec7f4a4 WideCharToMultiByte 18578->18580 18579->18575 18580->18575 18580->18576 18580->18577 18580->18578 18581 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18580->18581 18581->18580 18583 7ff78ec784bb 18582->18583 18584 7ff78ec81e4c 18582->18584 18583->18566 18583->18567 18584->18584 18585 7ff78ec7f4a4 WideCharToMultiByte 18584->18585 18586 7ff78ec81e9d 18585->18586 18587 7ff78ec81ea4 FreeEnvironmentStringsW 18586->18587 18588 7ff78ec7cfa0 _fread_nolock 12 API calls 18586->18588 18587->18583 18589 7ff78ec81eb7 18588->18589 18590 7ff78ec81ec8 18589->18590 18591 7ff78ec81ebf 18589->18591 18593 7ff78ec7f4a4 WideCharToMultiByte 18590->18593 18592 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18591->18592 18594 7ff78ec81ec6 18592->18594 18595 7ff78ec81eeb 18593->18595 18594->18587 18596 7ff78ec81ef9 18595->18596 18597 7ff78ec81eef 18595->18597 18599 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18596->18599 18598 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18597->18598 18600 7ff78ec81ef7 FreeEnvironmentStringsW 18598->18600 18599->18600 18600->18583 18603 7ff78ec785a1 18602->18603 18604 7ff78ec7e248 memcpy_s 11 API calls 18603->18604 18614 7ff78ec785d7 18604->18614 18605 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18606 7ff78ec784d7 18605->18606 18606->18571 18607 7ff78ec78652 18608 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18607->18608 18608->18606 18609 7ff78ec7e248 memcpy_s 11 API calls 18609->18614 18610 7ff78ec78641 18611 7ff78ec787a8 11 API calls 18610->18611 18613 7ff78ec78649 18611->18613 18612 7ff78ec7965c __std_exception_copy 37 API calls 18612->18614 18616 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18613->18616 18614->18607 18614->18609 18614->18610 18614->18612 18615 7ff78ec78677 18614->18615 18617 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18614->18617 18618 7ff78ec785df 18614->18618 18619 7ff78ec7a270 _wfindfirst32i64 17 API calls 18615->18619 18616->18618 18617->18614 18618->18605 18620 7ff78ec7868a 18619->18620 18622 7ff78ec85669 18621->18622 18623 7ff78ec85680 18621->18623 18624 7ff78ec75e08 memcpy_s 11 API calls 18622->18624 18623->18622 18625 7ff78ec8568e 18623->18625 18626 7ff78ec8566e 18624->18626 18628 7ff78ec74824 45 API calls 18625->18628 18629 7ff78ec85679 18625->18629 18627 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18626->18627 18627->18629 18628->18629 18629->18493 18631 7ff78ec74824 45 API calls 18630->18631 18632 7ff78ec8832d 18631->18632 18635 7ff78ec87f88 18632->18635 18637 7ff78ec87fd6 18635->18637 18636 7ff78ec6a040 _wfindfirst32i64 8 API calls 18638 7ff78ec86521 18636->18638 18639 7ff78ec8805d 18637->18639 18641 7ff78ec88048 GetCPInfo 18637->18641 18643 7ff78ec88061 18637->18643 18638->18493 18638->18500 18640 7ff78ec7ec04 _fread_nolock MultiByteToWideChar 18639->18640 18639->18643 18642 7ff78ec880f7 18640->18642 18641->18639 18641->18643 18642->18643 18644 7ff78ec7cfa0 _fread_nolock 12 API calls 18642->18644 18645 7ff78ec8812e 18642->18645 18643->18636 18644->18645 18645->18643 18646 7ff78ec7ec04 _fread_nolock MultiByteToWideChar 18645->18646 18647 7ff78ec88194 18646->18647 18648 7ff78ec7ec04 _fread_nolock MultiByteToWideChar 18647->18648 18658 7ff78ec881bd 18647->18658 18651 7ff78ec881b6 18648->18651 18649 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18649->18643 18650 7ff78ec8820b 18653 7ff78ec7ec04 _fread_nolock MultiByteToWideChar 18650->18653 18650->18658 18651->18650 18652 7ff78ec7cfa0 _fread_nolock 12 API calls 18651->18652 18651->18658 18652->18650 18654 7ff78ec8827e 18653->18654 18655 7ff78ec882a1 18654->18655 18656 7ff78ec88284 18654->18656 18664 7ff78ec7e51c 18655->18664 18656->18658 18660 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18656->18660 18658->18643 18658->18649 18660->18658 18661 7ff78ec882e0 18661->18643 18663 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18661->18663 18662 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18662->18661 18663->18643 18665 7ff78ec7e2c0 __crtLCMapStringW 5 API calls 18664->18665 18666 7ff78ec7e55a 18665->18666 18667 7ff78ec7e562 18666->18667 18668 7ff78ec7e784 __crtLCMapStringW 5 API calls 18666->18668 18667->18661 18667->18662 18669 7ff78ec7e5cb CompareStringW 18668->18669 18669->18667 18671 7ff78ec86f6a HeapSize 18670->18671 18672 7ff78ec86f51 18670->18672 18673 7ff78ec75e08 memcpy_s 11 API calls 18672->18673 18674 7ff78ec86f56 18673->18674 18675 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18674->18675 18676 7ff78ec86f61 18675->18676 18676->18507 18678 7ff78ec7fd6b 18677->18678 18679 7ff78ec7fd61 18677->18679 18681 7ff78ec7fd70 18678->18681 18687 7ff78ec7fd77 memcpy_s 18678->18687 18680 7ff78ec7cfa0 _fread_nolock 12 API calls 18679->18680 18685 7ff78ec7fd69 18680->18685 18682 7ff78ec7a2b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18681->18682 18682->18685 18683 7ff78ec7fd7d 18686 7ff78ec75e08 memcpy_s 11 API calls 18683->18686 18684 7ff78ec7fdaa HeapReAlloc 18684->18685 18684->18687 18685->18509 18686->18685 18687->18683 18687->18684 18688 7ff78ec82a40 memcpy_s 2 API calls 18687->18688 18688->18687 18691 7ff78ec87ef1 __crtLCMapStringW 18689->18691 18690 7ff78ec8640a 18690->18557 18690->18558 18691->18690 18692 7ff78ec7e51c 6 API calls 18691->18692 18692->18690 19530 7ff78ec89655 19533 7ff78ec74138 LeaveCriticalSection 19530->19533 18760 7ff78ec7ecc0 18761 7ff78ec7eea8 18760->18761 18763 7ff78ec7ed03 _isindst 18760->18763 18762 7ff78ec75e08 memcpy_s 11 API calls 18761->18762 18780 7ff78ec7ee9a 18762->18780 18763->18761 18766 7ff78ec7ed7f _isindst 18763->18766 18764 7ff78ec6a040 _wfindfirst32i64 8 API calls 18765 7ff78ec7eec3 18764->18765 18781 7ff78ec8535c 18766->18781 18771 7ff78ec7eed4 18773 7ff78ec7a270 _wfindfirst32i64 17 API calls 18771->18773 18775 7ff78ec7eee8 18773->18775 18778 7ff78ec7eddc 18778->18780 18805 7ff78ec8539c 18778->18805 18780->18764 18782 7ff78ec8536a 18781->18782 18786 7ff78ec7ed9d 18781->18786 18812 7ff78ec7fb48 EnterCriticalSection 18782->18812 18787 7ff78ec84768 18786->18787 18788 7ff78ec7edb2 18787->18788 18789 7ff78ec84771 18787->18789 18788->18771 18793 7ff78ec84798 18788->18793 18790 7ff78ec75e08 memcpy_s 11 API calls 18789->18790 18791 7ff78ec84776 18790->18791 18792 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18791->18792 18792->18788 18794 7ff78ec7edc3 18793->18794 18795 7ff78ec847a1 18793->18795 18794->18771 18799 7ff78ec847c8 18794->18799 18796 7ff78ec75e08 memcpy_s 11 API calls 18795->18796 18797 7ff78ec847a6 18796->18797 18798 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18797->18798 18798->18794 18800 7ff78ec7edd4 18799->18800 18801 7ff78ec847d1 18799->18801 18800->18771 18800->18778 18802 7ff78ec75e08 memcpy_s 11 API calls 18801->18802 18803 7ff78ec847d6 18802->18803 18804 7ff78ec7a250 _invalid_parameter_noinfo 37 API calls 18803->18804 18804->18800 18813 7ff78ec7fb48 EnterCriticalSection 18805->18813

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00007FF78EC84DC8 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 135 7ff78ec84dc8-7ff78ec84e03 call 7ff78ec84758 call 7ff78ec84760 call 7ff78ec847c8 142 7ff78ec8502d-7ff78ec85079 call 7ff78ec7a270 call 7ff78ec84758 call 7ff78ec84760 call 7ff78ec847c8 135->142 143 7ff78ec84e09-7ff78ec84e14 call 7ff78ec84768 135->143 170 7ff78ec851b7-7ff78ec85225 call 7ff78ec7a270 call 7ff78ec80a68 142->170 171 7ff78ec8507f-7ff78ec8508a call 7ff78ec84768 142->171 143->142 149 7ff78ec84e1a-7ff78ec84e24 143->149 151 7ff78ec84e46-7ff78ec84e4a 149->151 152 7ff78ec84e26-7ff78ec84e29 149->152 154 7ff78ec84e4d-7ff78ec84e55 151->154 153 7ff78ec84e2c-7ff78ec84e37 152->153 156 7ff78ec84e39-7ff78ec84e40 153->156 157 7ff78ec84e42-7ff78ec84e44 153->157 154->154 158 7ff78ec84e57-7ff78ec84e6a call 7ff78ec7cfa0 154->158 156->153 156->157 157->151 160 7ff78ec84e73-7ff78ec84e81 157->160 165 7ff78ec84e6c-7ff78ec84e6e call 7ff78ec7a2b8 158->165 166 7ff78ec84e82-7ff78ec84e8e call 7ff78ec7a2b8 158->166 165->160 177 7ff78ec84e95-7ff78ec84e9d 166->177 189 7ff78ec85227-7ff78ec8522e 170->189 190 7ff78ec85233-7ff78ec85236 170->190 171->170 178 7ff78ec85090-7ff78ec8509b call 7ff78ec84798 171->178 177->177 180 7ff78ec84e9f-7ff78ec84eb0 call 7ff78ec7fce4 177->180 178->170 188 7ff78ec850a1-7ff78ec850c4 call 7ff78ec7a2b8 GetTimeZoneInformation 178->188 180->142 187 7ff78ec84eb6-7ff78ec84f0c call 7ff78ec6b7b0 * 4 call 7ff78ec84ce4 180->187 248 7ff78ec84f0e-7ff78ec84f12 187->248 204 7ff78ec8518c-7ff78ec851b6 call 7ff78ec84750 call 7ff78ec84740 call 7ff78ec84748 188->204 205 7ff78ec850ca-7ff78ec850eb 188->205 195 7ff78ec852c3-7ff78ec852c6 189->195 192 7ff78ec8526d-7ff78ec85280 call 7ff78ec7cfa0 190->192 193 7ff78ec85238 190->193 214 7ff78ec8528b-7ff78ec852a6 call 7ff78ec80a68 192->214 215 7ff78ec85282 192->215 197 7ff78ec8523b 193->197 195->197 200 7ff78ec852cc-7ff78ec852d4 call 7ff78ec84dc8 195->200 202 7ff78ec85240-7ff78ec8526c call 7ff78ec7a2b8 call 7ff78ec6a040 197->202 203 7ff78ec8523b call 7ff78ec85044 197->203 200->202 203->202 210 7ff78ec850ed-7ff78ec850f3 205->210 211 7ff78ec850f6-7ff78ec850fd 205->211 210->211 218 7ff78ec85111 211->218 219 7ff78ec850ff-7ff78ec85107 211->219 230 7ff78ec852ad-7ff78ec852bf call 7ff78ec7a2b8 214->230 231 7ff78ec852a8-7ff78ec852ab 214->231 222 7ff78ec85284-7ff78ec85289 call 7ff78ec7a2b8 215->222 225 7ff78ec85113-7ff78ec85187 call 7ff78ec6b7b0 * 4 call 7ff78ec82004 call 7ff78ec852dc * 2 218->225 219->218 226 7ff78ec85109-7ff78ec8510f 219->226 222->193 225->204 226->225 230->195 231->222 250 7ff78ec84f18-7ff78ec84f1c 248->250 251 7ff78ec84f14 248->251 250->248 252 7ff78ec84f1e-7ff78ec84f43 call 7ff78ec87be8 250->252 251->250 258 7ff78ec84f46-7ff78ec84f4a 252->258 260 7ff78ec84f4c-7ff78ec84f57 258->260 261 7ff78ec84f59-7ff78ec84f5d 258->261 260->261 263 7ff78ec84f5f-7ff78ec84f63 260->263 261->258 265 7ff78ec84f65-7ff78ec84f8d call 7ff78ec87be8 263->265 266 7ff78ec84fe4-7ff78ec84fe8 263->266 275 7ff78ec84fab-7ff78ec84faf 265->275 276 7ff78ec84f8f 265->276 268 7ff78ec84fea-7ff78ec84fec 266->268 269 7ff78ec84fef-7ff78ec84ffc 266->269 268->269 271 7ff78ec84ffe-7ff78ec85014 call 7ff78ec84ce4 269->271 272 7ff78ec85017-7ff78ec85026 call 7ff78ec84750 call 7ff78ec84740 269->272 271->272 272->142 275->266 281 7ff78ec84fb1-7ff78ec84fcf call 7ff78ec87be8 275->281 279 7ff78ec84f92-7ff78ec84f99 276->279 279->275 282 7ff78ec84f9b-7ff78ec84fa9 279->282 287 7ff78ec84fdb-7ff78ec84fe2 281->287 282->275 282->279 287->266 288 7ff78ec84fd1-7ff78ec84fd5 287->288 288->266 289 7ff78ec84fd7 288->289 289->287
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC84DC8(void* __eflags, void* __rax, signed short* __rcx, char _a16, char _a24) {
				void* _t10;
				intOrPtr _t23;
				void* _t29;
				signed short* _t31;
				intOrPtr _t36;
				signed long long _t42;

				_t29 = __rax;
				E00007FF77FF78EC84760(E00007FF77FF78EC84758(_t10));
				r12d = 0;
				_a16 = r12d;
				_a24 = r12d;
				if (E00007FF77FF78EC847C8(_t29,  &_a16) != 0) goto 0x8ec8502d;
				if (E00007FF77FF78EC84768(_t29,  &_a24) != 0) goto 0x8ec8502d;
				_t36 =  *0x8ecad2b0; // 0x0
				_t23 = _t36;
				if (_t23 == 0) goto 0x8ec84e46;
				r8d =  *(__rcx + _t36 - __rcx) & 0x0000ffff;
				if (_t23 != 0) goto 0x8ec84e42;
				_t31 =  &(__rcx[1]);
				if (r8d != 0) goto 0x8ec84e2c;
				if (( *__rcx & 0x0000ffff) - r8d == 0) goto 0x8ec84e73;
				_t39 = (_t42 | 0xffffffff) + 1;
				if (__rcx[(_t42 | 0xffffffff) + 1] != r12w) goto 0x8ec84e4d;
				E00007FF77FF78EC7CFA0(_t31, 2 + _t39 * 2);
				if (_t31 != 0) goto 0x8ec84e82;
				return E00007FF77FF78EC7A2B8(_t31, 2 + _t39 * 2);
			}









                                                                                                                                                              0x7ff78ec84dc8
                                                                                                                                                              0x7ff78ec84de5
                                                                                                                                                              0x7ff78ec84dea
                                                                                                                                                              0x7ff78ec84df1
                                                                                                                                                              0x7ff78ec84df8
                                                                                                                                                              0x7ff78ec84e03
                                                                                                                                                              0x7ff78ec84e14
                                                                                                                                                              0x7ff78ec84e1a
                                                                                                                                                              0x7ff78ec84e21
                                                                                                                                                              0x7ff78ec84e24
                                                                                                                                                              0x7ff78ec84e2f
                                                                                                                                                              0x7ff78ec84e37
                                                                                                                                                              0x7ff78ec84e39
                                                                                                                                                              0x7ff78ec84e40
                                                                                                                                                              0x7ff78ec84e44
                                                                                                                                                              0x7ff78ec84e4d
                                                                                                                                                              0x7ff78ec84e55
                                                                                                                                                              0x7ff78ec84e5f
                                                                                                                                                              0x7ff78ec84e6a
                                                                                                                                                              0x7ff78ec84e81

                                                                                                                                                              APIs
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC84E0D
                                                                                                                                                                • Part of subcall function 00007FF78EC84768: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC8477C
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: RtlReleasePrivilege.NTDLL(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2CE
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: GetLastError.KERNEL32(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2D8
                                                                                                                                                                • Part of subcall function 00007FF78EC7A270: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF78EC7A24E,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7A279
                                                                                                                                                                • Part of subcall function 00007FF78EC7A270: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF78EC7A24E,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7A29E
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC84DFC
                                                                                                                                                                • Part of subcall function 00007FF78EC847C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC847DC
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85072
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85083
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85094
                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF78EC852D4), ref: 00007FF78EC850BB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLastPresentPrivilegeProcessProcessorReleaseTimeZone
                                                                                                                                                              • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                              • API String ID: 415722205-1154798116
                                                                                                                                                              • Opcode ID: 39f2bd43907f78d744289b85e0ff529a39e324cda87cb73a20144b89b06b98ae
                                                                                                                                                              • Instruction ID: 5535eb9061149e0e3922831b8618c00c0c2a8b2eb683e7496a05aaa4b4f9b4ff
                                                                                                                                                              • Opcode Fuzzy Hash: 39f2bd43907f78d744289b85e0ff529a39e324cda87cb73a20144b89b06b98ae
                                                                                                                                                              • Instruction Fuzzy Hash: 8DD1D226E0826286E720FFA6DA405B9E761FF44784FE18139EA4D47795EF3CE841C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC658A0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00007FF77FF78EC658A0(void* __ecx, void* __edx, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, void* __r8, void* __r9, intOrPtr _a8, char _a16, long long _a24, long long _a32, char _a56, signed int _a8248, void* _a8264) {
				void* __rsi;
				void* _t17;
				void* _t18;
				void* _t25;
				void* _t51;
				void* _t61;
				signed long long _t73;
				signed long long _t74;
				intOrPtr _t123;
				void* _t125;
				void* _t127;
				void* _t132;
				void* _t133;
				void* _t134;
				void* _t136;

				_t132 = __r9;
				_t75 = __rbx;
				_t51 = __ecx;
				_a24 = __rbx;
				_a32 = __rbp;
				E00007FF77FF78EC6A070(0x2060, __rax, _t133, _t134);
				_t128 = _t127 - __rax;
				_t73 =  *0x8ec9d000; // 0xa1f108556e84
				_t74 = _t73 ^ _t127 - __rax;
				_a8248 = _t74;
				_t125 = __rdx;
				_t136 = __rcx;
				if (__rdx == 0) goto 0x8ec6592b;
				E00007FF77FF78EC65AB0(_t74, "TMP");
				E00007FF77FF78EC655A0(_t74, __rbx, _t125, __r8);
				if (_t74 == 0) goto 0x8ec659ff;
				_t17 = E00007FF77FF78EC76598(_t51, _t74, L"TMP", _t74);
				_t18 = E00007FF77FF78EC73ED8(_t51, _t74, _t74, __r8);
				if (_t17 == 0) goto 0x8ec65930;
				E00007FF77FF78EC61C50(_t18, _t74, "LOADER: Failed to set the TMP environment variable.\n", _t74, __r8, _t132);
				goto 0x8ec65a88;
				_t123 = _a8;
				GetTempPathW(??, ??);
				r9d = GetCurrentProcessId();
				_t131 = L"_MEI%d";
				E00007FF77FF78EC66570(_t74,  &_a16,  &_a56, L"_MEI%d", _t132);
				E00007FF77FF78EC7782C(_t132);
				_t25 = E00007FF77FF78EC669C0(_t74, _t75, _t74); // executed
				if (_t25 == 0) goto 0x8ec65a06;
				E00007FF77FF78EC73ED8(0x1000, _t74,  &_a16, L"_MEI%d");
				if (1 - 5 < 0) goto 0x8ec65960;
				if (_t125 == 0) goto 0x8ec659ff;
				r8d = 0;
				E00007FF77FF78EC66D10(_t74, _t75, _t74, "TMP", _t123, L"_MEI%d");
				if (_t123 == 0) goto 0x8ec659e9;
				r8d = 0;
				_t120 = _t74;
				E00007FF77FF78EC66D10(_t74, _t75, _t74, _t123, _t123, L"_MEI%d");
				E00007FF77FF78EC76598(0, _t74, _t74, _t74);
				E00007FF77FF78EC73ED8(0, _t74, _t74, L"_MEI%d");
				E00007FF77FF78EC73ED8(0, _t74, _t74, L"_MEI%d");
				E00007FF77FF78EC73ED8(0, _t123, _t74, L"_MEI%d");
				goto 0x8ec65a88;
				SetEnvironmentVariableW(??, ??);
				E00007FF77FF78EC73ED8(0, _t74, _t74, _t131);
				goto 0x8ec65a88;
				r8d = 0x1000;
				E00007FF77FF78EC66E20(_t61, _t74, _t136, _t74, _t123, _t125, _t131);
				E00007FF77FF78EC73ED8(0, _t74, _t120, _t131);
				if (_t125 == 0) goto 0x8ec65a83;
				r8d = 0;
				E00007FF77FF78EC66D10(_t74, _t74, _t120, "TMP", _t123, _t131);
				if (_t123 == 0) goto 0x8ec65a6d;
				r8d = 0;
				E00007FF77FF78EC66D10(_t74, _t74, _t120, _t123, _t123, _t131);
				E00007FF77FF78EC76598(0, _t74, _t74, _t74);
				E00007FF77FF78EC73ED8(0, _t74, _t74, _t131);
				E00007FF77FF78EC73ED8(0, _t74, _t74, _t131);
				goto 0x8ec65a7e;
				SetEnvironmentVariableW(??, ??);
				E00007FF77FF78EC73ED8(0, _t74, _t74, _t131);
				return E00007FF77FF78EC6A040(1, 0, _a8248 ^ _t128);
			}


















                                                                                                                                                              0x7ff78ec658a0
                                                                                                                                                              0x7ff78ec658a0
                                                                                                                                                              0x7ff78ec658a0
                                                                                                                                                              0x7ff78ec658a0
                                                                                                                                                              0x7ff78ec658a5
                                                                                                                                                              0x7ff78ec658b3
                                                                                                                                                              0x7ff78ec658b8
                                                                                                                                                              0x7ff78ec658bb
                                                                                                                                                              0x7ff78ec658c2
                                                                                                                                                              0x7ff78ec658c5
                                                                                                                                                              0x7ff78ec658cd
                                                                                                                                                              0x7ff78ec658d0
                                                                                                                                                              0x7ff78ec658d6
                                                                                                                                                              0x7ff78ec658df
                                                                                                                                                              0x7ff78ec658ea
                                                                                                                                                              0x7ff78ec658f5
                                                                                                                                                              0x7ff78ec65905
                                                                                                                                                              0x7ff78ec6590f
                                                                                                                                                              0x7ff78ec65916
                                                                                                                                                              0x7ff78ec6591f
                                                                                                                                                              0x7ff78ec65926
                                                                                                                                                              0x7ff78ec6592b
                                                                                                                                                              0x7ff78ec6593a
                                                                                                                                                              0x7ff78ec65945
                                                                                                                                                              0x7ff78ec65948
                                                                                                                                                              0x7ff78ec65959
                                                                                                                                                              0x7ff78ec6596a
                                                                                                                                                              0x7ff78ec65975
                                                                                                                                                              0x7ff78ec6597c
                                                                                                                                                              0x7ff78ec65985
                                                                                                                                                              0x7ff78ec6598f
                                                                                                                                                              0x7ff78ec65994
                                                                                                                                                              0x7ff78ec65996
                                                                                                                                                              0x7ff78ec659a2
                                                                                                                                                              0x7ff78ec659aa
                                                                                                                                                              0x7ff78ec659ac
                                                                                                                                                              0x7ff78ec659b4
                                                                                                                                                              0x7ff78ec659b7
                                                                                                                                                              0x7ff78ec659c5
                                                                                                                                                              0x7ff78ec659cd
                                                                                                                                                              0x7ff78ec659d5
                                                                                                                                                              0x7ff78ec659dd
                                                                                                                                                              0x7ff78ec659e4
                                                                                                                                                              0x7ff78ec659f1
                                                                                                                                                              0x7ff78ec659fa
                                                                                                                                                              0x7ff78ec65a01
                                                                                                                                                              0x7ff78ec65a06
                                                                                                                                                              0x7ff78ec65a12
                                                                                                                                                              0x7ff78ec65a1a
                                                                                                                                                              0x7ff78ec65a22
                                                                                                                                                              0x7ff78ec65a24
                                                                                                                                                              0x7ff78ec65a30
                                                                                                                                                              0x7ff78ec65a38
                                                                                                                                                              0x7ff78ec65a3a
                                                                                                                                                              0x7ff78ec65a45
                                                                                                                                                              0x7ff78ec65a53
                                                                                                                                                              0x7ff78ec65a5b
                                                                                                                                                              0x7ff78ec65a63
                                                                                                                                                              0x7ff78ec65a6b
                                                                                                                                                              0x7ff78ec65a75
                                                                                                                                                              0x7ff78ec65a7e
                                                                                                                                                              0x7ff78ec65aaf

                                                                                                                                                              APIs
                                                                                                                                                              • GetTempPathW.KERNEL32(?,00000000,?,00007FF78EC6586D), ref: 00007FF78EC6593A
                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00007FF78EC6586D), ref: 00007FF78EC65940
                                                                                                                                                                • Part of subcall function 00007FF78EC65AB0: GetEnvironmentVariableW.KERNEL32(00007FF78EC627F7,?,?,?,?,?,?), ref: 00007FF78EC65AEA
                                                                                                                                                                • Part of subcall function 00007FF78EC65AB0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC65B07
                                                                                                                                                                • Part of subcall function 00007FF78EC76598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC765B1
                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF78EC659F1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                                                                                                              • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                              • API String ID: 1556224225-1116378104
                                                                                                                                                              • Opcode ID: d6510417227f0aa9d0d6e9c002bbc8685d3d0d2cd9d64535cbe5f3316e9f2d31
                                                                                                                                                              • Instruction ID: a6489672910f9cb5008ed841670378bd11940e1cbe6aeaec8f82d0bfd05733f7
                                                                                                                                                              • Opcode Fuzzy Hash: d6510417227f0aa9d0d6e9c002bbc8685d3d0d2cd9d64535cbe5f3316e9f2d31
                                                                                                                                                              • Instruction Fuzzy Hash: 2E517D11F1965254FA55B7A6E9562BAD2417F49BC0FF44439EC0E477A6EF3CE402C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7B3DC Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODECrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 690 7ff78ec7b3dc-7ff78ec7b3fd 691 7ff78ec7b417-7ff78ec7b419 690->691 692 7ff78ec7b3ff-7ff78ec7b412 call 7ff78ec75de8 call 7ff78ec75e08 690->692 694 7ff78ec7b7fb-7ff78ec7b808 call 7ff78ec75de8 call 7ff78ec75e08 691->694 695 7ff78ec7b41f-7ff78ec7b426 691->695 709 7ff78ec7b813 692->709 712 7ff78ec7b80e call 7ff78ec7a250 694->712 695->694 697 7ff78ec7b42c-7ff78ec7b460 695->697 697->694 700 7ff78ec7b466-7ff78ec7b46d 697->700 703 7ff78ec7b487-7ff78ec7b48a 700->703 704 7ff78ec7b46f-7ff78ec7b482 call 7ff78ec75de8 call 7ff78ec75e08 700->704 707 7ff78ec7b7f7-7ff78ec7b7f9 703->707 708 7ff78ec7b490-7ff78ec7b492 703->708 704->712 713 7ff78ec7b816-7ff78ec7b825 707->713 708->707 714 7ff78ec7b498-7ff78ec7b49b 708->714 709->713 712->709 714->704 717 7ff78ec7b49d-7ff78ec7b4c1 714->717 719 7ff78ec7b4f6-7ff78ec7b4fe 717->719 720 7ff78ec7b4c3-7ff78ec7b4c6 717->720 721 7ff78ec7b4d2-7ff78ec7b4e9 call 7ff78ec75de8 call 7ff78ec75e08 call 7ff78ec7a250 719->721 722 7ff78ec7b500-7ff78ec7b52a call 7ff78ec7cfa0 call 7ff78ec7a2b8 * 2 719->722 723 7ff78ec7b4ee-7ff78ec7b4f4 720->723 724 7ff78ec7b4c8-7ff78ec7b4d0 720->724 751 7ff78ec7b685 721->751 753 7ff78ec7b52c-7ff78ec7b542 call 7ff78ec75e08 call 7ff78ec75de8 722->753 754 7ff78ec7b547-7ff78ec7b571 call 7ff78ec7bc0c 722->754 725 7ff78ec7b575-7ff78ec7b586 723->725 724->721 724->723 728 7ff78ec7b60d-7ff78ec7b617 call 7ff78ec82ab0 725->728 729 7ff78ec7b58c-7ff78ec7b594 725->729 742 7ff78ec7b61d-7ff78ec7b633 728->742 743 7ff78ec7b6a3 728->743 729->728 732 7ff78ec7b596-7ff78ec7b598 729->732 732->728 736 7ff78ec7b59a-7ff78ec7b5b8 732->736 736->728 740 7ff78ec7b5ba-7ff78ec7b5c6 736->740 740->728 745 7ff78ec7b5c8-7ff78ec7b5ca 740->745 742->743 748 7ff78ec7b635-7ff78ec7b647 GetConsoleMode 742->748 747 7ff78ec7b6a8-7ff78ec7b6c9 ReadFile 743->747 745->728 752 7ff78ec7b5cc-7ff78ec7b5e4 745->752 755 7ff78ec7b7c1-7ff78ec7b7ca GetLastError 747->755 756 7ff78ec7b6cf-7ff78ec7b6d7 747->756 748->743 750 7ff78ec7b649-7ff78ec7b651 748->750 750->747 757 7ff78ec7b653-7ff78ec7b676 ReadConsoleW 750->757 760 7ff78ec7b688-7ff78ec7b692 call 7ff78ec7a2b8 751->760 752->728 761 7ff78ec7b5e6-7ff78ec7b5f2 752->761 753->751 754->725 758 7ff78ec7b7cc-7ff78ec7b7e2 call 7ff78ec75e08 call 7ff78ec75de8 755->758 759 7ff78ec7b7e7-7ff78ec7b7ea 755->759 756->755 763 7ff78ec7b6dd 756->763 766 7ff78ec7b678 GetLastError 757->766 767 7ff78ec7b697-7ff78ec7b6a1 757->767 758->751 771 7ff78ec7b67e-7ff78ec7b680 call 7ff78ec75d7c 759->771 772 7ff78ec7b7f0-7ff78ec7b7f2 759->772 760->713 761->728 770 7ff78ec7b5f4-7ff78ec7b5f6 761->770 774 7ff78ec7b6e4-7ff78ec7b6fb 763->774 766->771 767->774 770->728 778 7ff78ec7b5f8-7ff78ec7b608 770->778 771->751 772->760 774->760 780 7ff78ec7b6fd-7ff78ec7b708 774->780 778->728 781 7ff78ec7b70a-7ff78ec7b723 call 7ff78ec7afec 780->781 782 7ff78ec7b72f-7ff78ec7b737 780->782 790 7ff78ec7b728-7ff78ec7b72a 781->790 786 7ff78ec7b739-7ff78ec7b74b 782->786 787 7ff78ec7b7af-7ff78ec7b7bc call 7ff78ec7ae14 782->787 791 7ff78ec7b74d 786->791 792 7ff78ec7b7a2-7ff78ec7b7aa 786->792 787->790 790->760 794 7ff78ec7b753-7ff78ec7b75a 791->794 792->760 795 7ff78ec7b75c-7ff78ec7b760 794->795 796 7ff78ec7b797-7ff78ec7b79c 794->796 797 7ff78ec7b77d 795->797 798 7ff78ec7b762-7ff78ec7b769 795->798 796->792 800 7ff78ec7b783-7ff78ec7b793 797->800 798->797 799 7ff78ec7b76b-7ff78ec7b76f 798->799 799->797 801 7ff78ec7b771-7ff78ec7b77b 799->801 800->794 802 7ff78ec7b795 800->802 801->800 802->792
                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                              			E00007FF77FF78EC7B3DC(signed int __ecx, void* __esi, signed int* __rax, void* __rcx, long long __rdx, long long __r8, char _a8, long long _a16, intOrPtr _a32) {
				signed int* _v72;
				char _v80;
				signed int _v88;
				signed int* _v96;
				void* _v104;
				signed int _v120;
				void* __rbx;
				void* __rdi;
				signed char _t127;
				signed int _t141;
				int _t150;
				void* _t151;
				void* _t155;
				char _t169;
				char _t170;
				signed int _t174;
				void* _t192;
				void* _t193;
				void* _t194;
				unsigned int _t196;
				void* _t199;
				long long _t204;
				signed int* _t240;
				signed long long _t247;
				signed short* _t251;
				signed int* _t253;
				void* _t254;
				signed int* _t255;
				intOrPtr _t264;
				intOrPtr _t265;
				signed long long _t271;
				long long _t282;
				unsigned long long _t283;
				signed short* _t285;
				signed long long _t288;
				signed long long _t289;
				signed short* _t293;
				signed short* _t295;
				unsigned long long _t297;
				signed long long _t298;
				signed int* _t300;
				char* _t301;
				char* _t302;

				_t282 = __r8;
				_a16 = __rdx;
				r13d = r8d;
				if (r12d != 0xfffffffe) goto 0x8ec7b417;
				E00007FF77FF78EC75DE8(__rax);
				 *__rax =  *__rax & 0x00000000;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 9;
				goto 0x8ec7b813;
				if (__ecx < 0) goto 0x8ec7b7fb;
				_t199 = r12d -  *0x8ecace50; // 0x40
				if (_t199 >= 0) goto 0x8ec7b7fb;
				r8d = 1;
				_v80 = __r8;
				_t288 = __ecx >> 6;
				_v88 = _t288;
				_t298 = __ecx + __ecx * 8;
				_t264 =  *((intOrPtr*)(0x8ecaca50 + _t288 * 8));
				if ((r8b &  *(_t264 + 0x38 + _t298 * 8)) == 0) goto 0x8ec7b7fb;
				if (r13d - 0x7fffffff <= 0) goto 0x8ec7b487;
				E00007FF77FF78EC75DE8(__ecx);
				 *__ecx =  *__ecx & 0x00000000;
				_t127 = E00007FF77FF78EC75E08(__ecx);
				 *__ecx = 0x16;
				goto 0x8ec7b80e;
				if (r13d == 0) goto 0x8ec7b7f7;
				if ((_t127 & 0x00000002) != 0) goto 0x8ec7b7f7;
				_t204 = __rdx;
				if (_t204 == 0) goto 0x8ec7b46f;
				r11d =  *((char*)(_t264 + 0x39 + _t298 * 8));
				_t240 =  *((intOrPtr*)(_t264 + 0x28 + _t298 * 8));
				_v96 = _t240;
				_a8 = r11b;
				_t23 = _t254 + 4; // 0x4
				r15d = _t23;
				if (_t204 == 0) goto 0x8ec7b4f6;
				if (r11d - r8d != r8d) goto 0x8ec7b4ee;
				if ((r8b &  !r13d) != 0) goto 0x8ec7b4ee;
				E00007FF77FF78EC75DE8(_t240);
				 *_t240 =  *_t240 & 0;
				E00007FF77FF78EC75E08(_t240);
				 *_t240 = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec7b685;
				goto 0x8ec7b575;
				if ((r8b &  !r13d) == 0) goto 0x8ec7b4d2;
				_t192 =  <  ? r15d : r13d >> 1;
				E00007FF77FF78EC7CFA0(_t240, __rcx);
				_t255 = _t240;
				E00007FF77FF78EC7A2B8(_t240, __rcx);
				E00007FF77FF78EC7A2B8(_t240, __rcx);
				_t300 = _t255;
				if (_t255 != 0) goto 0x8ec7b547;
				E00007FF77FF78EC75E08(_t240);
				 *_t240 = 0xc;
				E00007FF77FF78EC75DE8(_t240);
				 *_t240 = 8;
				goto 0x8ec7b685;
				_t28 = _t264 + 1; // 0x1
				r8d = _t28;
				E00007FF77FF78EC7BC0C(_t240, _t255, 0x8ecaca50);
				_t289 = _v88;
				r8d = 1;
				r11b = _a8;
				 *( *((intOrPtr*)(0x8ecaca50 + _t289 * 8)) + 0x30 + _t298 * 8) = _t240;
				_t265 =  *((intOrPtr*)(0x8ecaca50 + _t289 * 8));
				_v72 = _t300;
				r10d = 0x7ff78ecaca5a;
				if (( *(_t265 + 0x38 + _t298 * 8) & 0x00000048) == 0) goto 0x8ec7b60d;
				_t141 =  *((intOrPtr*)(_t265 + 0x3a + _t298 * 8));
				if (_t141 == r10b) goto 0x8ec7b60d;
				if (_t192 == 0) goto 0x8ec7b60d;
				 *_t300 = _t141;
				_t301 = _t300 + _t282;
				_t193 = _t192 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _t289 * 8)) + 0x3a + _t298 * 8)) = r10b;
				if (r11b == 0) goto 0x8ec7b60d;
				_t169 =  *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _t289 * 8)) + 0x3b + _t298 * 8));
				if (_t169 == r10b) goto 0x8ec7b60d;
				if (_t193 == 0) goto 0x8ec7b60d;
				 *_t301 = _t169;
				_t302 = _t301 + _t282;
				_t194 = _t193 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _t289 * 8)) + 0x3b + _t298 * 8)) = r10b;
				if (r11b != r8b) goto 0x8ec7b60d;
				_t170 =  *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _t289 * 8)) + 0x3c + _t298 * 8));
				if (_t170 == r10b) goto 0x8ec7b60d;
				if (_t194 == 0) goto 0x8ec7b60d;
				 *_t302 = _t170;
				 *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _t289 * 8)) + 0x3c + _t298 * 8)) = r10b;
				if (E00007FF77FF78EC82AB0(r12d,  *((intOrPtr*)(0x8ecaca50 + _t289 * 8))) == 0) goto 0x8ec7b6a3;
				_t247 =  *((intOrPtr*)(0x8ecaca50 + _v88 * 8));
				if ( *((char*)(_t247 + 0x38 + _t298 * 8)) >= 0) goto 0x8ec7b6a3;
				if (GetConsoleMode(??, ??) == 0) goto 0x8ec7b6a3;
				if (_a8 != 2) goto 0x8ec7b6a8;
				_v120 = _v120 & 0x00000000;
				_t196 = _t194 - 1 >> 1;
				r8d = _t196;
				if (ReadConsoleW(??, ??, ??, ??, ??) != 0) goto 0x8ec7b697;
				E00007FF77FF78EC75D7C(GetLastError(), _t247, _v96);
				E00007FF77FF78EC7A2B8(_t247, _t255);
				goto 0x8ec7b816;
				goto 0x8ec7b6e4;
				_v80 = 0;
				_v120 = _v120 & 0x00000000;
				r8d = _t196;
				_t150 = ReadFile(??, ??, ??, ??, ??); // executed
				if (_t150 == 0) goto 0x8ec7b7c1;
				if (_a32 - r13d > 0) goto 0x8ec7b7c1;
				if ( *((char*)( *((intOrPtr*)(0x8ecaca50 + _v88 * 8)) + 0x38 + _t298 * 8)) >= 0) goto 0x8ec7b688;
				_t283 = 0x8ecaca50 + _t247 * 2 + _a32;
				if (_a8 == 2) goto 0x8ec7b72f;
				_t271 = _t302 + _t282;
				_v120 = _t297 >> 1;
				_t151 = E00007FF77FF78EC7AFEC(_t150, 0, r12d, __esi, _t255, _t271, _t283, _a16);
				goto 0x8ec7b688;
				if (_v80 == 0) goto 0x8ec7b7af;
				_t295 = _v72;
				_t251 = _t295;
				_t293 =  &(_t295[_t283 >> 1]);
				if (_t295 - _t293 >= 0) goto 0x8ec7b7a2;
				r11d = 0xa;
				_t174 =  *_t251 & 0x0000ffff;
				if (_t174 == 0x1a) goto 0x8ec7b797;
				if (_t174 != 0xd) goto 0x8ec7b77d;
				_t285 =  &(_t251[1]);
				if (_t285 - _t293 >= 0) goto 0x8ec7b77d;
				if ( *_t285 != r11w) goto 0x8ec7b77d;
				r8d = 4;
				goto 0x8ec7b783;
				r8d = 2;
				 *_t295 = r11w & 0xffffffff;
				if (_t251 + _t285 - _t293 < 0) goto 0x8ec7b753;
				goto 0x8ec7b7a2;
				_t253 =  *((intOrPtr*)(0x8ecaca50 + _t271 * 8));
				 *(_t253 + 0x38 + _t298 * 8) =  *(_t253 + 0x38 + _t298 * 8) | 0x00000002;
				goto 0x8ec7b688;
				E00007FF77FF78EC7AE14(_t151, r12d, _t196, _v72,  &(_t295[1]));
				goto 0x8ec7b728;
				if (GetLastError() != 5) goto 0x8ec7b7e7;
				E00007FF77FF78EC75E08(_t253);
				 *_t253 = 9;
				_t155 = E00007FF77FF78EC75DE8(_t253);
				 *_t253 = 5;
				goto 0x8ec7b685;
				if (_t155 != 0x6d) goto 0x8ec7b67e;
				goto 0x8ec7b688;
				goto 0x8ec7b816;
				E00007FF77FF78EC75DE8(_t253);
				 *_t253 =  *_t253 & 0x00000000;
				E00007FF77FF78EC75E08(_t253);
				 *_t253 = 9;
				return E00007FF77FF78EC7A250() | 0xffffffff;
			}














































                                                                                                                                                              0x7ff78ec7b3dc
                                                                                                                                                              0x7ff78ec7b3dc
                                                                                                                                                              0x7ff78ec7b3f6
                                                                                                                                                              0x7ff78ec7b3fd
                                                                                                                                                              0x7ff78ec7b3ff
                                                                                                                                                              0x7ff78ec7b404
                                                                                                                                                              0x7ff78ec7b407
                                                                                                                                                              0x7ff78ec7b40c
                                                                                                                                                              0x7ff78ec7b412
                                                                                                                                                              0x7ff78ec7b419
                                                                                                                                                              0x7ff78ec7b41f
                                                                                                                                                              0x7ff78ec7b426
                                                                                                                                                              0x7ff78ec7b439
                                                                                                                                                              0x7ff78ec7b442
                                                                                                                                                              0x7ff78ec7b447
                                                                                                                                                              0x7ff78ec7b44b
                                                                                                                                                              0x7ff78ec7b450
                                                                                                                                                              0x7ff78ec7b454
                                                                                                                                                              0x7ff78ec7b460
                                                                                                                                                              0x7ff78ec7b46d
                                                                                                                                                              0x7ff78ec7b46f
                                                                                                                                                              0x7ff78ec7b474
                                                                                                                                                              0x7ff78ec7b477
                                                                                                                                                              0x7ff78ec7b47c
                                                                                                                                                              0x7ff78ec7b482
                                                                                                                                                              0x7ff78ec7b48a
                                                                                                                                                              0x7ff78ec7b492
                                                                                                                                                              0x7ff78ec7b498
                                                                                                                                                              0x7ff78ec7b49b
                                                                                                                                                              0x7ff78ec7b49d
                                                                                                                                                              0x7ff78ec7b4a5
                                                                                                                                                              0x7ff78ec7b4ad
                                                                                                                                                              0x7ff78ec7b4b2
                                                                                                                                                              0x7ff78ec7b4ba
                                                                                                                                                              0x7ff78ec7b4ba
                                                                                                                                                              0x7ff78ec7b4c1
                                                                                                                                                              0x7ff78ec7b4c6
                                                                                                                                                              0x7ff78ec7b4d0
                                                                                                                                                              0x7ff78ec7b4d2
                                                                                                                                                              0x7ff78ec7b4d7
                                                                                                                                                              0x7ff78ec7b4d9
                                                                                                                                                              0x7ff78ec7b4de
                                                                                                                                                              0x7ff78ec7b4e4
                                                                                                                                                              0x7ff78ec7b4e9
                                                                                                                                                              0x7ff78ec7b4f4
                                                                                                                                                              0x7ff78ec7b4fe
                                                                                                                                                              0x7ff78ec7b508
                                                                                                                                                              0x7ff78ec7b50e
                                                                                                                                                              0x7ff78ec7b515
                                                                                                                                                              0x7ff78ec7b518
                                                                                                                                                              0x7ff78ec7b51f
                                                                                                                                                              0x7ff78ec7b524
                                                                                                                                                              0x7ff78ec7b52a
                                                                                                                                                              0x7ff78ec7b52c
                                                                                                                                                              0x7ff78ec7b531
                                                                                                                                                              0x7ff78ec7b537
                                                                                                                                                              0x7ff78ec7b53c
                                                                                                                                                              0x7ff78ec7b542
                                                                                                                                                              0x7ff78ec7b54c
                                                                                                                                                              0x7ff78ec7b54c
                                                                                                                                                              0x7ff78ec7b550
                                                                                                                                                              0x7ff78ec7b555
                                                                                                                                                              0x7ff78ec7b55a
                                                                                                                                                              0x7ff78ec7b560
                                                                                                                                                              0x7ff78ec7b56c
                                                                                                                                                              0x7ff78ec7b571
                                                                                                                                                              0x7ff78ec7b577
                                                                                                                                                              0x7ff78ec7b582
                                                                                                                                                              0x7ff78ec7b586
                                                                                                                                                              0x7ff78ec7b58c
                                                                                                                                                              0x7ff78ec7b594
                                                                                                                                                              0x7ff78ec7b598
                                                                                                                                                              0x7ff78ec7b59a
                                                                                                                                                              0x7ff78ec7b5a8
                                                                                                                                                              0x7ff78ec7b5ab
                                                                                                                                                              0x7ff78ec7b5b0
                                                                                                                                                              0x7ff78ec7b5b8
                                                                                                                                                              0x7ff78ec7b5be
                                                                                                                                                              0x7ff78ec7b5c6
                                                                                                                                                              0x7ff78ec7b5ca
                                                                                                                                                              0x7ff78ec7b5cc
                                                                                                                                                              0x7ff78ec7b5d7
                                                                                                                                                              0x7ff78ec7b5da
                                                                                                                                                              0x7ff78ec7b5dc
                                                                                                                                                              0x7ff78ec7b5e4
                                                                                                                                                              0x7ff78ec7b5ea
                                                                                                                                                              0x7ff78ec7b5f2
                                                                                                                                                              0x7ff78ec7b5f6
                                                                                                                                                              0x7ff78ec7b5f8
                                                                                                                                                              0x7ff78ec7b608
                                                                                                                                                              0x7ff78ec7b617
                                                                                                                                                              0x7ff78ec7b629
                                                                                                                                                              0x7ff78ec7b633
                                                                                                                                                              0x7ff78ec7b647
                                                                                                                                                              0x7ff78ec7b651
                                                                                                                                                              0x7ff78ec7b660
                                                                                                                                                              0x7ff78ec7b669
                                                                                                                                                              0x7ff78ec7b66b
                                                                                                                                                              0x7ff78ec7b676
                                                                                                                                                              0x7ff78ec7b680
                                                                                                                                                              0x7ff78ec7b68b
                                                                                                                                                              0x7ff78ec7b692
                                                                                                                                                              0x7ff78ec7b6a1
                                                                                                                                                              0x7ff78ec7b6a3
                                                                                                                                                              0x7ff78ec7b6b5
                                                                                                                                                              0x7ff78ec7b6bb
                                                                                                                                                              0x7ff78ec7b6c1
                                                                                                                                                              0x7ff78ec7b6c9
                                                                                                                                                              0x7ff78ec7b6d7
                                                                                                                                                              0x7ff78ec7b6fb
                                                                                                                                                              0x7ff78ec7b705
                                                                                                                                                              0x7ff78ec7b708
                                                                                                                                                              0x7ff78ec7b718
                                                                                                                                                              0x7ff78ec7b71e
                                                                                                                                                              0x7ff78ec7b723
                                                                                                                                                              0x7ff78ec7b72a
                                                                                                                                                              0x7ff78ec7b737
                                                                                                                                                              0x7ff78ec7b739
                                                                                                                                                              0x7ff78ec7b73e
                                                                                                                                                              0x7ff78ec7b744
                                                                                                                                                              0x7ff78ec7b74b
                                                                                                                                                              0x7ff78ec7b74d
                                                                                                                                                              0x7ff78ec7b753
                                                                                                                                                              0x7ff78ec7b75a
                                                                                                                                                              0x7ff78ec7b760
                                                                                                                                                              0x7ff78ec7b762
                                                                                                                                                              0x7ff78ec7b769
                                                                                                                                                              0x7ff78ec7b76f
                                                                                                                                                              0x7ff78ec7b775
                                                                                                                                                              0x7ff78ec7b77b
                                                                                                                                                              0x7ff78ec7b77d
                                                                                                                                                              0x7ff78ec7b786
                                                                                                                                                              0x7ff78ec7b793
                                                                                                                                                              0x7ff78ec7b795
                                                                                                                                                              0x7ff78ec7b797
                                                                                                                                                              0x7ff78ec7b79c
                                                                                                                                                              0x7ff78ec7b7aa
                                                                                                                                                              0x7ff78ec7b7b7
                                                                                                                                                              0x7ff78ec7b7bc
                                                                                                                                                              0x7ff78ec7b7ca
                                                                                                                                                              0x7ff78ec7b7cc
                                                                                                                                                              0x7ff78ec7b7d1
                                                                                                                                                              0x7ff78ec7b7d7
                                                                                                                                                              0x7ff78ec7b7dc
                                                                                                                                                              0x7ff78ec7b7e2
                                                                                                                                                              0x7ff78ec7b7ea
                                                                                                                                                              0x7ff78ec7b7f2
                                                                                                                                                              0x7ff78ec7b7f9
                                                                                                                                                              0x7ff78ec7b7fb
                                                                                                                                                              0x7ff78ec7b800
                                                                                                                                                              0x7ff78ec7b803
                                                                                                                                                              0x7ff78ec7b808
                                                                                                                                                              0x7ff78ec7b825

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 718238527cc3eb11798ac025bfd5e66231c45317a7818014422ca5edc8f13228
                                                                                                                                                              • Instruction ID: 6999dd15cb5d6c4eb6b133b0692a990818259cb1cfae2c7d50163ec844ff332f
                                                                                                                                                              • Opcode Fuzzy Hash: 718238527cc3eb11798ac025bfd5e66231c45317a7818014422ca5edc8f13228
                                                                                                                                                              • Instruction Fuzzy Hash: 3AC1F362E0CA8695E764BB99C8443BDABA2FF81B80FE54131DA4E07791CF7CE454C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC85044 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 803 7ff78ec85044-7ff78ec85079 call 7ff78ec84758 call 7ff78ec84760 call 7ff78ec847c8 810 7ff78ec851b7-7ff78ec85225 call 7ff78ec7a270 call 7ff78ec80a68 803->810 811 7ff78ec8507f-7ff78ec8508a call 7ff78ec84768 803->811 823 7ff78ec85227-7ff78ec8522e 810->823 824 7ff78ec85233-7ff78ec85236 810->824 811->810 816 7ff78ec85090-7ff78ec8509b call 7ff78ec84798 811->816 816->810 822 7ff78ec850a1-7ff78ec850c4 call 7ff78ec7a2b8 GetTimeZoneInformation 816->822 835 7ff78ec8518c-7ff78ec851b6 call 7ff78ec84750 call 7ff78ec84740 call 7ff78ec84748 822->835 836 7ff78ec850ca-7ff78ec850eb 822->836 828 7ff78ec852c3-7ff78ec852c6 823->828 825 7ff78ec8526d-7ff78ec85280 call 7ff78ec7cfa0 824->825 826 7ff78ec85238 824->826 844 7ff78ec8528b-7ff78ec852a6 call 7ff78ec80a68 825->844 845 7ff78ec85282 825->845 829 7ff78ec8523b 826->829 828->829 832 7ff78ec852cc-7ff78ec852d4 call 7ff78ec84dc8 828->832 833 7ff78ec85240-7ff78ec8526c call 7ff78ec7a2b8 call 7ff78ec6a040 829->833 834 7ff78ec8523b call 7ff78ec85044 829->834 832->833 834->833 840 7ff78ec850ed-7ff78ec850f3 836->840 841 7ff78ec850f6-7ff78ec850fd 836->841 840->841 847 7ff78ec85111 841->847 848 7ff78ec850ff-7ff78ec85107 841->848 858 7ff78ec852ad-7ff78ec852bf call 7ff78ec7a2b8 844->858 859 7ff78ec852a8-7ff78ec852ab 844->859 851 7ff78ec85284-7ff78ec85289 call 7ff78ec7a2b8 845->851 853 7ff78ec85113-7ff78ec85187 call 7ff78ec6b7b0 * 4 call 7ff78ec82004 call 7ff78ec852dc * 2 847->853 848->847 854 7ff78ec85109-7ff78ec8510f 848->854 851->826 853->835 854->853 858->828 859->851
                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                              			E00007FF77FF78EC85044(void* __eflags, signed int* __rax, long long __rbx, void* __rdx, void* __r9, signed int _a8, signed int _a16, signed int _a24, long long _a32) {
				void* __rsi;
				void* _t21;
				long _t28;
				intOrPtr _t31;
				void* _t33;
				void* _t36;
				void* _t37;
				void* _t38;
				signed int _t40;
				signed int _t49;
				intOrPtr _t59;
				intOrPtr _t60;
				signed int* _t63;
				long long _t69;

				_t64 = __rbx;
				_t63 = __rax;
				_a32 = __rbx;
				E00007FF77FF78EC84760(E00007FF77FF78EC84758(_t21));
				_a8 = 0;
				_a16 = 0;
				_a24 = 0;
				if (E00007FF77FF78EC847C8(_t63,  &_a8) != 0) goto 0x8ec851b7;
				if (E00007FF77FF78EC84768(_t63,  &_a16) != 0) goto 0x8ec851b7;
				if (E00007FF77FF78EC84798(_t63,  &_a24) != 0) goto 0x8ec851b7;
				_t69 =  *0x8ecad2b0; // 0x0
				E00007FF77FF78EC7A2B8(_t63, _t69);
				 *0x8ecad2b0 = __rbx; // executed
				_t28 = GetTimeZoneInformation(??); // executed
				if (_t28 == 0xffffffff) goto 0x8ec8518c;
				_t49 =  *0x8ecad2d0 * 0x3c;
				_t8 = _t64 + 1; // 0x1
				_t59 =  *0x8ecad316; // 0xb
				r8d =  *0x8ecad324; // 0x0
				 *0x8ecad2c0 = _t8;
				_a8 = _t49;
				if (_t59 == 0) goto 0x8ec850f6;
				_a8 = r8d * 0x3c + _t49;
				_t60 =  *0x8ecad36a; // 0x3
				if (_t60 == 0) goto 0x8ec85111;
				_t31 =  *0x8ecad378; // 0xffffffc4
				if (_t31 == 0) goto 0x8ec85111;
				_t40 = (_t31 - r8d) * 0x3c;
				goto 0x8ec85113;
				_a24 = _t40;
				_a16 = _t40;
				r8d = 0x80;
				E00007FF77FF78EC6B7B0();
				r8d = 0x80;
				E00007FF77FF78EC6B7B0();
				r8d = 0x40;
				E00007FF77FF78EC6B7B0();
				r8d = 0x40;
				E00007FF77FF78EC6B7B0();
				_t33 = E00007FF77FF78EC82004(_t40, 0, _t63, __rbx, _t63[2], __rdx, _t63, __r9);
				r9d = _t33;
				E00007FF77FF78EC852DC(__rbx, 0x8ecad2d4,  *_t63, _t63,  *_t63, __r9);
				r9d = _t33;
				_t36 = E00007FF77FF78EC84750(E00007FF77FF78EC852DC(_t64, 0x8ecad328, _t63[2], _t63, _t63[2], __r9));
				 *_t63 = _a8;
				_t37 = E00007FF77FF78EC84740(_t36);
				 *_t63 = _a16;
				_t38 = E00007FF77FF78EC84748(_t37);
				 *_t63 = _a24;
				return _t38;
			}

















                                                                                                                                                              0x7ff78ec85044
                                                                                                                                                              0x7ff78ec85044
                                                                                                                                                              0x7ff78ec85044
                                                                                                                                                              0x7ff78ec8505b
                                                                                                                                                              0x7ff78ec85066
                                                                                                                                                              0x7ff78ec8506c
                                                                                                                                                              0x7ff78ec8506f
                                                                                                                                                              0x7ff78ec85079
                                                                                                                                                              0x7ff78ec8508a
                                                                                                                                                              0x7ff78ec8509b
                                                                                                                                                              0x7ff78ec850a1
                                                                                                                                                              0x7ff78ec850a8
                                                                                                                                                              0x7ff78ec850b4
                                                                                                                                                              0x7ff78ec850bb
                                                                                                                                                              0x7ff78ec850c4
                                                                                                                                                              0x7ff78ec850ca
                                                                                                                                                              0x7ff78ec850d1
                                                                                                                                                              0x7ff78ec850d4
                                                                                                                                                              0x7ff78ec850db
                                                                                                                                                              0x7ff78ec850e2
                                                                                                                                                              0x7ff78ec850e8
                                                                                                                                                              0x7ff78ec850eb
                                                                                                                                                              0x7ff78ec850f3
                                                                                                                                                              0x7ff78ec850f6
                                                                                                                                                              0x7ff78ec850fd
                                                                                                                                                              0x7ff78ec850ff
                                                                                                                                                              0x7ff78ec85107
                                                                                                                                                              0x7ff78ec8510c
                                                                                                                                                              0x7ff78ec8510f
                                                                                                                                                              0x7ff78ec85113
                                                                                                                                                              0x7ff78ec85118
                                                                                                                                                              0x7ff78ec85123
                                                                                                                                                              0x7ff78ec85126
                                                                                                                                                              0x7ff78ec8512f
                                                                                                                                                              0x7ff78ec85134
                                                                                                                                                              0x7ff78ec85141
                                                                                                                                                              0x7ff78ec85146
                                                                                                                                                              0x7ff78ec8514f
                                                                                                                                                              0x7ff78ec85154
                                                                                                                                                              0x7ff78ec85159
                                                                                                                                                              0x7ff78ec8516b
                                                                                                                                                              0x7ff78ec85170
                                                                                                                                                              0x7ff78ec85184
                                                                                                                                                              0x7ff78ec8518f
                                                                                                                                                              0x7ff78ec85194
                                                                                                                                                              0x7ff78ec85199
                                                                                                                                                              0x7ff78ec8519e
                                                                                                                                                              0x7ff78ec851a3
                                                                                                                                                              0x7ff78ec851a8
                                                                                                                                                              0x7ff78ec851b6

                                                                                                                                                              APIs
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85072
                                                                                                                                                                • Part of subcall function 00007FF78EC847C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC847DC
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85083
                                                                                                                                                                • Part of subcall function 00007FF78EC84768: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC8477C
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85094
                                                                                                                                                                • Part of subcall function 00007FF78EC84798: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC847AC
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: RtlReleasePrivilege.NTDLL(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2CE
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: GetLastError.KERNEL32(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2D8
                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF78EC852D4), ref: 00007FF78EC850BB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLastPrivilegeReleaseTimeZone
                                                                                                                                                              • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                              • API String ID: 1182710636-1154798116
                                                                                                                                                              • Opcode ID: 2522dfc07df6e72b302cec8d7b141b2bfc010b33ede1e5b4a24cbe3b910145ef
                                                                                                                                                              • Instruction ID: c6aeaf64c3180fd4f61bd97a0ed121bcf72628d0fa884087c1fa6ad5bd190d27
                                                                                                                                                              • Opcode Fuzzy Hash: 2522dfc07df6e72b302cec8d7b141b2bfc010b33ede1e5b4a24cbe3b910145ef
                                                                                                                                                              • Instruction Fuzzy Hash: BF519F72E0865286E710FFA2EA815A9FB61FB48784FE14139EA4D47B95DF3CE400C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66940 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                              • Opcode ID: dcb144d10aa30cfaff6b5296c99f780a1ce8abe06b740b4c709fd8aa955fe9f0
                                                                                                                                                              • Instruction ID: 0ee0eb52a08da3d7b4b9104464a146e84eac3ed0a81b2a30eead299f3c063d14
                                                                                                                                                              • Opcode Fuzzy Hash: dcb144d10aa30cfaff6b5296c99f780a1ce8abe06b740b4c709fd8aa955fe9f0
                                                                                                                                                              • Instruction Fuzzy Hash: 1EF0A932D1C64186E7A0AFA4E454766F350FB84724F541739D97E016E4DF3CD008CA10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6A190 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00007FF77FF78EC6A190(intOrPtr* __rax, long long __rbx, long long __rsi, void* __r8, long long _a8, long long _a16) {
				char _v24;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t25;
				void* _t29;
				intOrPtr _t38;
				void* _t45;
				intOrPtr* _t58;
				intOrPtr* _t59;
				void* _t73;

				_t60 = __rbx;
				_t58 = __rax;
				E00007FF77FF78EC6AB04(); // executed
				SetUnhandledExceptionFilter(??);
				goto 0x8ec78fa4;
				asm("int3");
				asm("int3");
				asm("int3");
				_a8 = __rbx;
				_a16 = __rsi;
				_t10 = E00007FF77FF78EC6A62C(1); // executed
				if (_t10 == 0) goto 0x8ec6a303;
				sil = 0;
				_v24 = sil;
				_t11 = E00007FF77FF78EC6A5F0();
				_t38 =  *0x8ecac560; // 0x2
				if (_t38 == 1) goto 0x8ec6a30e;
				if (_t38 != 0) goto 0x8ec6a239;
				 *0x8ecac560 = 1;
				_t12 = E00007FF77FF78EC78B18(__rbx, 0x8ec8a3a0, 0x8ec8a3e0); // executed
				if (_t12 == 0) goto 0x8ec6a21a;
				goto 0x8ec6a2f3;
				E00007FF77FF78EC78AD4(_t60, 0x8ec8a388, 0x8ec8a398); // executed
				 *0x8ecac560 = 2;
				goto 0x8ec6a241;
				sil = 1;
				_v24 = sil;
				E00007FF77FF78EC6A944(E00007FF77FF78EC6A79C(_t11, 0x8ec8a398));
				if ( *_t58 == 0) goto 0x8ec6a274;
				if (E00007FF77FF78EC6A704(_t58, _t58) == 0) goto 0x8ec6a274;
				r8d = 0;
				_t59 =  *_t58;
				E00007FF77FF78EC6A94C( *0x8ec8a360(_t73));
				if ( *_t59 == 0) goto 0x8ec6a296;
				if (E00007FF77FF78EC6A704(_t59, _t59) == 0) goto 0x8ec6a296;
				_t69 =  *_t59;
				E00007FF77FF78EC78E34( *_t59);
				E00007FF77FF78EC6E2F8(E00007FF77FF78EC6E300(E00007FF77FF78EC78A7C(_t45,  *_t59, __rsi)));
				_t84 = _t59;
				_t72 =  *_t59;
				_t25 = E00007FF77FF78EC61000( *_t59, _t59,  *_t59); // executed
				if (E00007FF77FF78EC6AAB0(_t59) == 0) goto 0x8ec6a318;
				if (sil != 0) goto 0x8ec6a2cd;
				E00007FF77FF78EC78E18( *_t59,  *_t59, _t59);
				E00007FF77FF78EC6A7C0(1, 0);
				_t29 = _t25;
				if (E00007FF77FF78EC6AAB0(_t59) == 0) goto 0x8ec6a320;
				if (_v24 != 0) goto 0x8ec6a2f1;
				E00007FF77FF78EC78E08(_t69, _t72, _t84);
				return _t29;
			}














                                                                                                                                                              0x7ff78ec6a190
                                                                                                                                                              0x7ff78ec6a190
                                                                                                                                                              0x7ff78ec6a194
                                                                                                                                                              0x7ff78ec6a199
                                                                                                                                                              0x7ff78ec6a1a4
                                                                                                                                                              0x7ff78ec6a1a9
                                                                                                                                                              0x7ff78ec6a1aa
                                                                                                                                                              0x7ff78ec6a1ab
                                                                                                                                                              0x7ff78ec6a1ac
                                                                                                                                                              0x7ff78ec6a1b1
                                                                                                                                                              0x7ff78ec6a1c0
                                                                                                                                                              0x7ff78ec6a1c7
                                                                                                                                                              0x7ff78ec6a1cd
                                                                                                                                                              0x7ff78ec6a1d0
                                                                                                                                                              0x7ff78ec6a1d5
                                                                                                                                                              0x7ff78ec6a1dc
                                                                                                                                                              0x7ff78ec6a1e5
                                                                                                                                                              0x7ff78ec6a1ed
                                                                                                                                                              0x7ff78ec6a1ef
                                                                                                                                                              0x7ff78ec6a207
                                                                                                                                                              0x7ff78ec6a20e
                                                                                                                                                              0x7ff78ec6a215
                                                                                                                                                              0x7ff78ec6a228
                                                                                                                                                              0x7ff78ec6a22d
                                                                                                                                                              0x7ff78ec6a237
                                                                                                                                                              0x7ff78ec6a239
                                                                                                                                                              0x7ff78ec6a23c
                                                                                                                                                              0x7ff78ec6a248
                                                                                                                                                              0x7ff78ec6a254
                                                                                                                                                              0x7ff78ec6a260
                                                                                                                                                              0x7ff78ec6a262
                                                                                                                                                              0x7ff78ec6a26b
                                                                                                                                                              0x7ff78ec6a274
                                                                                                                                                              0x7ff78ec6a280
                                                                                                                                                              0x7ff78ec6a28c
                                                                                                                                                              0x7ff78ec6a28e
                                                                                                                                                              0x7ff78ec6a291
                                                                                                                                                              0x7ff78ec6a2a6
                                                                                                                                                              0x7ff78ec6a2ab
                                                                                                                                                              0x7ff78ec6a2ae
                                                                                                                                                              0x7ff78ec6a2b3
                                                                                                                                                              0x7ff78ec6a2c1
                                                                                                                                                              0x7ff78ec6a2c6
                                                                                                                                                              0x7ff78ec6a2c8
                                                                                                                                                              0x7ff78ec6a2d1
                                                                                                                                                              0x7ff78ec6a2d6
                                                                                                                                                              0x7ff78ec6a2e3
                                                                                                                                                              0x7ff78ec6a2ea
                                                                                                                                                              0x7ff78ec6a2ec
                                                                                                                                                              0x7ff78ec6a302

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 59578552-0
                                                                                                                                                              • Opcode ID: 89476163297b1986c36223162515cabc13cdfddbe3f763e035948e907b44b7ef
                                                                                                                                                              • Instruction ID: 39a1c7123d302a11fc99ecb6de640bc173d8833e8a65e6748128781e151e15b6
                                                                                                                                                              • Opcode Fuzzy Hash: 89476163297b1986c36223162515cabc13cdfddbe3f763e035948e907b44b7ef
                                                                                                                                                              • Instruction Fuzzy Hash: 30E0B631E1D11385E61876EADC820B990917F55360FF0023AE21D816D2CF3D6591C672
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7FDC8 Relevance: 2.0, APIs: 1, Instructions: 462COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E00007FF77FF78EC7FDC8(void* __ecx, intOrPtr __edx, void* __ebp, signed long long __rax, long long __rbx, signed long long __rcx, void* __rdx, void* __r9, signed char _a8, intOrPtr _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t40;
				void* _t42;
				void* _t46;
				void* _t48;
				void* _t50;
				intOrPtr _t76;
				void* _t84;
				void* _t87;
				void* _t89;
				void* _t92;
				void* _t93;
				signed long long _t114;
				intOrPtr _t116;
				signed long long _t118;
				intOrPtr* _t121;
				intOrPtr* _t124;
				signed long long _t130;
				signed long long _t132;
				signed long long _t133;
				void* _t159;
				long long _t164;
				signed long long _t165;
				signed long long _t166;
				void* _t174;
				void* _t175;
				void* _t177;
				signed long long _t178;
				signed long long _t179;
				signed long long _t181;
				signed long long _t183;
				intOrPtr* _t184;
				long long _t188;

				_t123 = __rbx;
				_t114 = __rax;
				_a24 = __rbx;
				_a16 = __edx;
				_t188 = __rcx;
				if (__rcx != 0) goto 0x8ec7fdfc;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				goto 0x8ec800ef;
				E00007FF77FF78EC6B468(__ecx, 0x3d, __rcx, __rcx, __rdx, __r9);
				_t178 = _t114;
				if (_t114 == 0) goto 0x8ec800dc;
				if (_t114 == __rcx) goto 0x8ec800dc;
				_t179 =  *0x8ecac9d0; // 0x0
				_t84 = _t179 -  *0x8ecac9e8; // 0x0
				bpl =  *(_t114 + 1);
				_a8 = bpl;
				if (_t84 != 0) goto 0x8ec7fe49;
				E00007FF77FF78EC80484(__rbx, _t179, __rcx, _t164);
				 *0x8ecac9d0 = _t114;
				r12d = 1;
				if (_t114 != 0) goto 0x8ec7ff22;
				if (__edx == 0) goto 0x8ec7feb1;
				_t87 =  *0x8ecac9d8 - _t164; // 0x2176c638aa0
				if (_t87 == 0) goto 0x8ec7feb1;
				E00007FF77FF78EC789C0(_t179, __rcx, _t164);
				if (_t114 != 0) goto 0x8ec7fe8d;
				E00007FF77FF78EC75E08(_t114);
				 *_t114 = 0x16;
				_t166 = _t165 | 0xffffffff;
				E00007FF77FF78EC7A2B8(_t114, __rcx);
				goto 0x8ec800f3;
				_t181 =  *0x8ecac9d0; // 0x0
				_t89 = _t181 -  *0x8ecac9e8; // 0x0
				if (_t89 != 0) goto 0x8ec7ff19;
				_t40 = E00007FF77FF78EC80484(_t123, _t181, __rcx, _t164);
				 *0x8ecac9d0 = _t114;
				goto 0x8ec7ff19;
				if (bpl == 0) goto 0x8ec7ffd2;
				E00007FF77FF78EC7E248(_t40, _t175, __rdx);
				 *0x8ecac9d0 = _t114;
				_t42 = E00007FF77FF78EC7A2B8(_t114, _t175);
				_t183 =  *0x8ecac9d0; // 0x0
				if (_t183 == 0) goto 0x8ec7fe7a;
				_t92 =  *0x8ecac9d8 - _t164; // 0x2176c638aa0
				if (_t92 != 0) goto 0x8ec7ff19;
				E00007FF77FF78EC7E248(_t42, _t175, __rdx);
				 *0x8ecac9d8 = _t114;
				E00007FF77FF78EC7A2B8(_t114, _t175);
				_t93 =  *0x8ecac9d8 - _t164; // 0x2176c638aa0
				if (_t93 == 0) goto 0x8ec7fe7a;
				_t184 =  *0x8ecac9d0; // 0x0
				if (_t184 == 0) goto 0x8ec7fe7a;
				_t177 = _t178 - __rcx;
				_t124 = _t184;
				if ( *_t184 == 0) goto 0x8ec7ff67;
				if (E00007FF77FF78EC86448(_t76, _t124, __rcx,  *_t184, _t164, _t166, _t177, __r9) != 0) goto 0x8ec7ff55;
				_t116 =  *_t124;
				if ( *((char*)(_t177 + _t116)) == 0x3d) goto 0x8ec7ff5e;
				if ( *((intOrPtr*)(_t177 + _t116)) == sil) goto 0x8ec7ff5e;
				goto 0x8ec7ff2e;
				goto 0x8ec7ff71;
				_t130 =  ~((_t124 + 8 - _t184 >> 3) - _t184 >> 3);
				if (_t130 < 0) goto 0x8ec7ffcd;
				if ( *_t184 == _t164) goto 0x8ec7ffcd;
				_t46 = E00007FF77FF78EC7A2B8( *((intOrPtr*)(_t124 + 8)),  *(_t184 + _t130 * 8));
				if (bpl == 0) goto 0x8ec7ff9e;
				 *(_t184 + _t130 * 8) = __rcx;
				goto 0x8ec8002d;
				_t118 =  *((intOrPtr*)(_t184 + 8 + _t130 * 8));
				 *(_t184 + _t130 * 8) = _t118;
				if ( *((intOrPtr*)(_t184 + (_t130 + 1) * 8)) != _t164) goto 0x8ec7ff92;
				r8d = 8;
				E00007FF77FF78EC82890(_t46, _t130 + 1, _t184, _t130 + 1, _t164, _t166, _t177);
				_t132 = _t118;
				_t48 = E00007FF77FF78EC7A2B8(_t118, _t184);
				if (_t132 == 0) goto 0x8ec80030;
				 *0x8ecac9d0 = _t132;
				goto 0x8ec80030;
				if (bpl != 0) goto 0x8ec7ffd9;
				goto 0x8ec7fe7e;
				_t133 =  ~_t132;
				_t18 = _t133 + 2; // 0x2
				_t159 = _t18;
				if (_t159 - _t133 < 0) goto 0x8ec7fe7a;
				if (_t159 - 0xffffffff >= 0) goto 0x8ec7fe7a;
				r8d = 8;
				E00007FF77FF78EC82890(_t48, _t133, _t184, _t159, _t164, _t166, _t177);
				_t50 = E00007FF77FF78EC7A2B8(0xffffffff, _t184);
				if (0xffffffff == 0) goto 0x8ec7fe7a;
				 *((long long*)(0xffffffff + _t133 * 8)) = _t188;
				 *((long long*)(0xffffffff + 8 + _t133 * 8)) = _t164;
				 *0x8ecac9d0 = 0xffffffff;
				if (_a16 == 0) goto 0x8ec800d0;
				_t187 = (_t166 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t188 + (_t166 | 0xffffffff) + 1)) != sil) goto 0x8ec80041;
				E00007FF77FF78EC7E248(_t50, (_t166 | 0xffffffff) + 3, _t159);
				if (0xffffffff != 0) goto 0x8ec80069;
				E00007FF77FF78EC7A2B8(0xffffffff, (_t166 | 0xffffffff) + 3);
				goto 0x8ec800bc;
				if (E00007FF77FF78EC7965C(0xffffffff, 0xffffffff, _t187 + 2, _t188) != 0) goto 0x8ec8010b;
				_t28 = _t178 + 1; // 0x1
				_t121 = 0xffffffff - _t188;
				_a8 =  ~_a8;
				asm("dec eax");
				 *((intOrPtr*)(_t28 + _t121 - 1)) = sil;
				if (E00007FF77FF78EC86560(0, E00007FF77FF78EC7965C(0xffffffff, 0xffffffff, _t187 + 2, _t188), 0xffffffff, 0xffffffff, _t187 + 0x00000002 & _t28 + _t121, _t164, _t164, _t188, __r9, _t174) != 0) goto 0x8ec800c8;
				E00007FF77FF78EC75E08(_t121);
				 *_t121 = 0x2a;
				E00007FF77FF78EC7A2B8(_t121, 0xffffffff);
				E00007FF77FF78EC7A2B8(_t121, _t164);
				goto 0x8ec800f3;
				E00007FF77FF78EC7A2B8(_t121, 0xffffffff);
				E00007FF77FF78EC7A2B8(_t121, _t164);
				goto 0x8ec800f3;
				E00007FF77FF78EC75E08(_t121);
				 *_t121 = 0x16;
				return E00007FF77FF78EC7A2B8(_t121, _t188);
			}






































                                                                                                                                                              0x7ff78ec7fdc8
                                                                                                                                                              0x7ff78ec7fdc8
                                                                                                                                                              0x7ff78ec7fdc8
                                                                                                                                                              0x7ff78ec7fdcd
                                                                                                                                                              0x7ff78ec7fde4
                                                                                                                                                              0x7ff78ec7fdea
                                                                                                                                                              0x7ff78ec7fdec
                                                                                                                                                              0x7ff78ec7fdf1
                                                                                                                                                              0x7ff78ec7fdf7
                                                                                                                                                              0x7ff78ec7fe04
                                                                                                                                                              0x7ff78ec7fe09
                                                                                                                                                              0x7ff78ec7fe0f
                                                                                                                                                              0x7ff78ec7fe18
                                                                                                                                                              0x7ff78ec7fe1e
                                                                                                                                                              0x7ff78ec7fe25
                                                                                                                                                              0x7ff78ec7fe2c
                                                                                                                                                              0x7ff78ec7fe30
                                                                                                                                                              0x7ff78ec7fe35
                                                                                                                                                              0x7ff78ec7fe3a
                                                                                                                                                              0x7ff78ec7fe42
                                                                                                                                                              0x7ff78ec7fe49
                                                                                                                                                              0x7ff78ec7fe52
                                                                                                                                                              0x7ff78ec7fe5a
                                                                                                                                                              0x7ff78ec7fe5c
                                                                                                                                                              0x7ff78ec7fe63
                                                                                                                                                              0x7ff78ec7fe65
                                                                                                                                                              0x7ff78ec7fe6d
                                                                                                                                                              0x7ff78ec7fe6f
                                                                                                                                                              0x7ff78ec7fe74
                                                                                                                                                              0x7ff78ec7fe7a
                                                                                                                                                              0x7ff78ec7fe81
                                                                                                                                                              0x7ff78ec7fe88
                                                                                                                                                              0x7ff78ec7fe8d
                                                                                                                                                              0x7ff78ec7fe94
                                                                                                                                                              0x7ff78ec7fe9b
                                                                                                                                                              0x7ff78ec7fea0
                                                                                                                                                              0x7ff78ec7fea8
                                                                                                                                                              0x7ff78ec7feaf
                                                                                                                                                              0x7ff78ec7feb4
                                                                                                                                                              0x7ff78ec7fec2
                                                                                                                                                              0x7ff78ec7fec9
                                                                                                                                                              0x7ff78ec7fed0
                                                                                                                                                              0x7ff78ec7fed5
                                                                                                                                                              0x7ff78ec7fedf
                                                                                                                                                              0x7ff78ec7fee1
                                                                                                                                                              0x7ff78ec7fee8
                                                                                                                                                              0x7ff78ec7fef2
                                                                                                                                                              0x7ff78ec7fef9
                                                                                                                                                              0x7ff78ec7ff00
                                                                                                                                                              0x7ff78ec7ff05
                                                                                                                                                              0x7ff78ec7ff0c
                                                                                                                                                              0x7ff78ec7ff12
                                                                                                                                                              0x7ff78ec7ff1c
                                                                                                                                                              0x7ff78ec7ff28
                                                                                                                                                              0x7ff78ec7ff2b
                                                                                                                                                              0x7ff78ec7ff31
                                                                                                                                                              0x7ff78ec7ff43
                                                                                                                                                              0x7ff78ec7ff45
                                                                                                                                                              0x7ff78ec7ff4d
                                                                                                                                                              0x7ff78ec7ff53
                                                                                                                                                              0x7ff78ec7ff5c
                                                                                                                                                              0x7ff78ec7ff65
                                                                                                                                                              0x7ff78ec7ff6e
                                                                                                                                                              0x7ff78ec7ff74
                                                                                                                                                              0x7ff78ec7ff79
                                                                                                                                                              0x7ff78ec7ff7f
                                                                                                                                                              0x7ff78ec7ff87
                                                                                                                                                              0x7ff78ec7ff89
                                                                                                                                                              0x7ff78ec7ff8d
                                                                                                                                                              0x7ff78ec7ff92
                                                                                                                                                              0x7ff78ec7ff97
                                                                                                                                                              0x7ff78ec7ffa2
                                                                                                                                                              0x7ff78ec7ffa4
                                                                                                                                                              0x7ff78ec7ffb0
                                                                                                                                                              0x7ff78ec7ffb7
                                                                                                                                                              0x7ff78ec7ffba
                                                                                                                                                              0x7ff78ec7ffc2
                                                                                                                                                              0x7ff78ec7ffc4
                                                                                                                                                              0x7ff78ec7ffcb
                                                                                                                                                              0x7ff78ec7ffd0
                                                                                                                                                              0x7ff78ec7ffd4
                                                                                                                                                              0x7ff78ec7ffd9
                                                                                                                                                              0x7ff78ec7ffdc
                                                                                                                                                              0x7ff78ec7ffdc
                                                                                                                                                              0x7ff78ec7ffe3
                                                                                                                                                              0x7ff78ec7fff6
                                                                                                                                                              0x7ff78ec7fffc
                                                                                                                                                              0x7ff78ec80005
                                                                                                                                                              0x7ff78ec8000f
                                                                                                                                                              0x7ff78ec80017
                                                                                                                                                              0x7ff78ec8001d
                                                                                                                                                              0x7ff78ec80021
                                                                                                                                                              0x7ff78ec80026
                                                                                                                                                              0x7ff78ec80034
                                                                                                                                                              0x7ff78ec80041
                                                                                                                                                              0x7ff78ec80048
                                                                                                                                                              0x7ff78ec80053
                                                                                                                                                              0x7ff78ec8005e
                                                                                                                                                              0x7ff78ec80062
                                                                                                                                                              0x7ff78ec80067
                                                                                                                                                              0x7ff78ec8007a
                                                                                                                                                              0x7ff78ec80083
                                                                                                                                                              0x7ff78ec80087
                                                                                                                                                              0x7ff78ec8008d
                                                                                                                                                              0x7ff78ec80091
                                                                                                                                                              0x7ff78ec80097
                                                                                                                                                              0x7ff78ec800a5
                                                                                                                                                              0x7ff78ec800a7
                                                                                                                                                              0x7ff78ec800af
                                                                                                                                                              0x7ff78ec800b5
                                                                                                                                                              0x7ff78ec800bf
                                                                                                                                                              0x7ff78ec800c6
                                                                                                                                                              0x7ff78ec800cb
                                                                                                                                                              0x7ff78ec800d3
                                                                                                                                                              0x7ff78ec800da
                                                                                                                                                              0x7ff78ec800dc
                                                                                                                                                              0x7ff78ec800e4
                                                                                                                                                              0x7ff78ec8010a

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1010374628-0
                                                                                                                                                              • Opcode ID: d1ffa50cc6f1b7c7c0f58a3cf45a0088685103fc2de1a2d8c6f6c448e8bd3d24
                                                                                                                                                              • Instruction ID: 31550bde5abdf668aac666e73bfbabd4d2df66895d0f534665a571413568dc51
                                                                                                                                                              • Opcode Fuzzy Hash: d1ffa50cc6f1b7c7c0f58a3cf45a0088685103fc2de1a2d8c6f6c448e8bd3d24
                                                                                                                                                              • Instruction Fuzzy Hash: 3902AF22E1D66741FA65BBE6D942279A680BF42BA0FF44639DD2D463D2DF3DE401C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC617B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 36%
                                                                                                                                                              			E00007FF77FF78EC617B0(long long __rbx, signed long long* __rcx, long long _a16) {
				signed int _v16;
				char _v21;
				unsigned long long _v24;
				void* __rdi;
				void* _t40;
				void* _t43;
				intOrPtr _t51;
				intOrPtr _t69;
				signed long long _t84;
				signed long long _t85;
				unsigned long long _t86;
				unsigned long long _t87;
				intOrPtr* _t90;
				long long* _t93;
				void* _t102;
				void* _t110;
				char* _t118;
				void* _t124;
				unsigned long long _t125;
				long long _t127;
				void* _t128;
				void* _t131;
				void* _t132;

				_a16 = __rbx;
				_t84 =  *0x8ec9d000; // 0xa1f108556e84
				_t85 = _t84 ^ _t128 - 0x00000030;
				_v16 = _t85;
				_t93 = __rcx;
				if ( *__rcx != 0) goto 0x8ec617ef;
				_t3 = _t93 + 0x78; // 0x78
				_t40 = E00007FF77FF78EC62DC0(_t85, _t3, "rb"); // executed
				 *__rcx = _t85;
				if (_t85 == 0) goto 0x8ec61842;
				_t86 = "MEI"; // 0xe0b0a0b0049454d
				_v24 = _t86;
				r8d = 8;
				_t87 = _t86 >> 0x18;
				_v21 = _t40 + 0xc;
				E00007FF77FF78EC662C0(_t87, __rcx, _t85,  &_v24, _t124, _t131); // executed
				_t125 = _t87;
				if (_t87 == 0) goto 0x8ec61842;
				r8d = 0;
				_t43 = E00007FF77FF78EC6EB90(_t87, _t93,  *_t93, _t125); // executed
				if (_t43 >= 0) goto 0x8ec6184c;
				_t118 = "Failed to seek to cookie position!\n";
				E00007FF77FF78EC61C10("fseek", _t118, _t131, _t132);
				goto 0x8ec619b3;
				_t8 = _t118 - 0x57; // 0x1, executed
				r8d = _t8;
				E00007FF77FF78EC6E878(_t118, _t131,  *_t93); // executed
				if (_t87 - 1 >= 0) goto 0x8ec61884;
				_t102 = "fread";
				E00007FF77FF78EC61C10(_t102, "Failed to read cookie!\n", _t131,  *_t93);
				goto 0x8ec619b3;
				r8d = 0;
				asm("bswap eax");
				asm("bswap eax");
				_t51 =  *((intOrPtr*)(_t93 + 0x34));
				asm("bswap ecx");
				asm("bswap eax");
				_t127 = _t125 - _t102 + 0x58;
				 *((intOrPtr*)(_t93 + 0x34)) = _t51;
				 *((long long*)(_t93 + 8)) = _t127;
				 *((intOrPtr*)(_t93 + 0x507c)) = 0;
				 *0x8ec9dc74 = _t51;
				E00007FF77FF78EC6EB90(_t87, _t93,  *_t93, _t127); // executed
				0x8ec73eec();
				 *(_t93 + 0x10) = _t87;
				if (_t87 != 0) goto 0x8ec618fe;
				E00007FF77FF78EC61C10("malloc", "Could not allocate buffer for TOC!\n", _t131,  *_t93);
				goto 0x8ec619b3;
				r8d = 1;
				E00007FF77FF78EC6E878( *((intOrPtr*)(_t93 + 0x30)), _t131,  *_t93);
				if (_t87 - 1 >= 0) goto 0x8ec61925;
				goto 0x8ec6186e;
				 *((long long*)(_t93 + 0x18)) =  *((intOrPtr*)(_t93 + 0x30)) +  *(_t93 + 0x10);
				if (E00007FF77FF78EC6E5EC( *((intOrPtr*)(_t93 + 0x30)) +  *(_t93 + 0x10),  *_t93) == 0) goto 0x8ec61950;
				E00007FF77FF78EC61C50(_t56,  *((intOrPtr*)(_t93 + 0x30)) +  *(_t93 + 0x10), "Error on file.\n", "Could not read full TOC!\n", _t131,  *_t93);
				goto 0x8ec619b3;
				_t90 =  *(_t93 + 0x10);
				if (_t90 -  *((intOrPtr*)(_t93 + 0x18)) >= 0) goto 0x8ec619a1;
				asm("o16 nop [eax+eax]");
				_t69 =  *_t90;
				asm("bswap ecx");
				asm("bswap ecx");
				asm("bswap ecx");
				asm("bswap edx");
				 *_t90 = _t69;
				_t110 = _t69 + _t90;
				if (_t110 -  *(_t93 + 0x10) < 0) goto 0x8ec61995;
				if (_t110 -  *((intOrPtr*)(_t93 + 0x18)) < 0) goto 0x8ec61960;
				goto 0x8ec619a1;
				E00007FF77FF78EC61C50(0xffffffff, _t110, "Cannot read Table of Contents.\n", "Could not read full TOC!\n", _t131,  *_t93);
				if ( *_t93 == 0) goto 0x8ec619b1; // executed
				E00007FF77FF78EC6E528(_t110, _t93,  *_t93, _t127); // executed
				 *_t93 = _t127;
				return E00007FF77FF78EC6A040(0,  *((intOrPtr*)(_t90 + 0xc)), _v16 ^ _t128 - 0x00000030);
			}


























                                                                                                                                                              0x7ff78ec617b0
                                                                                                                                                              0x7ff78ec617ba
                                                                                                                                                              0x7ff78ec617c1
                                                                                                                                                              0x7ff78ec617c4
                                                                                                                                                              0x7ff78ec617c9
                                                                                                                                                              0x7ff78ec617d2
                                                                                                                                                              0x7ff78ec617d4
                                                                                                                                                              0x7ff78ec617df
                                                                                                                                                              0x7ff78ec617e4
                                                                                                                                                              0x7ff78ec617ed
                                                                                                                                                              0x7ff78ec617ef
                                                                                                                                                              0x7ff78ec617fb
                                                                                                                                                              0x7ff78ec61800
                                                                                                                                                              0x7ff78ec61806
                                                                                                                                                              0x7ff78ec6180c
                                                                                                                                                              0x7ff78ec61810
                                                                                                                                                              0x7ff78ec61815
                                                                                                                                                              0x7ff78ec6181b
                                                                                                                                                              0x7ff78ec61820
                                                                                                                                                              0x7ff78ec61826
                                                                                                                                                              0x7ff78ec6182d
                                                                                                                                                              0x7ff78ec6182f
                                                                                                                                                              0x7ff78ec6183d
                                                                                                                                                              0x7ff78ec61847
                                                                                                                                                              0x7ff78ec61858
                                                                                                                                                              0x7ff78ec61858
                                                                                                                                                              0x7ff78ec6185c
                                                                                                                                                              0x7ff78ec61865
                                                                                                                                                              0x7ff78ec6186e
                                                                                                                                                              0x7ff78ec61875
                                                                                                                                                              0x7ff78ec6187f
                                                                                                                                                              0x7ff78ec61887
                                                                                                                                                              0x7ff78ec6188d
                                                                                                                                                              0x7ff78ec61895
                                                                                                                                                              0x7ff78ec6189a
                                                                                                                                                              0x7ff78ec6189d
                                                                                                                                                              0x7ff78ec618a7
                                                                                                                                                              0x7ff78ec618a9
                                                                                                                                                              0x7ff78ec618ad
                                                                                                                                                              0x7ff78ec618b0
                                                                                                                                                              0x7ff78ec618b6
                                                                                                                                                              0x7ff78ec618bc
                                                                                                                                                              0x7ff78ec618cc
                                                                                                                                                              0x7ff78ec618d5
                                                                                                                                                              0x7ff78ec618da
                                                                                                                                                              0x7ff78ec618e1
                                                                                                                                                              0x7ff78ec618f1
                                                                                                                                                              0x7ff78ec618f9
                                                                                                                                                              0x7ff78ec61902
                                                                                                                                                              0x7ff78ec6190e
                                                                                                                                                              0x7ff78ec61917
                                                                                                                                                              0x7ff78ec61920
                                                                                                                                                              0x7ff78ec61930
                                                                                                                                                              0x7ff78ec6193b
                                                                                                                                                              0x7ff78ec61944
                                                                                                                                                              0x7ff78ec6194e
                                                                                                                                                              0x7ff78ec61950
                                                                                                                                                              0x7ff78ec61958
                                                                                                                                                              0x7ff78ec6195a
                                                                                                                                                              0x7ff78ec61963
                                                                                                                                                              0x7ff78ec61965
                                                                                                                                                              0x7ff78ec6196d
                                                                                                                                                              0x7ff78ec61975
                                                                                                                                                              0x7ff78ec6197a
                                                                                                                                                              0x7ff78ec6197c
                                                                                                                                                              0x7ff78ec61981
                                                                                                                                                              0x7ff78ec6198b
                                                                                                                                                              0x7ff78ec61991
                                                                                                                                                              0x7ff78ec61993
                                                                                                                                                              0x7ff78ec6199c
                                                                                                                                                              0x7ff78ec619a7
                                                                                                                                                              0x7ff78ec619a9
                                                                                                                                                              0x7ff78ec619ae
                                                                                                                                                              0x7ff78ec619ca

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                                                                                                              • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                              • API String ID: 3405171723-4158440160
                                                                                                                                                              • Opcode ID: a2041e0f03f4a32b63659f3071fe76b9939fae3446eec2c0125ca6a89955ad74
                                                                                                                                                              • Instruction ID: fb311a58e5d64e86b16bb43b0c5678a62a72e8268c61f7b01cd41ca4408b2a46
                                                                                                                                                              • Opcode Fuzzy Hash: a2041e0f03f4a32b63659f3071fe76b9939fae3446eec2c0125ca6a89955ad74
                                                                                                                                                              • Instruction Fuzzy Hash: 1B51A571E1960286EF54EFA5D45017EB3A0FF48B89BA1853AD90D873A9DF3CE540C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC61440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 53 7ff78ec61440-7ff78ec61457 call 7ff78ec65840 56 7ff78ec61459-7ff78ec61461 53->56 57 7ff78ec61462-7ff78ec61485 call 7ff78ec65b60 53->57 60 7ff78ec614a7-7ff78ec614ad 57->60 61 7ff78ec61487-7ff78ec614a2 call 7ff78ec61c10 57->61 62 7ff78ec614e0-7ff78ec614f4 call 7ff78ec6eb90 60->62 63 7ff78ec614af-7ff78ec614ba call 7ff78ec62dc0 60->63 68 7ff78ec61635-7ff78ec61647 61->68 72 7ff78ec61516-7ff78ec6151a 62->72 73 7ff78ec614f6-7ff78ec61511 call 7ff78ec61c10 62->73 69 7ff78ec614bf-7ff78ec614c5 63->69 69->62 71 7ff78ec614c7-7ff78ec614db call 7ff78ec61c50 69->71 84 7ff78ec61617-7ff78ec6161d 71->84 76 7ff78ec6151c-7ff78ec61528 call 7ff78ec61050 72->76 77 7ff78ec61534-7ff78ec61554 call 7ff78ec73eec 72->77 73->84 82 7ff78ec6152d-7ff78ec6152f 76->82 85 7ff78ec61556-7ff78ec61570 call 7ff78ec61c10 77->85 86 7ff78ec61575-7ff78ec6157b 77->86 82->84 87 7ff78ec6162b-7ff78ec6162e call 7ff78ec6e528 84->87 88 7ff78ec6161f call 7ff78ec6e528 84->88 99 7ff78ec6160d-7ff78ec61612 85->99 91 7ff78ec61605-7ff78ec61608 call 7ff78ec73ed8 86->91 92 7ff78ec61581-7ff78ec61586 86->92 94 7ff78ec61633 87->94 98 7ff78ec61624 88->98 91->99 97 7ff78ec61590-7ff78ec615b2 call 7ff78ec6e878 92->97 94->68 102 7ff78ec615b4-7ff78ec615cc call 7ff78ec6ef84 97->102 103 7ff78ec615e5-7ff78ec615ec 97->103 98->87 99->84 108 7ff78ec615ce-7ff78ec615d1 102->108 109 7ff78ec615d5-7ff78ec615e3 102->109 104 7ff78ec615f3-7ff78ec615fb call 7ff78ec61c10 103->104 112 7ff78ec61600 104->112 108->97 111 7ff78ec615d3 108->111 109->104 111->112 112->91
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC61440(void* __rcx, void* __rdx) {
				void* _t1;
				void* _t3;
				void* _t7;
				void* _t8;

				_t1 = E00007FF77FF78EC65840(_t3, __rcx, _t7, _t8); // executed
				if (_t1 != 0xffffffff) goto 0x8ec61462;
				return _t1;
			}







                                                                                                                                                              0x7ff78ec6144f
                                                                                                                                                              0x7ff78ec61457
                                                                                                                                                              0x7ff78ec61461

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                              • API String ID: 0-666925554
                                                                                                                                                              • Opcode ID: fa4d053e42b8e35de09cbd966fe078a9904ed96564521b2ee876ba8775ba802c
                                                                                                                                                              • Instruction ID: 49a4160f9bfc43b6ef7f127b14fdb1fe3d377c8fb0c980c136210a80a41606f7
                                                                                                                                                              • Opcode Fuzzy Hash: fa4d053e42b8e35de09cbd966fe078a9904ed96564521b2ee876ba8775ba802c
                                                                                                                                                              • Instruction Fuzzy Hash: C651BB21F0865285FA10BBE1E5006BAE3A0BF45BE9FE44439DE1D476A6EF3CE145C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC669C0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                              • API String ID: 4998090-2855260032
                                                                                                                                                              • Opcode ID: 76b18b5612106bbf4c8a73d45fa6a98ccf9096e2a9090f4771d832564295246d
                                                                                                                                                              • Instruction ID: c5e1218a875dc675bc7bf46a0ca06707586707450f9609a81ad012eddeddd01d
                                                                                                                                                              • Opcode Fuzzy Hash: 76b18b5612106bbf4c8a73d45fa6a98ccf9096e2a9090f4771d832564295246d
                                                                                                                                                              • Instruction Fuzzy Hash: B4419331A1C68282EB50AF94E4447AAF361FF84794FA44235EA6F476E5DF3CE448C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC85D08 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 360 7ff78ec85d08-7ff78ec85d7b call 7ff78ec85a38 363 7ff78ec85d7d-7ff78ec85d86 call 7ff78ec75de8 360->363 364 7ff78ec85d95-7ff78ec85d9f call 7ff78ec76be0 360->364 369 7ff78ec85d89-7ff78ec85d90 call 7ff78ec75e08 363->369 370 7ff78ec85dba-7ff78ec85e23 CreateFileW 364->370 371 7ff78ec85da1-7ff78ec85db8 call 7ff78ec75de8 call 7ff78ec75e08 364->371 383 7ff78ec860d7-7ff78ec860f7 369->383 374 7ff78ec85e25-7ff78ec85e2b 370->374 375 7ff78ec85ea0-7ff78ec85eab GetFileType 370->375 371->369 380 7ff78ec85e6d-7ff78ec85e9b GetLastError call 7ff78ec75d7c 374->380 381 7ff78ec85e2d-7ff78ec85e31 374->381 377 7ff78ec85efe-7ff78ec85f05 375->377 378 7ff78ec85ead-7ff78ec85ee8 GetLastError call 7ff78ec75d7c CloseHandle 375->378 386 7ff78ec85f0d-7ff78ec85f10 377->386 387 7ff78ec85f07-7ff78ec85f0b 377->387 378->369 394 7ff78ec85eee-7ff78ec85ef9 call 7ff78ec75e08 378->394 380->369 381->380 388 7ff78ec85e33-7ff78ec85e6b CreateFileW 381->388 392 7ff78ec85f16-7ff78ec85f6b call 7ff78ec76af8 386->392 393 7ff78ec85f12 386->393 387->392 388->375 388->380 398 7ff78ec85f6d-7ff78ec85f79 call 7ff78ec85c44 392->398 399 7ff78ec85f8a-7ff78ec85fbb call 7ff78ec857c0 392->399 393->392 394->369 398->399 405 7ff78ec85f7b 398->405 406 7ff78ec85fbd-7ff78ec85fbf 399->406 407 7ff78ec85fc1-7ff78ec86004 399->407 408 7ff78ec85f7d-7ff78ec85f85 call 7ff78ec7a430 405->408 406->408 409 7ff78ec86026-7ff78ec86031 407->409 410 7ff78ec86006-7ff78ec8600a 407->410 408->383 413 7ff78ec86037-7ff78ec8603b 409->413 414 7ff78ec860d5 409->414 410->409 412 7ff78ec8600c-7ff78ec86021 410->412 412->409 413->414 415 7ff78ec86041-7ff78ec86086 CloseHandle CreateFileW 413->415 414->383 417 7ff78ec860bb-7ff78ec860d0 415->417 418 7ff78ec86088-7ff78ec860b6 GetLastError call 7ff78ec75d7c call 7ff78ec76d20 415->418 417->414 418->417
                                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                                              			E00007FF77FF78EC85D08(void* __ecx, void* __ebp, void* __eflags, long long __rbx, long long __rcx, signed int* __rdx, long long __rdi, long long __rsi, long long __r8) {
				void* __rbp;
				signed int _t151;
				long _t164;
				void* _t168;
				signed int _t170;
				void* _t184;
				signed int _t187;
				signed int _t188;
				void* _t216;
				intOrPtr* _t237;
				intOrPtr* _t240;
				long long _t252;
				long long _t260;
				signed long long _t266;
				signed long long _t280;
				intOrPtr _t281;
				signed long long _t282;
				signed long long _t301;
				signed int* _t306;
				long long _t309;
				void* _t311;
				void* _t312;
				intOrPtr* _t314;
				void* _t315;
				void* _t323;
				void* _t325;
				void* _t329;
				void* _t333;

				_t317 = __r8;
				_t216 = __ebp;
				_t237 = _t314;
				 *((long long*)(_t237 + 8)) = __rbx;
				 *((long long*)(_t237 + 0x10)) = __rsi;
				 *((long long*)(_t237 + 0x20)) = __rdi;
				 *((long long*)(_t237 + 0x18)) = __r8;
				_t312 = _t237 - 0x47;
				_t315 = _t314 - 0xc0;
				r12d = r9d;
				_t260 = __r8;
				r9d =  *(_t312 + 0x77);
				_t306 = __rdx;
				r8d =  *(_t312 + 0x6f);
				_t309 = __rcx;
				E00007FF77FF78EC85A38(r12d, __eflags, _t237, __r8, _t312 - 1, _t312);
				asm("movups xmm0, [eax]");
				asm("movsd xmm1, [eax+0x10]");
				asm("movups [ebp-0x59], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("dec cx");
				asm("movsd [ebp-0x39], xmm1");
				asm("movsd [ebp-0x49], xmm1");
				 *(_t312 - 0x29) = _t333 >> 0x20;
				if (r15d != 0xffffffff) goto 0x8ec85d95;
				E00007FF77FF78EC75DE8(_t237);
				 *_t237 = 0;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FF77FF78EC75E08(_t237);
				goto 0x8ec860d7;
				_t151 = E00007FF77FF78EC76BE0(r12d, _t237, __r8, __rdx, __rdx, _t309);
				 *__rdx = _t151;
				if (_t151 != 0xffffffff) goto 0x8ec85dba;
				E00007FF77FF78EC75DE8(_t237);
				 *_t237 = 0;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FF77FF78EC75E08(_t237);
				 *_t237 = 0x18;
				goto 0x8ec85d89;
				r8d = r15d;
				r14d = r14d |  *(_t312 - 0x49);
				 *_t309 = 1;
				 *((long long*)(_t315 + 0x30)) = _t309;
				 *(_t315 + 0x28) = r14d;
				 *((intOrPtr*)(_t315 + 0x20)) =  *((intOrPtr*)(_t312 - 0x51));
				 *((intOrPtr*)(_t312 - 0x21)) = 0x18;
				 *((long long*)(_t312 - 0x19)) = _t309;
				 *(_t312 - 0x11) =  !(r12d >> 7) & 0x00000001;
				 *(_t312 - 0x31) =  *(_t312 - 0x49) >> 0x20;
				CreateFileW(??, ??, ??, ??, ??, ??, ??); // executed
				_t187 =  *(_t312 - 0x55);
				if (_t237 != 0xffffffff) goto 0x8ec85ea0;
				if ((_t187 & 0xc0000000) != 0xc0000000) goto 0x8ec85e6d;
				if ((r12b & 0x00000001) == 0) goto 0x8ec85e6d;
				 *((long long*)(_t315 + 0x30)) = _t309;
				asm("btr ebx, 0x1f");
				 *(_t312 - 0x55) = _t187;
				r8d = r15d;
				 *(_t315 + 0x28) = r14d;
				 *((intOrPtr*)(_t315 + 0x20)) =  *((intOrPtr*)(_t312 - 0x51));
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t237 != 0xffffffff) goto 0x8ec85ea0;
				_t266 =  *__rdx;
				_t240 =  *((intOrPtr*)(0x8ecaca50 + (_t266 >> 6) * 8));
				 *(_t240 + 0x38 + (_t266 + _t266 * 8) * 8) =  *(_t240 + 0x38 + (_t266 + _t266 * 8) * 8) & 0x000000fe;
				E00007FF77FF78EC75D7C(GetLastError(), _t240, _t266 + _t266 * 8);
				goto 0x8ec85d89;
				_t164 = GetFileType(_t333); // executed
				if (_t164 != 0) goto 0x8ec85efe;
				_t188 = GetLastError();
				E00007FF77FF78EC75D7C(_t165, _t240, _t237);
				 *( *((intOrPtr*)(0x8ecaca50 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) =  *( *((intOrPtr*)(0x8ecaca50 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) & 0x000000fe;
				CloseHandle(_t329);
				if (_t188 != 0) goto 0x8ec85d89;
				_t168 = E00007FF77FF78EC75E08(_t240);
				 *_t240 = 0xd;
				goto 0x8ec85d89;
				r14b =  *(_t312 - 0x59);
				if (_t168 != 2) goto 0x8ec85f0d;
				r14b = r14b | 0x00000040;
				goto 0x8ec85f16;
				if (_t168 != 3) goto 0x8ec85f16;
				r14b = r14b | 0x00000008;
				E00007FF77FF78EC76AF8(_t168, _t188,  *__rdx, _t260, _t237, __rdx, _t309, _t312, _t325, _t323);
				r14b = r14b | 0x00000001;
				 *(_t312 - 0x41) = r14b;
				 *(_t312 - 0x59) = r14b;
				 *( *((intOrPtr*)(0x8ecaca50 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) = r14b;
				 *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + ( *__rdx >> 6) * 8)) + 0x39 + ( *__rdx +  *__rdx * 8) * 8)) = sil;
				if ((r12b & 0x00000002) == 0) goto 0x8ec85f8a;
				_t170 = E00007FF77FF78EC85C44(_t188,  *__rdx, r12d & 0x0000003f, 0, _t260, _t317, _t312 - 0x21);
				r14d = _t170;
				if (_t170 == 0) goto 0x8ec85f8a;
				E00007FF77FF78EC7A430( *((intOrPtr*)(0x8ecaca50 + ( *__rdx >> 6) * 8)), _t260, _t306);
				goto 0x8ec860d7;
				asm("movups xmm0, [ebp-0x59]");
				asm("movsd xmm1, [ebp-0x39]");
				r8d = r12d;
				asm("movaps [ebp-0x1], xmm0");
				 *((intOrPtr*)(_t312 - 0x61)) = sil;
				asm("movsd [ebp+0xf], xmm1");
				r14d = E00007FF77FF78EC857C0( *_t306, _t216, _t260, _t312 - 1, _t309, _t312, _t317, _t312 - 0x61);
				if (r14d == 0) goto 0x8ec85fc1;
				goto 0x8ec85f7d;
				 *((char*)( *((intOrPtr*)(0x8ecaca50 + ( *_t306 >> 6) * 8)) + 0x39 + ( *_t306 +  *_t306 * 8) * 8)) =  *((intOrPtr*)(_t312 - 0x61));
				_t280 =  *_t306;
				_t301 = _t280 + _t280 * 8;
				_t281 =  *((intOrPtr*)(0x8ecaca50 + (_t280 >> 6) * 8));
				 *(_t281 + 0x3d + _t301 * 8) =  *(_t281 + 0x3d + _t301 * 8) & 0x000000fe;
				 *(_t281 + 0x3d + _t301 * 8) =  *(_t281 + 0x3d + _t301 * 8) | r12d >> 0x00000010 & 0x00000001;
				if (( *(_t312 - 0x41) & 0x00000048) != 0) goto 0x8ec86026;
				if ((r12b & 0x00000008) == 0) goto 0x8ec86026;
				_t282 =  *_t306;
				_t252 =  *((intOrPtr*)(0x8ecaca50 + (_t282 >> 6) * 8));
				 *(_t252 + 0x38 + (_t282 + _t282 * 8) * 8) =  *(_t252 + 0x38 + (_t282 + _t282 * 8) * 8) | 0x00000020;
				if ((_t188 & 0xc0000000) != 0xc0000000) goto 0x8ec860d5;
				if ((r12b & 0x00000001) == 0) goto 0x8ec860d5;
				CloseHandle(_t311);
				r8d =  *(_t312 - 0x29);
				asm("btr ebx, 0x1f");
				 *((long long*)(_t315 + 0x30)) = _t309;
				 *(_t315 + 0x28) = 0xc0000000;
				 *((intOrPtr*)(_t315 + 0x20)) =  *((intOrPtr*)(_t312 - 0x51));
				 *(_t312 - 0x55) = _t188;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t252 != 0xffffffff) goto 0x8ec860bb;
				_t184 = E00007FF77FF78EC75D7C(GetLastError(), _t252,  *((intOrPtr*)(_t312 + 0x5f)));
				 *( *((intOrPtr*)(0x8ecaca50 + ( *_t306 >> 6) * 8)) + 0x38 + ( *_t306 +  *_t306 * 8) * 8) =  *( *((intOrPtr*)(0x8ecaca50 + ( *_t306 >> 6) * 8)) + 0x38 + ( *_t306 +  *_t306 * 8) * 8) & 0x000000fe;
				E00007FF77FF78EC76D20(_t184, _t188,  *_t306, _t260, _t306, _t309);
				goto 0x8ec85d89;
				 *((long long*)( *((intOrPtr*)(0x8ecaca50 + ( *_t306 >> 6) * 8)) + 0x28 + ( *_t306 +  *_t306 * 8) * 8)) = _t252;
				return 0;
			}































                                                                                                                                                              0x7ff78ec85d08
                                                                                                                                                              0x7ff78ec85d08
                                                                                                                                                              0x7ff78ec85d08
                                                                                                                                                              0x7ff78ec85d0b
                                                                                                                                                              0x7ff78ec85d0f
                                                                                                                                                              0x7ff78ec85d13
                                                                                                                                                              0x7ff78ec85d17
                                                                                                                                                              0x7ff78ec85d24
                                                                                                                                                              0x7ff78ec85d28
                                                                                                                                                              0x7ff78ec85d2f
                                                                                                                                                              0x7ff78ec85d32
                                                                                                                                                              0x7ff78ec85d35
                                                                                                                                                              0x7ff78ec85d39
                                                                                                                                                              0x7ff78ec85d3c
                                                                                                                                                              0x7ff78ec85d40
                                                                                                                                                              0x7ff78ec85d4a
                                                                                                                                                              0x7ff78ec85d4f
                                                                                                                                                              0x7ff78ec85d52
                                                                                                                                                              0x7ff78ec85d57
                                                                                                                                                              0x7ff78ec85d5b
                                                                                                                                                              0x7ff78ec85d60
                                                                                                                                                              0x7ff78ec85d65
                                                                                                                                                              0x7ff78ec85d6e
                                                                                                                                                              0x7ff78ec85d73
                                                                                                                                                              0x7ff78ec85d7b
                                                                                                                                                              0x7ff78ec85d7d
                                                                                                                                                              0x7ff78ec85d84
                                                                                                                                                              0x7ff78ec85d86
                                                                                                                                                              0x7ff78ec85d89
                                                                                                                                                              0x7ff78ec85d90
                                                                                                                                                              0x7ff78ec85d95
                                                                                                                                                              0x7ff78ec85d9a
                                                                                                                                                              0x7ff78ec85d9f
                                                                                                                                                              0x7ff78ec85da1
                                                                                                                                                              0x7ff78ec85da8
                                                                                                                                                              0x7ff78ec85daa
                                                                                                                                                              0x7ff78ec85dad
                                                                                                                                                              0x7ff78ec85db2
                                                                                                                                                              0x7ff78ec85db8
                                                                                                                                                              0x7ff78ec85dcc
                                                                                                                                                              0x7ff78ec85dd8
                                                                                                                                                              0x7ff78ec85ddf
                                                                                                                                                              0x7ff78ec85de7
                                                                                                                                                              0x7ff78ec85dec
                                                                                                                                                              0x7ff78ec85df1
                                                                                                                                                              0x7ff78ec85dfc
                                                                                                                                                              0x7ff78ec85e03
                                                                                                                                                              0x7ff78ec85e07
                                                                                                                                                              0x7ff78ec85e0a
                                                                                                                                                              0x7ff78ec85e0e
                                                                                                                                                              0x7ff78ec85e14
                                                                                                                                                              0x7ff78ec85e23
                                                                                                                                                              0x7ff78ec85e2b
                                                                                                                                                              0x7ff78ec85e31
                                                                                                                                                              0x7ff78ec85e3a
                                                                                                                                                              0x7ff78ec85e3f
                                                                                                                                                              0x7ff78ec85e43
                                                                                                                                                              0x7ff78ec85e46
                                                                                                                                                              0x7ff78ec85e4d
                                                                                                                                                              0x7ff78ec85e52
                                                                                                                                                              0x7ff78ec85e5e
                                                                                                                                                              0x7ff78ec85e6b
                                                                                                                                                              0x7ff78ec85e6d
                                                                                                                                                              0x7ff78ec85e85
                                                                                                                                                              0x7ff78ec85e89
                                                                                                                                                              0x7ff78ec85e96
                                                                                                                                                              0x7ff78ec85e9b
                                                                                                                                                              0x7ff78ec85ea3
                                                                                                                                                              0x7ff78ec85eab
                                                                                                                                                              0x7ff78ec85eb5
                                                                                                                                                              0x7ff78ec85eb7
                                                                                                                                                              0x7ff78ec85ed8
                                                                                                                                                              0x7ff78ec85ee0
                                                                                                                                                              0x7ff78ec85ee8
                                                                                                                                                              0x7ff78ec85eee
                                                                                                                                                              0x7ff78ec85ef3
                                                                                                                                                              0x7ff78ec85ef9
                                                                                                                                                              0x7ff78ec85efe
                                                                                                                                                              0x7ff78ec85f05
                                                                                                                                                              0x7ff78ec85f07
                                                                                                                                                              0x7ff78ec85f0b
                                                                                                                                                              0x7ff78ec85f10
                                                                                                                                                              0x7ff78ec85f12
                                                                                                                                                              0x7ff78ec85f1b
                                                                                                                                                              0x7ff78ec85f2d
                                                                                                                                                              0x7ff78ec85f38
                                                                                                                                                              0x7ff78ec85f3c
                                                                                                                                                              0x7ff78ec85f48
                                                                                                                                                              0x7ff78ec85f62
                                                                                                                                                              0x7ff78ec85f6b
                                                                                                                                                              0x7ff78ec85f6f
                                                                                                                                                              0x7ff78ec85f74
                                                                                                                                                              0x7ff78ec85f79
                                                                                                                                                              0x7ff78ec85f7d
                                                                                                                                                              0x7ff78ec85f85
                                                                                                                                                              0x7ff78ec85f8a
                                                                                                                                                              0x7ff78ec85f94
                                                                                                                                                              0x7ff78ec85f9d
                                                                                                                                                              0x7ff78ec85fa0
                                                                                                                                                              0x7ff78ec85fa4
                                                                                                                                                              0x7ff78ec85fa8
                                                                                                                                                              0x7ff78ec85fb2
                                                                                                                                                              0x7ff78ec85fbb
                                                                                                                                                              0x7ff78ec85fbf
                                                                                                                                                              0x7ff78ec85fd6
                                                                                                                                                              0x7ff78ec85fda
                                                                                                                                                              0x7ff78ec85fe7
                                                                                                                                                              0x7ff78ec85feb
                                                                                                                                                              0x7ff78ec85ff7
                                                                                                                                                              0x7ff78ec85ffc
                                                                                                                                                              0x7ff78ec86004
                                                                                                                                                              0x7ff78ec8600a
                                                                                                                                                              0x7ff78ec8600c
                                                                                                                                                              0x7ff78ec8601d
                                                                                                                                                              0x7ff78ec86021
                                                                                                                                                              0x7ff78ec86031
                                                                                                                                                              0x7ff78ec8603b
                                                                                                                                                              0x7ff78ec86044
                                                                                                                                                              0x7ff78ec86052
                                                                                                                                                              0x7ff78ec86056
                                                                                                                                                              0x7ff78ec8605a
                                                                                                                                                              0x7ff78ec8605f
                                                                                                                                                              0x7ff78ec86066
                                                                                                                                                              0x7ff78ec8606e
                                                                                                                                                              0x7ff78ec86079
                                                                                                                                                              0x7ff78ec86086
                                                                                                                                                              0x7ff78ec86090
                                                                                                                                                              0x7ff78ec860aa
                                                                                                                                                              0x7ff78ec860b1
                                                                                                                                                              0x7ff78ec860b6
                                                                                                                                                              0x7ff78ec860d0
                                                                                                                                                              0x7ff78ec860f7

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1330151763-0
                                                                                                                                                              • Opcode ID: 04a4e53e866e31c8fc58a914e80bac258d4f260b364362045a33b3d0c1470eba
                                                                                                                                                              • Instruction ID: d775071bc8e6a2d908e2e4c68589837e9a2a67d838b67725c7826097907c583c
                                                                                                                                                              • Opcode Fuzzy Hash: 04a4e53e866e31c8fc58a914e80bac258d4f260b364362045a33b3d0c1470eba
                                                                                                                                                              • Instruction Fuzzy Hash: 7FC10336F28A5286EB10EFA8C5906AC7761FB48BA8BA00335DE2E573D4CF38D451C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC61000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 423 7ff78ec61000-7ff78ec62796 call 7ff78ec6e300 call 7ff78ec6e2f8 call 7ff78ec66720 call 7ff78ec6a070 call 7ff78ec740b0 call 7ff78ec74d20 call 7ff78ec61af0 439 7ff78ec6279c-7ff78ec627ab call 7ff78ec62cb0 423->439 440 7ff78ec628aa 423->440 439->440 445 7ff78ec627b1-7ff78ec627c4 call 7ff78ec62b80 439->445 442 7ff78ec628af-7ff78ec628cf call 7ff78ec6a040 440->442 445->440 449 7ff78ec627ca-7ff78ec627dd call 7ff78ec62c30 445->449 449->440 452 7ff78ec627e3-7ff78ec6280a call 7ff78ec65ab0 449->452 455 7ff78ec6284c-7ff78ec62874 call 7ff78ec66050 call 7ff78ec619d0 452->455 456 7ff78ec6280c-7ff78ec6281b call 7ff78ec65ab0 452->456 467 7ff78ec6295d-7ff78ec6296e 455->467 468 7ff78ec6287a-7ff78ec62890 call 7ff78ec619d0 455->468 456->455 461 7ff78ec6281d-7ff78ec62823 456->461 463 7ff78ec62825-7ff78ec6282d 461->463 464 7ff78ec6282f-7ff78ec62849 call 7ff78ec73ed8 call 7ff78ec66050 461->464 463->464 464->455 471 7ff78ec62983-7ff78ec6299b call 7ff78ec66d10 467->471 472 7ff78ec62970-7ff78ec6297a call 7ff78ec62480 467->472 477 7ff78ec628d0-7ff78ec628d3 468->477 478 7ff78ec62892-7ff78ec628a5 call 7ff78ec61c50 468->478 486 7ff78ec629ae-7ff78ec629b5 SetDllDirectoryW 471->486 487 7ff78ec6299d-7ff78ec629a9 call 7ff78ec61c50 471->487 484 7ff78ec6297c 472->484 485 7ff78ec629bb-7ff78ec629c8 call 7ff78ec64f80 472->485 477->467 483 7ff78ec628d9-7ff78ec628f0 call 7ff78ec62dc0 477->483 478->440 496 7ff78ec628f7-7ff78ec62923 call 7ff78ec662c0 483->496 497 7ff78ec628f2-7ff78ec628f5 483->497 484->471 494 7ff78ec629ca-7ff78ec629da call 7ff78ec64c20 485->494 495 7ff78ec62a16-7ff78ec62a1b call 7ff78ec64f00 485->495 486->485 487->440 494->495 511 7ff78ec629dc-7ff78ec629eb call 7ff78ec64780 494->511 503 7ff78ec62a20-7ff78ec62a23 495->503 506 7ff78ec6294d-7ff78ec6295b 496->506 507 7ff78ec62925-7ff78ec6292d call 7ff78ec6e528 496->507 500 7ff78ec62932-7ff78ec62948 call 7ff78ec61c50 497->500 500->440 509 7ff78ec62a29-7ff78ec62a36 503->509 510 7ff78ec62ad6-7ff78ec62ae5 call 7ff78ec62310 503->510 506->472 507->500 513 7ff78ec62a40-7ff78ec62a4a 509->513 510->440 525 7ff78ec62aeb-7ff78ec62b22 call 7ff78ec65fe0 call 7ff78ec65ab0 call 7ff78ec64520 510->525 523 7ff78ec62a0c-7ff78ec62a11 call 7ff78ec649d0 511->523 524 7ff78ec629ed-7ff78ec629f9 call 7ff78ec64710 511->524 517 7ff78ec62a4c-7ff78ec62a51 513->517 518 7ff78ec62a53-7ff78ec62a55 513->518 517->513 517->518 521 7ff78ec62a57-7ff78ec62a7a call 7ff78ec61b30 518->521 522 7ff78ec62aa1-7ff78ec62ad1 call 7ff78ec62470 call 7ff78ec622b0 call 7ff78ec62460 call 7ff78ec649d0 call 7ff78ec64f00 518->522 521->440 537 7ff78ec62a80-7ff78ec62a8b 521->537 522->442 523->495 524->523 538 7ff78ec629fb-7ff78ec62a0a call 7ff78ec64dd0 524->538 525->440 548 7ff78ec62b28-7ff78ec62b5d call 7ff78ec62470 call 7ff78ec66090 call 7ff78ec649d0 call 7ff78ec64f00 525->548 542 7ff78ec62a90-7ff78ec62a9f 537->542 538->503 542->522 542->542 561 7ff78ec62b67-7ff78ec62b6a call 7ff78ec61ab0 548->561 562 7ff78ec62b5f-7ff78ec62b62 call 7ff78ec65d50 548->562 565 7ff78ec62b6f-7ff78ec62b71 561->565 562->561 565->442
                                                                                                                                                              C-Code - Quality: 19%
                                                                                                                                                              			E00007FF77FF78EC61000(void* __ecx, intOrPtr* __rax, long long __rbx, long long _a8) {
				void* _t3;
				void* _t6;
				intOrPtr* _t11;

				_t11 = __rax;
				_a8 = __rbx;
				_t6 = E00007FF77FF78EC66720(E00007FF77FF78EC6E2F8(E00007FF77FF78EC6E300(_t3)),  *_t11, _t11,  *_t11);
				goto 0x8ec62740;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				return _t6;
			}






                                                                                                                                                              0x7ff78ec61000
                                                                                                                                                              0x7ff78ec61000
                                                                                                                                                              0x7ff78ec6101e
                                                                                                                                                              0x7ff78ec61032
                                                                                                                                                              0x7ff78ec61037
                                                                                                                                                              0x7ff78ec61038
                                                                                                                                                              0x7ff78ec61039
                                                                                                                                                              0x7ff78ec6103a
                                                                                                                                                              0x7ff78ec6103b
                                                                                                                                                              0x7ff78ec6103c
                                                                                                                                                              0x7ff78ec6103d
                                                                                                                                                              0x7ff78ec6103e
                                                                                                                                                              0x7ff78ec6103f
                                                                                                                                                              0x7ff78ec61047

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF78EC62CB0: GetModuleFileNameW.KERNEL32(?,00007FF78EC627A9,?,?,?,?,?,?), ref: 00007FF78EC62CE1
                                                                                                                                                              • SetDllDirectoryW.KERNEL32 ref: 00007FF78EC629B5
                                                                                                                                                                • Part of subcall function 00007FF78EC65AB0: GetEnvironmentVariableW.KERNEL32(00007FF78EC627F7,?,?,?,?,?,?), ref: 00007FF78EC65AEA
                                                                                                                                                                • Part of subcall function 00007FF78EC65AB0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC65B07
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                              • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                              • API String ID: 2344891160-3602715111
                                                                                                                                                              • Opcode ID: 3c992524c5612848d193b634042073cf630aa2b8d2b7c79322356ad3ac114562
                                                                                                                                                              • Instruction ID: fb5e1ccecd5a7f731c03c7878f64c7eb1650fd21fd0e904efda532b1ba874a16
                                                                                                                                                              • Opcode Fuzzy Hash: 3c992524c5612848d193b634042073cf630aa2b8d2b7c79322356ad3ac114562
                                                                                                                                                              • Instruction Fuzzy Hash: 21C18521E1C64351EA68BBA1D9502FFA390BF847C4FE44039EA4D476AAEF3CE515C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC61050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 566 7ff78ec61050-7ff78ec610ab call 7ff78ec68c20 569 7ff78ec610ad-7ff78ec610d2 call 7ff78ec61c50 566->569 570 7ff78ec610d3-7ff78ec610eb call 7ff78ec73eec 566->570 575 7ff78ec610ed-7ff78ec61104 call 7ff78ec61c10 570->575 576 7ff78ec61109-7ff78ec61119 call 7ff78ec73eec 570->576 581 7ff78ec6126c-7ff78ec612a0 call 7ff78ec68910 call 7ff78ec73ed8 * 2 575->581 582 7ff78ec6111b-7ff78ec61132 call 7ff78ec61c10 576->582 583 7ff78ec61137-7ff78ec61147 576->583 582->581 584 7ff78ec61150-7ff78ec61175 call 7ff78ec6e878 583->584 592 7ff78ec6117b-7ff78ec61185 call 7ff78ec6e5ec 584->592 593 7ff78ec6125e 584->593 592->593 600 7ff78ec6118b-7ff78ec61197 592->600 595 7ff78ec61264 593->595 595->581 601 7ff78ec611a0-7ff78ec611c8 call 7ff78ec67090 600->601 604 7ff78ec611ca-7ff78ec611cd 601->604 605 7ff78ec61241-7ff78ec6125c call 7ff78ec61c50 601->605 606 7ff78ec6123c 604->606 607 7ff78ec611cf-7ff78ec611d9 604->607 605->595 606->605 610 7ff78ec611db-7ff78ec611e8 call 7ff78ec6ef84 607->610 611 7ff78ec61203-7ff78ec61206 607->611 617 7ff78ec611ed-7ff78ec611f0 610->617 612 7ff78ec61208-7ff78ec61216 call 7ff78ec6adf0 611->612 613 7ff78ec61219-7ff78ec6121e 611->613 612->613 613->601 616 7ff78ec61220-7ff78ec61223 613->616 621 7ff78ec61237-7ff78ec6123a 616->621 622 7ff78ec61225-7ff78ec61228 616->622 618 7ff78ec611fe-7ff78ec61201 617->618 619 7ff78ec611f2-7ff78ec611fc call 7ff78ec6e5ec 617->619 618->605 619->613 619->618 621->595 622->605 624 7ff78ec6122a-7ff78ec61232 622->624 624->584
                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                              			E00007FF77FF78EC61050(long long __rax, long long __rcx, long long __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* _t13;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t41;
				void* _t44;

				_t40 = __r9;
				_t39 = __r8;
				_t18 = __rax;
				 *((long long*)(_t36 + 0x10)) = __rdx;
				 *((long long*)(_t36 + 8)) = __rcx;
				_push(_t34);
				_t37 = _t36 - 0x88;
				 *((long long*)(_t37 + 0x50)) = __rax;
				 *((long long*)(_t37 + 0x58)) = __rax;
				 *((long long*)(_t37 + 0x60)) = __rax;
				_t6 = _t18 + 0x58; // 0x58
				r8d = _t6;
				 *((intOrPtr*)(_t37 + 0x28)) = 0;
				 *((long long*)(_t37 + 0x20)) = __rax;
				_t13 = E00007FF77FF78EC68C20(__rdx, _t37 + 0x20, "1.2.12"); // executed
				r15d = _t13;
				if (_t13 == 0) goto 0x8ec610d3;
				r8d = _t13;
				E00007FF77FF78EC61C50(_t13, _t18, "Failed to extract %s: inflateInit() failed with return code %d!\n", __rdx + 0x12, _t39, _t40, _t44, _t41);
				_t11 = _t34 - 1; // -1
				return _t11;
			}










                                                                                                                                                              0x7ff78ec61050
                                                                                                                                                              0x7ff78ec61050
                                                                                                                                                              0x7ff78ec61050
                                                                                                                                                              0x7ff78ec61050
                                                                                                                                                              0x7ff78ec61055
                                                                                                                                                              0x7ff78ec6105b
                                                                                                                                                              0x7ff78ec61062
                                                                                                                                                              0x7ff78ec61071
                                                                                                                                                              0x7ff78ec61079
                                                                                                                                                              0x7ff78ec61085
                                                                                                                                                              0x7ff78ec6108a
                                                                                                                                                              0x7ff78ec6108a
                                                                                                                                                              0x7ff78ec6108e
                                                                                                                                                              0x7ff78ec61097
                                                                                                                                                              0x7ff78ec610a1
                                                                                                                                                              0x7ff78ec610a6
                                                                                                                                                              0x7ff78ec610ab
                                                                                                                                                              0x7ff78ec610b1
                                                                                                                                                              0x7ff78ec610bb
                                                                                                                                                              0x7ff78ec610c0
                                                                                                                                                              0x7ff78ec610d2

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 1.2.12$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                              • API String ID: 0-1282086711
                                                                                                                                                              • Opcode ID: 75a6243a53603546b350babcc92da78dca086f94d88368ce573679b3a2ff7f8a
                                                                                                                                                              • Instruction ID: 39124dd5662798df12808b589fba4aeed294afbd56d84886a8dbf7986c7aca7f
                                                                                                                                                              • Opcode Fuzzy Hash: 75a6243a53603546b350babcc92da78dca086f94d88368ce573679b3a2ff7f8a
                                                                                                                                                              • Instruction Fuzzy Hash: B751D122E0868285EA60BBD5E4403BBA390FF84795FA44139EE4D877A5EF3CE555C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7E2C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                              			E00007FF77FF78EC7E2C0(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t37;
				signed long long _t57;
				intOrPtr _t61;
				signed long long _t72;
				signed long long _t75;
				signed long long _t76;
				long long _t82;
				void* _t86;
				signed long long _t90;
				signed long long _t91;
				long _t93;
				void* _t96;
				WCHAR* _t99;
				WCHAR* _t104;

				 *((long long*)(_t86 + 8)) = __rbx;
				 *((long long*)(_t86 + 0x10)) = _t82;
				 *((long long*)(_t86 + 0x18)) = __rsi;
				_push(_t75);
				r15d = __ecx;
				_t90 =  *0x8ec9d000; // 0xa1f108556e84
				_t76 = _t75 | 0xffffffff;
				_t72 = _t90 ^  *(0x7ff78ec60000 + 0x4cf20 + _t104 * 8);
				asm("dec eax");
				if (_t72 == _t76) goto 0x8ec7e406;
				if (_t72 == 0) goto 0x8ec7e329;
				_t57 = _t72;
				goto 0x8ec7e408;
				if (__r8 == __r9) goto 0x8ec7e3eb;
				_t61 =  *((intOrPtr*)(0x7ff78ec60000 + 0x4ce80 + __rsi * 8));
				if (_t61 == 0) goto 0x8ec7e350;
				if (_t61 != _t76) goto 0x8ec7e445;
				goto 0x8ec7e3d7;
				r8d = 0x800; // executed
				LoadLibraryW(_t104); // executed
				if (_t57 != 0) goto 0x8ec7e425;
				if (GetLastError() != 0x57) goto 0x8ec7e3c5;
				_t14 = _t57 - 0x50; // -80
				_t37 = _t14;
				r8d = _t37;
				if (E00007FF77FF78EC79E9C(_t90) == 0) goto 0x8ec7e3c5;
				r8d = _t37;
				if (E00007FF77FF78EC79E9C(_t90) == 0) goto 0x8ec7e3c5;
				r8d = 0;
				LoadLibraryExW(_t99, _t96, _t93);
				if (_t57 != 0) goto 0x8ec7e425;
				 *((intOrPtr*)(0x7ff78ec60000 + 0x4ce80 + __rsi * 8)) = _t76;
				if (__r8 + 4 != __r9) goto 0x8ec7e332;
				_t91 =  *0x8ec9d000; // 0xa1f108556e84
				asm("dec eax");
				 *(0x7ff78ec60000 + 0x4cf20 + _t104 * 8) = _t76 ^ _t91;
				return 0;
			}

















                                                                                                                                                              0x7ff78ec7e2c0
                                                                                                                                                              0x7ff78ec7e2c5
                                                                                                                                                              0x7ff78ec7e2ca
                                                                                                                                                              0x7ff78ec7e2cf
                                                                                                                                                              0x7ff78ec7e2dc
                                                                                                                                                              0x7ff78ec7e2f7
                                                                                                                                                              0x7ff78ec7e2fe
                                                                                                                                                              0x7ff78ec7e308
                                                                                                                                                              0x7ff78ec7e310
                                                                                                                                                              0x7ff78ec7e316
                                                                                                                                                              0x7ff78ec7e31f
                                                                                                                                                              0x7ff78ec7e321
                                                                                                                                                              0x7ff78ec7e324
                                                                                                                                                              0x7ff78ec7e32c
                                                                                                                                                              0x7ff78ec7e335
                                                                                                                                                              0x7ff78ec7e340
                                                                                                                                                              0x7ff78ec7e345
                                                                                                                                                              0x7ff78ec7e34b
                                                                                                                                                              0x7ff78ec7e35d
                                                                                                                                                              0x7ff78ec7e363
                                                                                                                                                              0x7ff78ec7e36f
                                                                                                                                                              0x7ff78ec7e37e
                                                                                                                                                              0x7ff78ec7e380
                                                                                                                                                              0x7ff78ec7e380
                                                                                                                                                              0x7ff78ec7e386
                                                                                                                                                              0x7ff78ec7e397
                                                                                                                                                              0x7ff78ec7e399
                                                                                                                                                              0x7ff78ec7e3ad
                                                                                                                                                              0x7ff78ec7e3af
                                                                                                                                                              0x7ff78ec7e3b7
                                                                                                                                                              0x7ff78ec7e3c3
                                                                                                                                                              0x7ff78ec7e3cf
                                                                                                                                                              0x7ff78ec7e3de
                                                                                                                                                              0x7ff78ec7e3e4
                                                                                                                                                              0x7ff78ec7e3f8
                                                                                                                                                              0x7ff78ec7e3fe
                                                                                                                                                              0x7ff78ec7e424

                                                                                                                                                              APIs
                                                                                                                                                              • FreeLibrary.KERNEL32(?,00000000,?,00007FF78EC7E65E,?,?,-00000018,00007FF78EC7A6C2,?,?,?,00007FF78EC7A5BA,?,?,?,00007FF78EC75282), ref: 00007FF78EC7E43F
                                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000,?,00007FF78EC7E65E,?,?,-00000018,00007FF78EC7A6C2,?,?,?,00007FF78EC7A5BA,?,?,?,00007FF78EC75282), ref: 00007FF78EC7E44B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                              • Opcode ID: b632b23fbcbe9268c0735088e310e511c0fd73288f0276e0b877c3c5202d005e
                                                                                                                                                              • Instruction ID: 5c6499b42bbade3e7b405221895b049090c03eb0a786c22921a57de834e11637
                                                                                                                                                              • Opcode Fuzzy Hash: b632b23fbcbe9268c0735088e310e511c0fd73288f0276e0b877c3c5202d005e
                                                                                                                                                              • Instruction Fuzzy Hash: 3D41E462F0960285FA51BF9AED04579A396BF45BD0FA84139DD1E4B784EF3CE045C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66090 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 48%
                                                                                                                                                              			E00007FF77FF78EC66090(void* __rax, long long __rbx, void* __rcx, long long _a16, short _a24, intOrPtr _a32, long long _a40, long long _a48, long long _a56, long long _a64, intOrPtr _a72, char _a80, long long _a88, short _a96, char _a104, char _a136, long long _a144, intOrPtr _a196, short _a200, signed long long _a216, signed long long _a224, signed long long _a232, char _a248, signed int _a8440, void* _a8480) {
				void* __rdi;
				int _t53;
				signed long long _t80;
				signed long long _t81;
				long long _t102;
				void* _t103;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;

				_t84 = __rbx;
				_a16 = __rbx;
				E00007FF77FF78EC6A070(0x2110, __rax, _t110, _t111);
				_t105 = _t104 - __rax;
				_t80 =  *0x8ec9d000; // 0xa1f108556e84
				_t81 = _t80 ^ _t104 - __rax;
				_a8440 = _t81;
				_t98 = __rcx;
				_a72 = 0;
				r8d = 0x1000;
				E00007FF77FF78EC66D10(_t81, __rbx,  &_a248, __rcx, _t103, _t107);
				_t5 = _t102 + 0x16; // 0x16
				E00007FF77FF78EC77248(_t5, _t84, _t98, _t102, _t112);
				_t6 = _t102 + 2; // 0x2, executed
				E00007FF77FF78EC77248(_t6, _t84, _t98, _t102, _t112); // executed
				_t7 = _t102 + 0xf; // 0xf
				E00007FF77FF78EC77248(_t7, _t84, _t98, _t102, _t112);
				_t8 = _t102 + 0x15; // 0x15
				E00007FF77FF78EC77248(_t8, _t84, _t98, _t102, _t112);
				_a80 = 0x18;
				_a88 = _t102;
				_a96 = 1;
				GetStartupInfoW(??);
				asm("xorps xmm0, xmm0");
				_a144 = _t102;
				asm("movdqa [esp+0xa0], xmm0");
				_a196 = 0x101;
				_a200 = 1;
				E00007FF77FF78EC740B0(0, _t81);
				E00007FF77FF78EC76DDC(E00007FF77FF78EC79634(_t81, _t81), _t81);
				_a216 = _t81;
				E00007FF77FF78EC740B0(1, _t81);
				E00007FF77FF78EC76DDC(E00007FF77FF78EC79634(_t81, _t81), _t81);
				_t17 = _t102 + 2; // 0x2
				_a224 = _t81;
				E00007FF77FF78EC740B0(_t17, _t81);
				E00007FF77FF78EC76DDC(E00007FF77FF78EC79634(_t81, _t81), _t81);
				_a232 = _t81;
				GetCommandLineW();
				r9d = 0;
				_a64 =  &_a104;
				_a56 =  &_a136;
				_a48 = _t102;
				_a40 = _t102;
				_a32 = 0;
				_a24 = 1;
				_t53 = CreateProcessW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??); // executed
				if (_t53 == 0) goto 0x8ec66211;
				WaitForSingleObject(??, ??);
				GetExitCodeProcess(??, ??); // executed
				goto 0x8ec66229;
				E00007FF77FF78EC61CB0("CreateProcessW", "Error creating child process!\n",  &_a80, _t109);
				return E00007FF77FF78EC6A040(0xffffffff, _t50, _a8440 ^ _t105);
			}















                                                                                                                                                              0x7ff78ec66090
                                                                                                                                                              0x7ff78ec66090
                                                                                                                                                              0x7ff78ec6609b
                                                                                                                                                              0x7ff78ec660a0
                                                                                                                                                              0x7ff78ec660a3
                                                                                                                                                              0x7ff78ec660aa
                                                                                                                                                              0x7ff78ec660ad
                                                                                                                                                              0x7ff78ec660b5
                                                                                                                                                              0x7ff78ec660c2
                                                                                                                                                              0x7ff78ec660c6
                                                                                                                                                              0x7ff78ec660cc
                                                                                                                                                              0x7ff78ec660d6
                                                                                                                                                              0x7ff78ec660db
                                                                                                                                                              0x7ff78ec660e2
                                                                                                                                                              0x7ff78ec660e5
                                                                                                                                                              0x7ff78ec660ec
                                                                                                                                                              0x7ff78ec660ef
                                                                                                                                                              0x7ff78ec660f6
                                                                                                                                                              0x7ff78ec660f9
                                                                                                                                                              0x7ff78ec66106
                                                                                                                                                              0x7ff78ec6610e
                                                                                                                                                              0x7ff78ec66113
                                                                                                                                                              0x7ff78ec66117
                                                                                                                                                              0x7ff78ec6611d
                                                                                                                                                              0x7ff78ec66120
                                                                                                                                                              0x7ff78ec6612a
                                                                                                                                                              0x7ff78ec66133
                                                                                                                                                              0x7ff78ec6613e
                                                                                                                                                              0x7ff78ec66146
                                                                                                                                                              0x7ff78ec66155
                                                                                                                                                              0x7ff78ec6615c
                                                                                                                                                              0x7ff78ec66164
                                                                                                                                                              0x7ff78ec66173
                                                                                                                                                              0x7ff78ec66178
                                                                                                                                                              0x7ff78ec6617b
                                                                                                                                                              0x7ff78ec66183
                                                                                                                                                              0x7ff78ec66192
                                                                                                                                                              0x7ff78ec66197
                                                                                                                                                              0x7ff78ec6619f
                                                                                                                                                              0x7ff78ec661a5
                                                                                                                                                              0x7ff78ec661bd
                                                                                                                                                              0x7ff78ec661ca
                                                                                                                                                              0x7ff78ec661cf
                                                                                                                                                              0x7ff78ec661d4
                                                                                                                                                              0x7ff78ec661d9
                                                                                                                                                              0x7ff78ec661dd
                                                                                                                                                              0x7ff78ec661e1
                                                                                                                                                              0x7ff78ec661e9
                                                                                                                                                              0x7ff78ec661f5
                                                                                                                                                              0x7ff78ec66205
                                                                                                                                                              0x7ff78ec6620f
                                                                                                                                                              0x7ff78ec6621f
                                                                                                                                                              0x7ff78ec66249

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF78EC66D10: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC66D4A
                                                                                                                                                                • Part of subcall function 00007FF78EC77248: SetConsoleCtrlHandler.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF78EC796D4), ref: 00007FF78EC772B5
                                                                                                                                                                • Part of subcall function 00007FF78EC77248: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF78EC796D4), ref: 00007FF78EC772C8
                                                                                                                                                              • GetStartupInfoW.KERNEL32 ref: 00007FF78EC66117
                                                                                                                                                                • Part of subcall function 00007FF78EC79634: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC79648
                                                                                                                                                                • Part of subcall function 00007FF78EC76DDC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC76E43
                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 00007FF78EC6619F
                                                                                                                                                              • CreateProcessW.KERNELBASE ref: 00007FF78EC661E1
                                                                                                                                                              • WaitForSingleObject.KERNEL32 ref: 00007FF78EC661F5
                                                                                                                                                              • GetExitCodeProcess.KERNELBASE ref: 00007FF78EC66205
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                                                                                                                                                              • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                              • API String ID: 1742298069-3524285272
                                                                                                                                                              • Opcode ID: fdd9067c6a50fe7732776f7ed38831473e578611cbd7c4ee754477190f419268
                                                                                                                                                              • Instruction ID: 7cbd434196ad279ae38632431b95ee9182d37c95c03f158c873c0d2124bb22a1
                                                                                                                                                              • Opcode Fuzzy Hash: fdd9067c6a50fe7732776f7ed38831473e578611cbd7c4ee754477190f419268
                                                                                                                                                              • Instruction Fuzzy Hash: 74412132E0868186D710FBA4E8552AEF3A0FB94350FA04139EA9E47B95DF7CD454CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7C90C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 880 7ff78ec7c90c-7ff78ec7c931 881 7ff78ec7cc09 880->881 882 7ff78ec7c937-7ff78ec7c93a 880->882 883 7ff78ec7cc0b-7ff78ec7cc1b 881->883 884 7ff78ec7c93c-7ff78ec7c96e call 7ff78ec7a180 882->884 885 7ff78ec7c973-7ff78ec7c99e 882->885 884->883 887 7ff78ec7c9a9-7ff78ec7c9af 885->887 888 7ff78ec7c9a0-7ff78ec7c9a7 885->888 889 7ff78ec7c9b1-7ff78ec7c9ba call 7ff78ec7bca8 887->889 890 7ff78ec7c9bf-7ff78ec7c9d8 call 7ff78ec82ab0 887->890 888->884 888->887 889->890 895 7ff78ec7c9de-7ff78ec7c9e7 890->895 896 7ff78ec7caf5-7ff78ec7cafe 890->896 895->896 899 7ff78ec7c9ed-7ff78ec7c9f1 895->899 897 7ff78ec7cb51-7ff78ec7cb76 WriteFile 896->897 898 7ff78ec7cb00-7ff78ec7cb05 896->898 904 7ff78ec7cb78-7ff78ec7cb7e GetLastError 897->904 905 7ff78ec7cb81 897->905 900 7ff78ec7cb3d-7ff78ec7cb4f call 7ff78ec7c3bc 898->900 901 7ff78ec7cb07-7ff78ec7cb0a 898->901 902 7ff78ec7ca06-7ff78ec7ca11 899->902 903 7ff78ec7c9f3-7ff78ec7c9ff call 7ff78ec735d0 899->903 926 7ff78ec7cade-7ff78ec7cae5 900->926 907 7ff78ec7cb0c-7ff78ec7cb0f 901->907 908 7ff78ec7cb29-7ff78ec7cb3b call 7ff78ec7c5dc 901->908 911 7ff78ec7ca13-7ff78ec7ca1c 902->911 912 7ff78ec7ca22-7ff78ec7ca37 GetConsoleMode 902->912 903->902 904->905 906 7ff78ec7cb84 905->906 913 7ff78ec7cb89 906->913 914 7ff78ec7cb99-7ff78ec7cba3 907->914 915 7ff78ec7cb15-7ff78ec7cb27 call 7ff78ec7c4c0 907->915 908->926 911->896 911->912 919 7ff78ec7ca3d-7ff78ec7ca40 912->919 920 7ff78ec7caea-7ff78ec7caee 912->920 921 7ff78ec7cb8e-7ff78ec7cb92 913->921 922 7ff78ec7cba5-7ff78ec7cbaa 914->922 923 7ff78ec7cc02-7ff78ec7cc07 914->923 915->926 927 7ff78ec7cac7-7ff78ec7cad9 call 7ff78ec7bf30 919->927 928 7ff78ec7ca46-7ff78ec7ca4d 919->928 920->896 921->914 929 7ff78ec7cbac-7ff78ec7cbaf 922->929 930 7ff78ec7cbd8-7ff78ec7cbe2 922->930 923->883 926->913 927->926 928->921 933 7ff78ec7ca53-7ff78ec7ca61 928->933 935 7ff78ec7cbc8-7ff78ec7cbd3 call 7ff78ec75dc4 929->935 936 7ff78ec7cbb1-7ff78ec7cbc0 929->936 937 7ff78ec7cbea-7ff78ec7cbf9 930->937 938 7ff78ec7cbe4-7ff78ec7cbe8 930->938 933->906 934 7ff78ec7ca67 933->934 939 7ff78ec7ca6a-7ff78ec7ca81 call 7ff78ec82b7c 934->939 935->930 936->935 937->923 938->881 938->937 944 7ff78ec7cab9-7ff78ec7cac2 GetLastError 939->944 945 7ff78ec7ca83-7ff78ec7ca8d 939->945 944->906 946 7ff78ec7caaa-7ff78ec7cab1 945->946 947 7ff78ec7ca8f-7ff78ec7caa1 call 7ff78ec82b7c 945->947 946->906 949 7ff78ec7cab7 946->949 947->944 951 7ff78ec7caa3-7ff78ec7caa8 947->951 949->939 951->946
                                                                                                                                                              C-Code - Quality: 34%
                                                                                                                                                              			E00007FF77FF78EC7C90C(void* __ebx, signed int __ecx, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10, void* __r11) {
				signed short _v80;
				void* _v92;
				signed int _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				signed int _v120;
				long long _v128;
				signed int _v136;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t107;
				int _t115;
				long _t116;
				signed int _t117;
				void* _t122;
				signed int _t128;
				intOrPtr _t146;
				intOrPtr _t147;
				void* _t167;
				signed long long _t180;
				signed long long _t184;
				signed long long _t187;
				signed long long _t206;
				signed int _t207;
				void* _t208;
				void* _t210;
				void* _t224;
				void* _t225;
				void* _t227;
				signed long long _t228;
				signed short* _t229;
				void* _t230;
				signed short* _t231;

				_t225 = __r11;
				_t224 = __r10;
				_t122 = __ebx;
				r15d = r8d;
				_t184 = __r9;
				_t229 = __rdx;
				if (r8d == 0) goto 0x8ec7cc09;
				if (__rdx != 0) goto 0x8ec7c973;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v128 = __r9;
				_v136 = _t207;
				E00007FF77FF78EC7A180(__rax, __r9, __rcx, __rdx, _t208, _t210, __r8);
				goto 0x8ec7cc0b;
				_t187 = __ecx >> 6;
				_v120 = _t187;
				_t228 = __ecx + __ecx * 8;
				if (_t208 - 1 - 1 > 0) goto 0x8ec7c9a9;
				if (( !r15d & 0x00000001) == 0) goto 0x8ec7c93c;
				if (( *( *((intOrPtr*)(0x8ecaca50 + _t187 * 8)) + 0x38 + _t228 * 8) & 0x00000020) == 0) goto 0x8ec7c9bf;
				r8d = 0x7ff78ecaca52;
				0x8ec7bca8();
				_v96 = _t207;
				if (E00007FF77FF78EC82AB0(r12d, __ecx) == 0) goto 0x8ec7caf5;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _v120 * 8)) + 0x38 + _t228 * 8)) - dil >= 0) goto 0x8ec7caf5;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0x8ec7ca06;
				E00007FF77FF78EC735D0( *((intOrPtr*)(0x8ecaca50 + _v120 * 8)), __r9, __r9, _t208);
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t207) goto 0x8ec7ca22;
				_t180 =  *((intOrPtr*)(0x8ecaca50 + _v120 * 8));
				if ( *((intOrPtr*)(_t180 + 0x39 + _t228 * 8)) == dil) goto 0x8ec7caf5;
				if (GetConsoleMode(??, ??) == 0) goto 0x8ec7caea;
				if (sil == 0) goto 0x8ec7cac7;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0x8ec7cb8e;
				_t227 = _t229 + _t230;
				_v112 = _t207;
				_t231 = _t229;
				if (_t229 - _t227 >= 0) goto 0x8ec7cb84;
				_v80 =  *_t231 & 0x0000ffff;
				_t107 = E00007FF77FF78EC82B7C( *_t231 & 0xffff);
				_t128 = _v80 & 0x0000ffff;
				if (_t107 != _t128) goto 0x8ec7cab9;
				_t146 = _v108 + 2;
				_v108 = _t146;
				if (_t128 != 0xa) goto 0x8ec7caaa;
				if (E00007FF77FF78EC82B7C(0xd) != 0xd) goto 0x8ec7cab9;
				_t147 = _t146 + 1;
				_v108 = _t147;
				if ( &(_t231[1]) - _t227 >= 0) goto 0x8ec7cb84;
				goto 0x8ec7ca6a;
				_v112 = GetLastError();
				goto 0x8ec7cb84;
				r9d = r15d;
				_v136 = __r9;
				E00007FF77FF78EC7BF30(0xd, r12d, _t147, __r9,  &_v112, _t229);
				asm("movsd xmm0, [eax]");
				goto 0x8ec7cb89;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _v120 * 8)) + 0x38 + _t228 * 8)) - dil >= 0) goto 0x8ec7cb51;
				_t167 = sil;
				if (_t167 == 0) goto 0x8ec7cb3d;
				if (_t167 == 0) goto 0x8ec7cb29;
				if (_t147 - 1 != 1) goto 0x8ec7cb99;
				r9d = r15d;
				E00007FF77FF78EC7C4C0(_t122, r12d, _t180, _t184,  &_v112, _t210, _t229, _t224, _t225);
				goto 0x8ec7cade;
				r9d = r15d;
				E00007FF77FF78EC7C5DC(r12d,  *((intOrPtr*)(_t180 + 8)), _t180, _t184,  &_v112, _t210, _t229, _t224, _t225);
				goto 0x8ec7cade;
				r9d = r15d;
				E00007FF77FF78EC7C3BC(_t122, _t147 - 1, r12d, _t180, _t184,  &_v112, _t210, _t229, _t224, _t225);
				goto 0x8ec7cade;
				r8d = r15d;
				_v136 = _v136 & _t180;
				_v112 = _t180;
				_v104 = 0;
				_t115 = WriteFile(??, ??, ??, ??, ??); // executed
				if (_t115 != 0) goto 0x8ec7cb81;
				_t116 = GetLastError();
				_v112 = _t116;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_t116 != 0) goto 0x8ec7cc02;
				_t117 = _v96;
				if (_t117 == 0) goto 0x8ec7cbd8;
				if (_t117 != 5) goto 0x8ec7cbc8;
				 *((char*)(_t184 + 0x30)) = 1;
				 *((intOrPtr*)(_t184 + 0x2c)) = 9;
				 *((char*)(_t184 + 0x38)) = 1;
				 *(_t184 + 0x34) = _t117;
				goto 0x8ec7c96b;
				_t206 = _t184;
				E00007FF77FF78EC75DC4(_v96, _t206);
				goto 0x8ec7c96b;
				if (( *( *((intOrPtr*)(0x8ecaca50 + _t206 * 8)) + 0x38 + _t228 * 8) & 0x00000040) == 0) goto 0x8ec7cbea;
				if ( *_t229 == 0x1a) goto 0x8ec7cc09;
				 *(_t184 + 0x34) =  *(_t184 + 0x34) & 0x00000000;
				 *((char*)(_t184 + 0x30)) = 1;
				 *((intOrPtr*)(_t184 + 0x2c)) = 0x1c;
				 *((char*)(_t184 + 0x38)) = 1;
				goto 0x8ec7c96b;
				goto 0x8ec7cc0b;
				return 0;
			}






































                                                                                                                                                              0x7ff78ec7c90c
                                                                                                                                                              0x7ff78ec7c90c
                                                                                                                                                              0x7ff78ec7c90c
                                                                                                                                                              0x7ff78ec7c922
                                                                                                                                                              0x7ff78ec7c928
                                                                                                                                                              0x7ff78ec7c92b
                                                                                                                                                              0x7ff78ec7c931
                                                                                                                                                              0x7ff78ec7c93a
                                                                                                                                                              0x7ff78ec7c93c
                                                                                                                                                              0x7ff78ec7c941
                                                                                                                                                              0x7ff78ec7c944
                                                                                                                                                              0x7ff78ec7c94a
                                                                                                                                                              0x7ff78ec7c951
                                                                                                                                                              0x7ff78ec7c959
                                                                                                                                                              0x7ff78ec7c95c
                                                                                                                                                              0x7ff78ec7c961
                                                                                                                                                              0x7ff78ec7c966
                                                                                                                                                              0x7ff78ec7c96e
                                                                                                                                                              0x7ff78ec7c983
                                                                                                                                                              0x7ff78ec7c987
                                                                                                                                                              0x7ff78ec7c98b
                                                                                                                                                              0x7ff78ec7c99e
                                                                                                                                                              0x7ff78ec7c9a7
                                                                                                                                                              0x7ff78ec7c9af
                                                                                                                                                              0x7ff78ec7c9b6
                                                                                                                                                              0x7ff78ec7c9ba
                                                                                                                                                              0x7ff78ec7c9c2
                                                                                                                                                              0x7ff78ec7c9d8
                                                                                                                                                              0x7ff78ec7c9e7
                                                                                                                                                              0x7ff78ec7c9f1
                                                                                                                                                              0x7ff78ec7c9f6
                                                                                                                                                              0x7ff78ec7ca11
                                                                                                                                                              0x7ff78ec7ca13
                                                                                                                                                              0x7ff78ec7ca1c
                                                                                                                                                              0x7ff78ec7ca37
                                                                                                                                                              0x7ff78ec7ca40
                                                                                                                                                              0x7ff78ec7ca46
                                                                                                                                                              0x7ff78ec7ca4d
                                                                                                                                                              0x7ff78ec7ca53
                                                                                                                                                              0x7ff78ec7ca57
                                                                                                                                                              0x7ff78ec7ca5b
                                                                                                                                                              0x7ff78ec7ca61
                                                                                                                                                              0x7ff78ec7ca71
                                                                                                                                                              0x7ff78ec7ca75
                                                                                                                                                              0x7ff78ec7ca7a
                                                                                                                                                              0x7ff78ec7ca81
                                                                                                                                                              0x7ff78ec7ca83
                                                                                                                                                              0x7ff78ec7ca86
                                                                                                                                                              0x7ff78ec7ca8d
                                                                                                                                                              0x7ff78ec7caa1
                                                                                                                                                              0x7ff78ec7caa3
                                                                                                                                                              0x7ff78ec7caa5
                                                                                                                                                              0x7ff78ec7cab1
                                                                                                                                                              0x7ff78ec7cab7
                                                                                                                                                              0x7ff78ec7cabf
                                                                                                                                                              0x7ff78ec7cac2
                                                                                                                                                              0x7ff78ec7cac7
                                                                                                                                                              0x7ff78ec7caca
                                                                                                                                                              0x7ff78ec7cad9
                                                                                                                                                              0x7ff78ec7cade
                                                                                                                                                              0x7ff78ec7cae5
                                                                                                                                                              0x7ff78ec7cafe
                                                                                                                                                              0x7ff78ec7cb02
                                                                                                                                                              0x7ff78ec7cb05
                                                                                                                                                              0x7ff78ec7cb0a
                                                                                                                                                              0x7ff78ec7cb0f
                                                                                                                                                              0x7ff78ec7cb15
                                                                                                                                                              0x7ff78ec7cb22
                                                                                                                                                              0x7ff78ec7cb27
                                                                                                                                                              0x7ff78ec7cb29
                                                                                                                                                              0x7ff78ec7cb36
                                                                                                                                                              0x7ff78ec7cb3b
                                                                                                                                                              0x7ff78ec7cb3d
                                                                                                                                                              0x7ff78ec7cb4a
                                                                                                                                                              0x7ff78ec7cb4f
                                                                                                                                                              0x7ff78ec7cb5c
                                                                                                                                                              0x7ff78ec7cb5f
                                                                                                                                                              0x7ff78ec7cb67
                                                                                                                                                              0x7ff78ec7cb6b
                                                                                                                                                              0x7ff78ec7cb6e
                                                                                                                                                              0x7ff78ec7cb76
                                                                                                                                                              0x7ff78ec7cb78
                                                                                                                                                              0x7ff78ec7cb7e
                                                                                                                                                              0x7ff78ec7cb84
                                                                                                                                                              0x7ff78ec7cb89
                                                                                                                                                              0x7ff78ec7cba3
                                                                                                                                                              0x7ff78ec7cba5
                                                                                                                                                              0x7ff78ec7cbaa
                                                                                                                                                              0x7ff78ec7cbaf
                                                                                                                                                              0x7ff78ec7cbb1
                                                                                                                                                              0x7ff78ec7cbb5
                                                                                                                                                              0x7ff78ec7cbbc
                                                                                                                                                              0x7ff78ec7cbc0
                                                                                                                                                              0x7ff78ec7cbc3
                                                                                                                                                              0x7ff78ec7cbcb
                                                                                                                                                              0x7ff78ec7cbce
                                                                                                                                                              0x7ff78ec7cbd3
                                                                                                                                                              0x7ff78ec7cbe2
                                                                                                                                                              0x7ff78ec7cbe8
                                                                                                                                                              0x7ff78ec7cbea
                                                                                                                                                              0x7ff78ec7cbee
                                                                                                                                                              0x7ff78ec7cbf2
                                                                                                                                                              0x7ff78ec7cbf9
                                                                                                                                                              0x7ff78ec7cbfd
                                                                                                                                                              0x7ff78ec7cc07
                                                                                                                                                              0x7ff78ec7cc1b

                                                                                                                                                              APIs
                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF78EC7C8AC), ref: 00007FF78EC7CA2F
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF78EC7C8AC), ref: 00007FF78EC7CAB9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 953036326-0
                                                                                                                                                              • Opcode ID: df05b39e20d6b4a305b54bd5c45073e258c55b21ec4cfff64fadfea93fa7a073
                                                                                                                                                              • Instruction ID: 143c5ee49d4b80e635efe00ad525881e07d830d1ac65c7ec1cc26c676e5775ca
                                                                                                                                                              • Opcode Fuzzy Hash: df05b39e20d6b4a305b54bd5c45073e258c55b21ec4cfff64fadfea93fa7a073
                                                                                                                                                              • Instruction Fuzzy Hash: 65910662E18653A9F750EFA9DC80ABDABA0FB48798FA44135DE4E13694DF38D441C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7ECC0 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 97%
                                                                                                                                                              			E00007FF77FF78EC7ECC0(signed int __edx, void* __edi, void* __rcx, void* __rdx, intOrPtr _a40, intOrPtr _a48, intOrPtr _a56) {
				signed int _v80;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v104;
				signed long long _v112;
				intOrPtr _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				unsigned int _v136;
				void* _t54;
				void* _t65;
				intOrPtr _t67;
				signed long long _t86;
				intOrPtr _t88;
				signed long long _t110;
				signed long long _t111;
				intOrPtr* _t118;
				void* _t120;
				signed long long _t138;
				void* _t143;

				_t110 =  *0x8ec9d000; // 0xa1f108556e84
				_t111 = _t110 ^ _t143 - 0x00000078;
				_v80 = _t111;
				_t67 = __rcx - 0x76c;
				_t86 = r8d;
				_v136 = r9d;
				_t138 = __edx;
				if (_t67 - 0x46 < 0) goto 0x8ec7eea8;
				if (_t67 - 0x44d > 0) goto 0x8ec7eea8;
				r15d = __edx - 1;
				if (r15d - 0xb > 0) goto 0x8ec7eea8;
				if (r8d <= 0) goto 0x8ec7eea8;
				if (r8d -  *((intOrPtr*)(0x8ec97640 + __edx * 4)) -  *((intOrPtr*)(0x8ec97640 + __edx * 4 - 4)) <= 0) goto 0x8ec7ed61;
				if (E00007FF77FF78EC7EC60(_t67, r8d -  *((intOrPtr*)(0x8ec97640 + __edx * 4)) -  *((intOrPtr*)(0x8ec97640 + __edx * 4 - 4))) == 0) goto 0x8ec7eea8;
				if (__edi != 2) goto 0x8ec7eea8;
				if (_t86 - 0x1d > 0) goto 0x8ec7eea8;
				if (_v136 - 0x17 > 0) goto 0x8ec7eea8;
				if (r13d - 0x3b > 0) goto 0x8ec7eea8;
				if (r12d - 0x3b > 0) goto 0x8ec7eea8;
				_t54 = E00007FF77FF78EC7EC60(_t67, r12d - 0x3b);
				r14d = 0;
				if (_t54 == 0) goto 0x8ec7ed98;
				if (__edi - 2 <= 0) goto 0x8ec7ed98;
				_t88 = _t86 +  *((intOrPtr*)(0x8ec97640 + _t138 * 4 - 4)) + 1; // executed
				E00007FF77FF78EC8535C(_t111); // executed
				_v124 = r14d;
				_v128 = r14d;
				_v132 = r14d;
				if (E00007FF77FF78EC84768(_t111,  &_v124) != 0) goto 0x8ec7eed4;
				if (E00007FF77FF78EC84798(_t111,  &_v128) != 0) goto 0x8ec7eed4;
				if (E00007FF77FF78EC847C8(_t111,  &_v132) != 0) goto 0x8ec7eed4;
				r8d = _t120 - 1;
				r10d = 0x51eb851f;
				r9d = r10d * (_t120 + 0x12b) >> 0x20;
				r9d = r9d >> 7;
				r9d = r9d + (r9d >> 0x1f);
				r9d = r9d - (r10d * r8d >> 0x20 >> 5) + (r10d * r8d >> 0x20 >> 5 >> 0x1f);
				asm("cdq");
				if (_a56 == 1) goto 0x8ec7eea3;
				_v92 = _t88;
				_v100 = _t67;
				_v104 = r15d;
				_v112 = r8d;
				_v116 = r13d;
				_v120 = r12d;
				if (_a56 != 0xffffffff) goto 0x8ec7ee9e;
				if (_v124 == 0) goto 0x8ec7ee9e;
				if (E00007FF77FF78EC8539C( &_v120) != 0) goto 0x8ec7eea3;
				goto 0x8ec7eeb7;
				_t118 = _v128 + ((_v136 + ((__rdx + _t111 >> 2) + 0xffffffef + r9d + (_t67 - 0x46) * 0x16d + _t88 + ((__rdx + _t111 >> 2) + 0xffffffef + r9d + (_t67 - 0x46) * 0x16d + _t88) * 2) * 8) * 0x3c + _a40) * 0x3c + _v132 + _a48;
				goto 0x8ec7eeb7;
				_t65 = E00007FF77FF78EC75E08(_t118);
				 *_t118 = 0x16;
				return E00007FF77FF78EC6A040(_t65, (__rdx + _t111 >> 2) + 0xffffffef + r9d, _v80 ^ _t143 - 0x00000078);
			}

























                                                                                                                                                              0x7ff78ec7ecd4
                                                                                                                                                              0x7ff78ec7ecdb
                                                                                                                                                              0x7ff78ec7ecde
                                                                                                                                                              0x7ff78ec7ece6
                                                                                                                                                              0x7ff78ec7ecf0
                                                                                                                                                              0x7ff78ec7ecf3
                                                                                                                                                              0x7ff78ec7ecf7
                                                                                                                                                              0x7ff78ec7ecfd
                                                                                                                                                              0x7ff78ec7ed09
                                                                                                                                                              0x7ff78ec7ed0f
                                                                                                                                                              0x7ff78ec7ed17
                                                                                                                                                              0x7ff78ec7ed20
                                                                                                                                                              0x7ff78ec7ed37
                                                                                                                                                              0x7ff78ec7ed42
                                                                                                                                                              0x7ff78ec7ed4b
                                                                                                                                                              0x7ff78ec7ed54
                                                                                                                                                              0x7ff78ec7ed65
                                                                                                                                                              0x7ff78ec7ed6f
                                                                                                                                                              0x7ff78ec7ed79
                                                                                                                                                              0x7ff78ec7ed85
                                                                                                                                                              0x7ff78ec7ed8a
                                                                                                                                                              0x7ff78ec7ed8f
                                                                                                                                                              0x7ff78ec7ed94
                                                                                                                                                              0x7ff78ec7ed96
                                                                                                                                                              0x7ff78ec7ed98
                                                                                                                                                              0x7ff78ec7eda1
                                                                                                                                                              0x7ff78ec7eda5
                                                                                                                                                              0x7ff78ec7eda9
                                                                                                                                                              0x7ff78ec7edb4
                                                                                                                                                              0x7ff78ec7edc5
                                                                                                                                                              0x7ff78ec7edd6
                                                                                                                                                              0x7ff78ec7ede6
                                                                                                                                                              0x7ff78ec7edea
                                                                                                                                                              0x7ff78ec7edf8
                                                                                                                                                              0x7ff78ec7edfe
                                                                                                                                                              0x7ff78ec7ee12
                                                                                                                                                              0x7ff78ec7ee1c
                                                                                                                                                              0x7ff78ec7ee1f
                                                                                                                                                              0x7ff78ec7ee6d
                                                                                                                                                              0x7ff78ec7ee73
                                                                                                                                                              0x7ff78ec7ee76
                                                                                                                                                              0x7ff78ec7ee79
                                                                                                                                                              0x7ff78ec7ee7d
                                                                                                                                                              0x7ff78ec7ee81
                                                                                                                                                              0x7ff78ec7ee85
                                                                                                                                                              0x7ff78ec7ee89
                                                                                                                                                              0x7ff78ec7ee8f
                                                                                                                                                              0x7ff78ec7ee9c
                                                                                                                                                              0x7ff78ec7eea1
                                                                                                                                                              0x7ff78ec7eea3
                                                                                                                                                              0x7ff78ec7eea6
                                                                                                                                                              0x7ff78ec7eea8
                                                                                                                                                              0x7ff78ec7eead
                                                                                                                                                              0x7ff78ec7eed3

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                              • Opcode ID: c3e661dd0a8e72af9d0f52d4d715681398ec2a18bb9594ad95e5ad467ce8c58d
                                                                                                                                                              • Instruction ID: 06ea93badd9026419239e24a7e5f13eac1af4206c3a66164dfd7f9841d7124dd
                                                                                                                                                              • Opcode Fuzzy Hash: c3e661dd0a8e72af9d0f52d4d715681398ec2a18bb9594ad95e5ad467ce8c58d
                                                                                                                                                              • Instruction Fuzzy Hash: 3251B573F042228EFB24EFA8DD456BCA7A1BB51398FA0053DDE1D56AD5DB38A402C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC745DC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 49%
                                                                                                                                                              			E00007FF77FF78EC745DC(intOrPtr __edx, long long __rbx, void* __rcx, void* __r8, intOrPtr* __r9, long long _a16) {
				signed int _v56;
				intOrPtr _v64;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v120;
				signed long long _v128;
				long long _v136;
				void* __rsi;
				void* __rbp;
				long _t37;
				intOrPtr _t40;
				int _t42;
				signed int _t47;
				intOrPtr _t60;
				long _t61;
				signed long long _t78;
				signed long long _t79;
				intOrPtr _t89;
				void* _t102;

				_a16 = __rbx;
				_t78 =  *0x8ec9d000; // 0xa1f108556e84
				_t79 = _t78 ^ _t102 - 0x00000080;
				_v56 = _t79;
				r14d = __edx; // executed
				_t37 = GetFileType(??); // executed
				r15d = 1;
				asm("btr ecx, 0xf");
				if (_t37 != r15d) goto 0x8ec746e7;
				 *((intOrPtr*)(__r9 + 8)) = r15w;
				if (__rcx == 0) goto 0x8ec74656;
				_v120 = _v120 & 0x00000000;
				if (E00007FF77FF78EC749FC(__rcx,  &_v120, __r8) == 0) goto 0x8ec746fe;
				_t40 = _v120 - 1;
				 *((intOrPtr*)(__r9 + 0x10)) = _t40;
				 *__r9 = _t40;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x48], xmm0");
				_v64 = 0;
				asm("movups [ebp-0x38], xmm0");
				asm("movups [ebp-0x28], xmm0"); // executed
				_t42 = GetFileInformationByHandle(??, ??); // executed
				if (_t42 == 0) goto 0x8ec74702;
				_t60 = _v112;
				_t96 = __rcx;
				 *((short*)(__r9 + 6)) = E00007FF77FF78EC748C0(_t60, __r9, __rcx, __r8, _t102);
				E00007FF77FF78EC74784(_t60, _v92, _t96); // executed
				 *(__r9 + 0x20) = _t79;
				E00007FF77FF78EC74784(_t60, _v100, _t79); // executed
				_t89 = _v108;
				 *(__r9 + 0x18) = _t79;
				E00007FF77FF78EC74784(_t60, _t89,  *(__r9 + 0x20)); // executed
				 *(__r9 + 0x28) = _t79;
				 *(__r9 + 0x14) =  *(__r9 + 0x14) & 0x00000000;
				if (_v80 != 0) goto 0x8ec746da;
				_t47 = _v76;
				if (_t47 - 0x7fffffff > 0) goto 0x8ec746da;
				 *(__r9 + 0x14) = _t47;
				goto 0x8ec7475e;
				E00007FF77FF78EC75E08(_t79);
				 *_t79 = 0x84;
				goto 0x8ec746fe;
				_t25 = _t89 - 2; // -2
				if (_t25 - r15d <= 0) goto 0x8ec74711;
				if (_t60 != 0) goto 0x8ec74702;
				E00007FF77FF78EC75E08(_t79);
				 *_t79 = 9;
				goto 0x8ec74761;
				_t61 = GetLastError();
				E00007FF77FF78EC75D7C(_t61, _t79, _t89);
				goto 0x8ec746fe;
				 *((intOrPtr*)(__r9 + 8)) = r15w;
				 *((intOrPtr*)(__r9 + 0x10)) = r14d;
				 *__r9 = r14d;
				_t55 =  ==  ? 0x2000 : 0x1000;
				 *((short*)(__r9 + 6)) =  ==  ? 0x2000 : 0x1000;
				if (_t61 == 2) goto 0x8ec7475e;
				_v128 = _v128 & 0x00000000;
				_v136 =  &_v120;
				r9d = 0;
				r8d = 0;
				if (PeekNamedPipe(??, ??, ??, ??, ??, ??) == 0) goto 0x8ec7475e;
				 *(__r9 + 0x14) = _v120;
				return E00007FF77FF78EC6A040(r15b, _v120, _v56 ^ _t102 - 0x00000080);
			}


























                                                                                                                                                              0x7ff78ec745dc
                                                                                                                                                              0x7ff78ec745f2
                                                                                                                                                              0x7ff78ec745f9
                                                                                                                                                              0x7ff78ec745fc
                                                                                                                                                              0x7ff78ec7460c
                                                                                                                                                              0x7ff78ec7460f
                                                                                                                                                              0x7ff78ec74617
                                                                                                                                                              0x7ff78ec7461d
                                                                                                                                                              0x7ff78ec74624
                                                                                                                                                              0x7ff78ec7462a
                                                                                                                                                              0x7ff78ec74632
                                                                                                                                                              0x7ff78ec74634
                                                                                                                                                              0x7ff78ec74646
                                                                                                                                                              0x7ff78ec7464f
                                                                                                                                                              0x7ff78ec74651
                                                                                                                                                              0x7ff78ec74654
                                                                                                                                                              0x7ff78ec74656
                                                                                                                                                              0x7ff78ec74662
                                                                                                                                                              0x7ff78ec74666
                                                                                                                                                              0x7ff78ec74669
                                                                                                                                                              0x7ff78ec7466d
                                                                                                                                                              0x7ff78ec74671
                                                                                                                                                              0x7ff78ec74679
                                                                                                                                                              0x7ff78ec7467f
                                                                                                                                                              0x7ff78ec74682
                                                                                                                                                              0x7ff78ec74690
                                                                                                                                                              0x7ff78ec74694
                                                                                                                                                              0x7ff78ec746a0
                                                                                                                                                              0x7ff78ec746a4
                                                                                                                                                              0x7ff78ec746ad
                                                                                                                                                              0x7ff78ec746b1
                                                                                                                                                              0x7ff78ec746b5
                                                                                                                                                              0x7ff78ec746ba
                                                                                                                                                              0x7ff78ec746be
                                                                                                                                                              0x7ff78ec746c6
                                                                                                                                                              0x7ff78ec746c8
                                                                                                                                                              0x7ff78ec746d0
                                                                                                                                                              0x7ff78ec746d2
                                                                                                                                                              0x7ff78ec746d5
                                                                                                                                                              0x7ff78ec746da
                                                                                                                                                              0x7ff78ec746df
                                                                                                                                                              0x7ff78ec746e5
                                                                                                                                                              0x7ff78ec746e7
                                                                                                                                                              0x7ff78ec746ed
                                                                                                                                                              0x7ff78ec746f1
                                                                                                                                                              0x7ff78ec746f3
                                                                                                                                                              0x7ff78ec746f8
                                                                                                                                                              0x7ff78ec74700
                                                                                                                                                              0x7ff78ec74708
                                                                                                                                                              0x7ff78ec7470a
                                                                                                                                                              0x7ff78ec7470f
                                                                                                                                                              0x7ff78ec74714
                                                                                                                                                              0x7ff78ec7471e
                                                                                                                                                              0x7ff78ec74727
                                                                                                                                                              0x7ff78ec7472a
                                                                                                                                                              0x7ff78ec7472e
                                                                                                                                                              0x7ff78ec74732
                                                                                                                                                              0x7ff78ec74734
                                                                                                                                                              0x7ff78ec7473e
                                                                                                                                                              0x7ff78ec74743
                                                                                                                                                              0x7ff78ec74749
                                                                                                                                                              0x7ff78ec74756
                                                                                                                                                              0x7ff78ec7475b
                                                                                                                                                              0x7ff78ec74783

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                              • Opcode ID: 6eaa4ef96a403fe5916438ab277e3d4369226d7cf89e13e50e0c4077950b2f56
                                                                                                                                                              • Instruction ID: b38cc72efa3c2a6e092326ef99578d394c361f2534a5f1e98c43cf08dc122f6a
                                                                                                                                                              • Opcode Fuzzy Hash: 6eaa4ef96a403fe5916438ab277e3d4369226d7cf89e13e50e0c4077950b2f56
                                                                                                                                                              • Instruction Fuzzy Hash: 56519A22E086418AFB10EFF5D8513BDA7B5BB48B88FA08534DE0D5B689DF38D481C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC74488 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                              • Opcode ID: 390b95db17affa4f208a6eb99fe2f87c4499dc450baf817df354288345797a4a
                                                                                                                                                              • Instruction ID: f2cf2d6351d62502ccdba2e68ebe3eacc76c4566abdf5f664deac7cd727edc8f
                                                                                                                                                              • Opcode Fuzzy Hash: 390b95db17affa4f208a6eb99fe2f87c4499dc450baf817df354288345797a4a
                                                                                                                                                              • Instruction Fuzzy Hash: 7D418132E2878183E750ABE4D940379A260FB957A4F609334EA6C03AD1DF7CE5E4C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6A1AC Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                              			E00007FF77FF78EC6A1AC(intOrPtr* __rax, long long __rbx, long long __rsi, void* __r8, long long _a8, long long _a16) {
				char _v24;
				void* _t9;
				void* _t10;
				void* _t11;
				void* _t24;
				void* _t28;
				intOrPtr _t36;
				void* _t43;
				intOrPtr* _t56;
				intOrPtr* _t57;

				_t58 = __rbx;
				_t56 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_t9 = E00007FF77FF78EC6A62C(1); // executed
				if (_t9 == 0) goto 0x8ec6a303;
				sil = 0;
				_v24 = sil;
				_t10 = E00007FF77FF78EC6A5F0();
				_t36 =  *0x8ecac560; // 0x2
				if (_t36 == 1) goto 0x8ec6a30e;
				if (_t36 != 0) goto 0x8ec6a239;
				 *0x8ecac560 = 1;
				_t11 = E00007FF77FF78EC78B18(__rbx, 0x8ec8a3a0, 0x8ec8a3e0); // executed
				if (_t11 == 0) goto 0x8ec6a21a;
				goto 0x8ec6a2f3;
				E00007FF77FF78EC78AD4(_t58, 0x8ec8a388, 0x8ec8a398); // executed
				 *0x8ecac560 = 2;
				goto 0x8ec6a241;
				sil = 1;
				_v24 = sil;
				E00007FF77FF78EC6A944(E00007FF77FF78EC6A79C(_t10, 0x8ec8a398));
				if ( *_t56 == 0) goto 0x8ec6a274;
				if (E00007FF77FF78EC6A704(_t56, _t56) == 0) goto 0x8ec6a274;
				r8d = 0;
				_t57 =  *_t56;
				E00007FF77FF78EC6A94C( *0x8ec8a360());
				if ( *_t57 == 0) goto 0x8ec6a296;
				if (E00007FF77FF78EC6A704(_t57, _t57) == 0) goto 0x8ec6a296;
				_t67 =  *_t57;
				E00007FF77FF78EC78E34( *_t57);
				E00007FF77FF78EC6E2F8(E00007FF77FF78EC6E300(E00007FF77FF78EC78A7C(_t43,  *_t57, __rsi)));
				_t78 = _t57;
				_t70 =  *_t57;
				_t24 = E00007FF77FF78EC61000( *_t57, _t57,  *_t57); // executed
				if (E00007FF77FF78EC6AAB0(_t57) == 0) goto 0x8ec6a318;
				if (sil != 0) goto 0x8ec6a2cd;
				E00007FF77FF78EC78E18( *_t57,  *_t57, _t57);
				E00007FF77FF78EC6A7C0(1, 0);
				_t28 = _t24;
				if (E00007FF77FF78EC6AAB0(_t57) == 0) goto 0x8ec6a320;
				if (_v24 != 0) goto 0x8ec6a2f1;
				E00007FF77FF78EC78E08(_t67, _t70, _t78);
				return _t28;
			}













                                                                                                                                                              0x7ff78ec6a1ac
                                                                                                                                                              0x7ff78ec6a1ac
                                                                                                                                                              0x7ff78ec6a1ac
                                                                                                                                                              0x7ff78ec6a1b1
                                                                                                                                                              0x7ff78ec6a1c0
                                                                                                                                                              0x7ff78ec6a1c7
                                                                                                                                                              0x7ff78ec6a1cd
                                                                                                                                                              0x7ff78ec6a1d0
                                                                                                                                                              0x7ff78ec6a1d5
                                                                                                                                                              0x7ff78ec6a1dc
                                                                                                                                                              0x7ff78ec6a1e5
                                                                                                                                                              0x7ff78ec6a1ed
                                                                                                                                                              0x7ff78ec6a1ef
                                                                                                                                                              0x7ff78ec6a207
                                                                                                                                                              0x7ff78ec6a20e
                                                                                                                                                              0x7ff78ec6a215
                                                                                                                                                              0x7ff78ec6a228
                                                                                                                                                              0x7ff78ec6a22d
                                                                                                                                                              0x7ff78ec6a237
                                                                                                                                                              0x7ff78ec6a239
                                                                                                                                                              0x7ff78ec6a23c
                                                                                                                                                              0x7ff78ec6a248
                                                                                                                                                              0x7ff78ec6a254
                                                                                                                                                              0x7ff78ec6a260
                                                                                                                                                              0x7ff78ec6a262
                                                                                                                                                              0x7ff78ec6a26b
                                                                                                                                                              0x7ff78ec6a274
                                                                                                                                                              0x7ff78ec6a280
                                                                                                                                                              0x7ff78ec6a28c
                                                                                                                                                              0x7ff78ec6a28e
                                                                                                                                                              0x7ff78ec6a291
                                                                                                                                                              0x7ff78ec6a2a6
                                                                                                                                                              0x7ff78ec6a2ab
                                                                                                                                                              0x7ff78ec6a2ae
                                                                                                                                                              0x7ff78ec6a2b3
                                                                                                                                                              0x7ff78ec6a2c1
                                                                                                                                                              0x7ff78ec6a2c6
                                                                                                                                                              0x7ff78ec6a2c8
                                                                                                                                                              0x7ff78ec6a2d1
                                                                                                                                                              0x7ff78ec6a2d6
                                                                                                                                                              0x7ff78ec6a2e3
                                                                                                                                                              0x7ff78ec6a2ea
                                                                                                                                                              0x7ff78ec6a2ec
                                                                                                                                                              0x7ff78ec6a302

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3058843127-0
                                                                                                                                                              • Opcode ID: e5e3ea882dc0bb376d34f14d5af4821e16f87c6062b833b77fef9bfc3619a739
                                                                                                                                                              • Instruction ID: 1bccb98eeed0e2245a30b4c90416304caacb068387d0280c778d54d4eeaa75aa
                                                                                                                                                              • Opcode Fuzzy Hash: e5e3ea882dc0bb376d34f14d5af4821e16f87c6062b833b77fef9bfc3619a739
                                                                                                                                                              • Instruction Fuzzy Hash: B6313621E4865246EA44BBE6D5113BBE391BF45784FE44039EA4E4B2B3DF3DE804C260
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC78D2C Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 28%
                                                                                                                                                              			E00007FF77FF78EC78D2C() {
				void* _t1;
				void* _t6;
				void* _t11;

				_t1 = E00007FF77FF78EC78D60(); // executed
				if (_t1 == 0) goto 0x8ec78d4e;
				GetCurrentProcess();
				E00007FF77FF78EC78D90(TerminateProcess(??, ??), _t6, _t11);
				ExitProcess(??);
			}






                                                                                                                                                              0x7ff78ec78d34
                                                                                                                                                              0x7ff78ec78d3b
                                                                                                                                                              0x7ff78ec78d3d
                                                                                                                                                              0x7ff78ec78d50
                                                                                                                                                              0x7ff78ec78d57

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                              • Opcode ID: 2739020fbf1cdf8a1f36dbda9851b54ada907a9a0b372ffa0afda25bde580b5b
                                                                                                                                                              • Instruction ID: d0d7d13575edee5431aee149a8fca9b5a73ab0deaa2d30ec245bb9c19437616e
                                                                                                                                                              • Opcode Fuzzy Hash: 2739020fbf1cdf8a1f36dbda9851b54ada907a9a0b372ffa0afda25bde580b5b
                                                                                                                                                              • Instruction Fuzzy Hash: F4D01710F0832A42EA983BB19D451BA92517F68740FA01838CE1F06392CF3CE808C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6E618 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC6E618(intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, long long __r9, long long _a8, long long _a32) {

				_a8 = __rbx;
				_a32 = __r9;
				if (__r8 == 0) goto 0x8ec6e659;
				if (__r9 == 0) goto 0x8ec6e659;
				if (__rcx != 0) goto 0x8ec6e670;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				return 0;
			}



                                                                                                                                                              0x7ff78ec6e618
                                                                                                                                                              0x7ff78ec6e61d
                                                                                                                                                              0x7ff78ec6e63d
                                                                                                                                                              0x7ff78ec6e642
                                                                                                                                                              0x7ff78ec6e647
                                                                                                                                                              0x7ff78ec6e649
                                                                                                                                                              0x7ff78ec6e64e
                                                                                                                                                              0x7ff78ec6e654
                                                                                                                                                              0x7ff78ec6e66f

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: ff961ccf907298f6c75efeaf27b07b5a3350d64c25d99305a78acfb177265596
                                                                                                                                                              • Instruction ID: 335ce16c8f688a51c9fddb1417128fd6063d694cdeb340d0360e5da273e3b69f
                                                                                                                                                              • Opcode Fuzzy Hash: ff961ccf907298f6c75efeaf27b07b5a3350d64c25d99305a78acfb177265596
                                                                                                                                                              • Instruction Fuzzy Hash: 5A51D831F0924689FE64BEAAD50067BE641BF44BA4FA4423ADD6C077E5DF3CE501C620
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC77248 Relevance: 3.1, APIs: 2, Instructions: 130COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00007FF77FF78EC77248(void* __ecx, long long __rbx, signed int __rdx, long long __rdi, long long __r14, long long _a8, long long _a16, long long _a24) {
				signed long long _v24;
				int _t20;
				long _t21;
				void* _t29;
				void* _t43;
				void* _t45;
				void* _t53;
				void* _t64;
				signed int* _t66;
				signed long long _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				intOrPtr* _t71;
				signed long long _t74;
				void* _t77;
				intOrPtr _t78;
				void* _t80;
				signed long long* _t85;
				void* _t89;
				signed long long _t93;
				intOrPtr _t95;
				signed long long _t96;
				void* _t97;
				void* _t98;
				signed long long _t102;
				signed long long _t106;

				_a8 = __rbx;
				_a16 = __rdi;
				_a24 = __r14;
				_t43 = __ecx;
				_t66 = __rdx - 3;
				if (_t66 - 1 <= 0) goto 0x8ec773ed;
				_t45 = __ecx - 0x16;
				if (_t45 > 0) goto 0x8ec77332;
				asm("bt eax, ecx");
				if (_t45 >= 0) goto 0x8ec77332;
				r15d = 0;
				E00007FF77FF78EC7FB48();
				if (__ecx == 2) goto 0x8ec772a0;
				if (__ecx != 0x15) goto 0x8ec772d9;
				if ( *0x8ecac784 != 0) goto 0x8ec772d9;
				_t20 = SetConsoleCtrlHandler(??, ??); // executed
				if (_t20 == 0) goto 0x8ec772c8;
				 *0x8ecac784 = 1;
				goto 0x8ec772d9;
				_t21 = GetLastError();
				E00007FF77FF78EC75DE8(_t66);
				 *_t66 = _t21;
				E00007FF77FF78EC76F3C(__ecx, _t20);
				if (_t66 == 0) goto 0x8ec77318;
				_t93 =  *0x8ec9d000; // 0xa1f108556e84
				_t106 = _t93 ^  *_t66;
				asm("dec ecx");
				_v24 = _t106;
				if (__rdx == 2) goto 0x8ec77318;
				asm("dec ecx");
				_t102 = __rdx ^ _t93;
				 *_t66 = _t102;
				E00007FF77FF78EC7FBA8();
				if (1 != 0) goto 0x8ec773ed;
				_t67 = _t106;
				goto 0x8ec7740b;
				_t53 = __ecx - 0xb;
				if (_t53 > 0) goto 0x8ec773ed;
				asm("bt eax, edi");
				if (_t53 >= 0) goto 0x8ec773ed;
				E00007FF77FF78EC7AC28(_t67, __rbx, 0x7ff78ec76ea0, __rdx, _t89, _t97);
				_t74 = _t67;
				if (_t67 == 0) goto 0x8ec773ed;
				_t77 =  *_t67;
				_t68 = _t77;
				if (_t77 != 0x8ec91720) goto 0x8ec77398;
				_t78 =  *0x8ec917e8; // 0xc0
				E00007FF77FF78EC7CFA0(_t68, _t78);
				 *_t74 = _t68;
				if (_t68 == 0) goto 0x8ec773ed;
				E00007FF77FF78EC6ADF0();
				_t80 =  *_t74;
				_t69 = _t80;
				_t95 =  *0x8ec917e0; // 0xc
				_t96 = _t95 + _t95;
				goto 0x8ec773b1;
				if ( *((intOrPtr*)(_t69 + 4)) == _t43) goto 0x8ec773b8;
				_t70 = _t69 + 0x10;
				if (_t70 != _t69 + _t96 * 8) goto 0x8ec773a8;
				if (_t70 == 0) goto 0x8ec773ed;
				_t11 = _t70 + 8; // 0x8
				_t85 = _t11;
				if (_t102 == 2) goto 0x8ec773e8;
				_t98 = _t80 + _t96 * 8;
				if (_t70 == _t98) goto 0x8ec773e8;
				if ( *((intOrPtr*)(_t85 - 4)) != _t43) goto 0x8ec773e8;
				 *_t85 = _t102;
				_t15 =  &(_t85[2]) - 8; // -16
				if (_t15 != _t98) goto 0x8ec773d3;
				_t71 =  *_t85;
				goto 0x8ec7740b;
				_t64 = _t43 - 0x11;
				if (_t64 > 0) goto 0x8ec773fc;
				asm("bt eax, edi");
				if (_t64 < 0) goto 0x8ec77407;
				_t29 = E00007FF77FF78EC75E08(_t71);
				 *_t71 = 0x16;
				return _t29;
			}






























                                                                                                                                                              0x7ff78ec77248
                                                                                                                                                              0x7ff78ec7724d
                                                                                                                                                              0x7ff78ec77252
                                                                                                                                                              0x7ff78ec77260
                                                                                                                                                              0x7ff78ec77262
                                                                                                                                                              0x7ff78ec7726a
                                                                                                                                                              0x7ff78ec77270
                                                                                                                                                              0x7ff78ec77273
                                                                                                                                                              0x7ff78ec7727e
                                                                                                                                                              0x7ff78ec77281
                                                                                                                                                              0x7ff78ec77289
                                                                                                                                                              0x7ff78ec77290
                                                                                                                                                              0x7ff78ec77299
                                                                                                                                                              0x7ff78ec7729e
                                                                                                                                                              0x7ff78ec772a7
                                                                                                                                                              0x7ff78ec772b5
                                                                                                                                                              0x7ff78ec772bd
                                                                                                                                                              0x7ff78ec772bf
                                                                                                                                                              0x7ff78ec772c6
                                                                                                                                                              0x7ff78ec772c8
                                                                                                                                                              0x7ff78ec772d0
                                                                                                                                                              0x7ff78ec772d5
                                                                                                                                                              0x7ff78ec772db
                                                                                                                                                              0x7ff78ec772e3
                                                                                                                                                              0x7ff78ec772e5
                                                                                                                                                              0x7ff78ec772f5
                                                                                                                                                              0x7ff78ec772fa
                                                                                                                                                              0x7ff78ec772fd
                                                                                                                                                              0x7ff78ec77306
                                                                                                                                                              0x7ff78ec7730f
                                                                                                                                                              0x7ff78ec77312
                                                                                                                                                              0x7ff78ec77315
                                                                                                                                                              0x7ff78ec7731d
                                                                                                                                                              0x7ff78ec77324
                                                                                                                                                              0x7ff78ec7732a
                                                                                                                                                              0x7ff78ec7732d
                                                                                                                                                              0x7ff78ec77332
                                                                                                                                                              0x7ff78ec77335
                                                                                                                                                              0x7ff78ec77340
                                                                                                                                                              0x7ff78ec77343
                                                                                                                                                              0x7ff78ec77349
                                                                                                                                                              0x7ff78ec7734e
                                                                                                                                                              0x7ff78ec77354
                                                                                                                                                              0x7ff78ec7735a
                                                                                                                                                              0x7ff78ec7735d
                                                                                                                                                              0x7ff78ec7736a
                                                                                                                                                              0x7ff78ec7736c
                                                                                                                                                              0x7ff78ec77373
                                                                                                                                                              0x7ff78ec77378
                                                                                                                                                              0x7ff78ec7737e
                                                                                                                                                              0x7ff78ec7738d
                                                                                                                                                              0x7ff78ec77392
                                                                                                                                                              0x7ff78ec77395
                                                                                                                                                              0x7ff78ec77398
                                                                                                                                                              0x7ff78ec7739f
                                                                                                                                                              0x7ff78ec773a6
                                                                                                                                                              0x7ff78ec773ab
                                                                                                                                                              0x7ff78ec773ad
                                                                                                                                                              0x7ff78ec773b4
                                                                                                                                                              0x7ff78ec773bb
                                                                                                                                                              0x7ff78ec773bd
                                                                                                                                                              0x7ff78ec773bd
                                                                                                                                                              0x7ff78ec773c8
                                                                                                                                                              0x7ff78ec773ca
                                                                                                                                                              0x7ff78ec773d1
                                                                                                                                                              0x7ff78ec773d6
                                                                                                                                                              0x7ff78ec773d8
                                                                                                                                                              0x7ff78ec773df
                                                                                                                                                              0x7ff78ec773e6
                                                                                                                                                              0x7ff78ec773e8
                                                                                                                                                              0x7ff78ec773eb
                                                                                                                                                              0x7ff78ec773ed
                                                                                                                                                              0x7ff78ec773f0
                                                                                                                                                              0x7ff78ec773f7
                                                                                                                                                              0x7ff78ec773fa
                                                                                                                                                              0x7ff78ec773fc
                                                                                                                                                              0x7ff78ec77401
                                                                                                                                                              0x7ff78ec77420

                                                                                                                                                              APIs
                                                                                                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF78EC796D4), ref: 00007FF78EC772B5
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF78EC796D4), ref: 00007FF78EC772C8
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleCtrlErrorHandlerLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3113525192-0
                                                                                                                                                              • Opcode ID: 2f8090beb6b2e1911ce0735fdaa1e879e13002fbf5d59bbda86532b115075e6e
                                                                                                                                                              • Instruction ID: da66373fed9156a70426fe89a55d361ad63daf14929bd44033ec9a6ce27f5ee2
                                                                                                                                                              • Opcode Fuzzy Hash: 2f8090beb6b2e1911ce0735fdaa1e879e13002fbf5d59bbda86532b115075e6e
                                                                                                                                                              • Instruction Fuzzy Hash: 3F51BC62F0A74681FA11BB99D8902BDA695BF81B81FE54936DE5D033D1DF7CE890C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7BDA0 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF78EC7BDA0(void* __ecx, long long __rbx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed char _t53;
				signed int _t54;
				void* _t73;
				long long _t77;
				intOrPtr _t78;
				void* _t95;
				long _t98;

				_t73 = _t95;
				 *((long long*)(_t73 + 8)) = __rbx;
				 *((long long*)(_t73 + 0x10)) = __rbp;
				 *((long long*)(_t73 + 0x18)) = __rsi;
				 *((long long*)(_t73 + 0x20)) = __rdi;
				r14d = 0;
				_t77 =  *((intOrPtr*)(0x7ff78ecaca78)) + 2;
				if (_t77 - 1 <= 0) goto 0x8ec7bdf3;
				 *0x7FF78ECACA88 =  *0x7FF78ECACA88 | 0x00000080;
				goto 0x8ec7be7e;
				 *0x7FF78ECACA88 = 0x81;
				if (0 == 0) goto 0x8ec7be14;
				if (0 == 0) goto 0x8ec7be0d;
				goto 0x8ec7be19;
				goto 0x8ec7be19;
				GetStdHandle(_t98);
				_t21 = _t77 + 1; // 0x1
				if (_t21 - 1 <= 0) goto 0x8ec7be59;
				_t53 = GetFileType(??); // executed
				if (_t53 == 0) goto 0x8ec7be59;
				_t54 = _t53 & 0x000000ff;
				 *((long long*)(0x7ff78ecaca78)) = _t77;
				if (_t54 != 2) goto 0x8ec7be4d;
				 *0x7FF78ECACA88 =  *0x7FF78ECACA88 | 0x00000040;
				goto 0x8ec7be7e;
				if (_t54 != 3) goto 0x8ec7be7e;
				 *0x7FF78ECACA88 =  *0x7FF78ECACA88 | 0x00000008;
				goto 0x8ec7be7e;
				 *0x7FF78ECACA88 =  *0x7FF78ECACA88 | 0x00000040;
				 *((long long*)( *0x7FF794A1A7B8 + 0x28)) = 0xfffffffe;
				_t78 =  *0x8ecac778; // 0x0
				if (_t78 == 0) goto 0x8ec7be7e;
				 *((intOrPtr*)( *((intOrPtr*)(_t98 + _t78)) + 0x18)) = 0xfffffffe;
				if (1 != 3) goto 0x8ec7bdbe;
				return _t54;
			}










                                                                                                                                                              0x7ff78ec7bda0
                                                                                                                                                              0x7ff78ec7bda3
                                                                                                                                                              0x7ff78ec7bda7
                                                                                                                                                              0x7ff78ec7bdab
                                                                                                                                                              0x7ff78ec7bdaf
                                                                                                                                                              0x7ff78ec7bdbb
                                                                                                                                                              0x7ff78ec7bddf
                                                                                                                                                              0x7ff78ec7bde7
                                                                                                                                                              0x7ff78ec7bde9
                                                                                                                                                              0x7ff78ec7bdee
                                                                                                                                                              0x7ff78ec7bdf3
                                                                                                                                                              0x7ff78ec7bdfc
                                                                                                                                                              0x7ff78ec7be01
                                                                                                                                                              0x7ff78ec7be0b
                                                                                                                                                              0x7ff78ec7be12
                                                                                                                                                              0x7ff78ec7be19
                                                                                                                                                              0x7ff78ec7be22
                                                                                                                                                              0x7ff78ec7be2a
                                                                                                                                                              0x7ff78ec7be2f
                                                                                                                                                              0x7ff78ec7be37
                                                                                                                                                              0x7ff78ec7be39
                                                                                                                                                              0x7ff78ec7be3c
                                                                                                                                                              0x7ff78ec7be44
                                                                                                                                                              0x7ff78ec7be46
                                                                                                                                                              0x7ff78ec7be4b
                                                                                                                                                              0x7ff78ec7be50
                                                                                                                                                              0x7ff78ec7be52
                                                                                                                                                              0x7ff78ec7be57
                                                                                                                                                              0x7ff78ec7be59
                                                                                                                                                              0x7ff78ec7be5e
                                                                                                                                                              0x7ff78ec7be67
                                                                                                                                                              0x7ff78ec7be71
                                                                                                                                                              0x7ff78ec7be77
                                                                                                                                                              0x7ff78ec7be87
                                                                                                                                                              0x7ff78ec7bea7

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                              • Opcode ID: 94318e8cf8a7b71dcb4138edf811e4b714f185fee6d3a367285caa89e278a853
                                                                                                                                                              • Instruction ID: d02cac84a75c31793aa34ee659382fb19611964e9138f72c9265c94562b87e7f
                                                                                                                                                              • Opcode Fuzzy Hash: 94318e8cf8a7b71dcb4138edf811e4b714f185fee6d3a367285caa89e278a853
                                                                                                                                                              • Instruction Fuzzy Hash: C431C721E18B4591D7609BA9D980178BA51FB45BF0FB8073ADB6E073E0CF38E461D350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6A0C0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                              			E00007FF77FF78EC6A0C0(intOrPtr* __rax) {
				void* __rbx;
				void* _t2;
				intOrPtr _t6;
				void* _t20;
				intOrPtr* _t32;
				void* _t33;
				void* _t34;
				void* _t37;

				_t32 = __rax;
				E00007FF77FF78EC78080(_t2, 1);
				E00007FF77FF78EC755AC(E00007FF77FF78EC6A8F4(), __rax, _t34);
				_t6 = E00007FF77FF78EC64520();
				E00007FF77FF78EC78FD0(_t6);
				 *_t32 = _t6;
				if (E00007FF77FF78EC6A678(1, _t32) == 0) goto 0x8ec6a16b;
				E00007FF77FF78EC6AB7C(_t33);
				E00007FF77FF78EC6A828(E00007FF77FF78EC6A678(1, _t32), _t32);
				if (E00007FF77FF78EC78314(E00007FF77FF78EC6A8EC(), _t32, _t33, E00007FF77FF78EC6ABC0, _t37) != 0) goto 0x8ec6a16b;
				E00007FF77FF78EC6A8FC();
				if (E00007FF77FF78EC6A938() == 0) goto 0x8ec6a133;
				E00007FF77FF78EC62470(E00007FF77FF78EC62470(E00007FF77FF78EC780E8(_t13, 0x7ff78ec64520)));
				E00007FF77FF78EC78F30(E00007FF77FF78EC64520(), _t32, 0x7ff78ec64520);
				if (E00007FF77FF78EC6A910() == 0) goto 0x8ec6a157; // executed
				0x8ec78acc(); // executed
				_t20 = E00007FF77FF78EC64520();
				0x8ec6aaa8();
				if (_t20 != 0) goto 0x8ec6a16b;
				return _t20;
			}











                                                                                                                                                              0x7ff78ec6a0c0
                                                                                                                                                              0x7ff78ec6a0cb
                                                                                                                                                              0x7ff78ec6a0d7
                                                                                                                                                              0x7ff78ec6a0dc
                                                                                                                                                              0x7ff78ec6a0e3
                                                                                                                                                              0x7ff78ec6a0ed
                                                                                                                                                              0x7ff78ec6a0f6
                                                                                                                                                              0x7ff78ec6a0f8
                                                                                                                                                              0x7ff78ec6a104
                                                                                                                                                              0x7ff78ec6a117
                                                                                                                                                              0x7ff78ec6a119
                                                                                                                                                              0x7ff78ec6a125
                                                                                                                                                              0x7ff78ec6a138
                                                                                                                                                              0x7ff78ec6a144
                                                                                                                                                              0x7ff78ec6a150
                                                                                                                                                              0x7ff78ec6a152
                                                                                                                                                              0x7ff78ec6a157
                                                                                                                                                              0x7ff78ec6a15c
                                                                                                                                                              0x7ff78ec6a163
                                                                                                                                                              0x7ff78ec6a16a

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3548387204-0
                                                                                                                                                              • Opcode ID: ac4647f365047c21b947ff21438f1dfebbf13be18e0a439c5f7d00969711d5ce
                                                                                                                                                              • Instruction ID: 0aa28afaec50b47277d5f2303e99237a0841f772432d9d68d10850e41a8830d5
                                                                                                                                                              • Opcode Fuzzy Hash: ac4647f365047c21b947ff21438f1dfebbf13be18e0a439c5f7d00969711d5ce
                                                                                                                                                              • Instruction Fuzzy Hash: 52117761E1D20281FA0472F5D8122BB91913F88344FE5143AEA5D862E3EF3CE841C672
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7A4C8 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E00007FF77FF78EC7A4C8(signed int __ecx, void* __edx, void* __edi, void* __eflags, void* __rax, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				void* __rdi;
				int _t22;
				long _t29;
				intOrPtr _t51;
				void* _t65;

				_a8 = __rbx;
				_a16 = __rsi;
				_t65 = __rdx;
				E00007FF77FF78EC76DDC(__edi, __rax);
				if (__rax != 0xffffffff) goto 0x8ec7a4ee;
				goto 0x8ec7a548;
				_t51 =  *0x8ecaca50; // 0x2176c615d60
				if (__edi != 1) goto 0x8ec7a508;
				if (( *(_t51 + 0xc8) & dil) != 0) goto 0x8ec7a515;
				if (__edi != 2) goto 0x8ec7a52c;
				if (( *(_t51 + 0x80) & 0x00000001) == 0) goto 0x8ec7a52c;
				E00007FF77FF78EC76DDC(2, _t51);
				E00007FF77FF78EC76DDC(1, _t51);
				if (_t51 == _t51) goto 0x8ec7a4ea;
				E00007FF77FF78EC76DDC(__edi, _t51);
				_t22 = FindCloseChangeNotification(??); // executed
				if (_t22 != 0) goto 0x8ec7a4ea;
				_t29 = GetLastError();
				E00007FF77FF78EC76D20(_t23, _t29, __edi, _t51, __ecx, _t65);
				 *((char*)( *((intOrPtr*)(0x8ecaca50 + (__ecx >> 6) * 8)) + 0x38 + (__ecx + __ecx * 8) * 8)) = 0;
				if (_t29 == 0) goto 0x8ec7a583;
				E00007FF77FF78EC75DC4(_t29, _t65);
				goto 0x8ec7a585;
				return 0;
			}








                                                                                                                                                              0x7ff78ec7a4c8
                                                                                                                                                              0x7ff78ec7a4cd
                                                                                                                                                              0x7ff78ec7a4da
                                                                                                                                                              0x7ff78ec7a4df
                                                                                                                                                              0x7ff78ec7a4e8
                                                                                                                                                              0x7ff78ec7a4ec
                                                                                                                                                              0x7ff78ec7a4ee
                                                                                                                                                              0x7ff78ec7a4fd
                                                                                                                                                              0x7ff78ec7a506
                                                                                                                                                              0x7ff78ec7a50a
                                                                                                                                                              0x7ff78ec7a513
                                                                                                                                                              0x7ff78ec7a515
                                                                                                                                                              0x7ff78ec7a522
                                                                                                                                                              0x7ff78ec7a52a
                                                                                                                                                              0x7ff78ec7a52e
                                                                                                                                                              0x7ff78ec7a536
                                                                                                                                                              0x7ff78ec7a53e
                                                                                                                                                              0x7ff78ec7a546
                                                                                                                                                              0x7ff78ec7a54a
                                                                                                                                                              0x7ff78ec7a56b
                                                                                                                                                              0x7ff78ec7a572
                                                                                                                                                              0x7ff78ec7a579
                                                                                                                                                              0x7ff78ec7a581
                                                                                                                                                              0x7ff78ec7a594

                                                                                                                                                              APIs
                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF78EC7A345,?,?,00000000,00007FF78EC7A3FA), ref: 00007FF78EC7A536
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF78EC7A345,?,?,00000000,00007FF78EC7A3FA), ref: 00007FF78EC7A540
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1687624791-0
                                                                                                                                                              • Opcode ID: 6df09b5d312745fd4b88d0075a89d3a0a87329057c91ac2151b374d90935292b
                                                                                                                                                              • Instruction ID: ab19a64d108ffa79b9c35c6b1f2a2273bd06a5c7c9929570c6e3dbba217cedcc
                                                                                                                                                              • Opcode Fuzzy Hash: 6df09b5d312745fd4b88d0075a89d3a0a87329057c91ac2151b374d90935292b
                                                                                                                                                              • Instruction Fuzzy Hash: 8A21C611F2C64245FF9477A9D9952B99291BF447A0FA44235D92E473C2DF7CE445C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC81F2C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E00007FF77FF78EC81F2C(signed int __rax, long long __rbx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				signed long long _t25;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				GetEnvironmentStringsW();
				if (__rax == 0) goto 0x8ec81fb3;
				if ( *__rax == 0) goto 0x8ec81f72;
				_t25 = (__rax | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rax + _t25 * 2)) != 0) goto 0x8ec81f5c;
				if ( *((intOrPtr*)(__rax + _t25 * 2 + 2)) != 0) goto 0x8ec81f58;
				E00007FF77FF78EC7CFA0(_t25, (__rax + _t25 * 2 + 2 - __rax + 2 >> 1) + (__rax + _t25 * 2 + 2 - __rax + 2 >> 1)); // executed
				if (_t25 == 0) goto 0x8ec81fa0;
				E00007FF77FF78EC6ADF0();
				E00007FF77FF78EC7A2B8(_t25, _t25);
				return FreeEnvironmentStringsW(??);
			}




                                                                                                                                                              0x7ff78ec81f2c
                                                                                                                                                              0x7ff78ec81f31
                                                                                                                                                              0x7ff78ec81f36
                                                                                                                                                              0x7ff78ec81f40
                                                                                                                                                              0x7ff78ec81f4e
                                                                                                                                                              0x7ff78ec81f56
                                                                                                                                                              0x7ff78ec81f5c
                                                                                                                                                              0x7ff78ec81f63
                                                                                                                                                              0x7ff78ec81f70
                                                                                                                                                              0x7ff78ec81f82
                                                                                                                                                              0x7ff78ec81f8d
                                                                                                                                                              0x7ff78ec81f98
                                                                                                                                                              0x7ff78ec81fa2
                                                                                                                                                              0x7ff78ec81fc7

                                                                                                                                                              APIs
                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF78EC7852A,?,?,00000000,00007FF78EC78A1E,?,?,?,?,00007FF78EC808D4,?,?,00000000), ref: 00007FF78EC81F40
                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF78EC7852A,?,?,00000000,00007FF78EC78A1E,?,?,?,?,00007FF78EC808D4,?,?,00000000), ref: 00007FF78EC81FAA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: EnvironmentStrings$Free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3328510275-0
                                                                                                                                                              • Opcode ID: d845596f13a80c05a5bcafccd6440ff9d8e81ab330dfce5f9c100fa5c927362c
                                                                                                                                                              • Instruction ID: 4deaddf376df0d224a1e2e10715264c3e627093c1af04966b703097aeed4863e
                                                                                                                                                              • Opcode Fuzzy Hash: d845596f13a80c05a5bcafccd6440ff9d8e81ab330dfce5f9c100fa5c927362c
                                                                                                                                                              • Instruction Fuzzy Hash: D6016521E1876541EA10BF95A51006AE3A0BF59FE0BE84634EF6E137C9DF3CE842C350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7BABC Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF78EC7BABC(signed int __ecx, void* __edx, void* __edi, void* __eflags, void* __rax, long long __rbx, void* __rdx, long long __rsi, long long __rbp, void* __r9, long long _a8, long long _a16, long long _a24) {
				intOrPtr _v24;
				int _t22;
				void* _t24;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				E00007FF77FF78EC76DDC(__edi, __rax);
				if (__rax != 0xffffffff) goto 0x8ec7bafa;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 9;
				goto 0x8ec7bb50;
				r9d = r8d;
				_t22 = SetFilePointerEx(??, ??, ??, ??); // executed
				if (_t22 != 0) goto 0x8ec7bb24;
				_t24 = E00007FF77FF78EC75DC4(GetLastError(), __r9);
				goto 0x8ec7baf4;
				if (_v24 == 0xffffffff) goto 0x8ec7baf4;
				 *( *((intOrPtr*)(0x8ecaca50 + (__ecx >> 6) * 8)) + 0x38 + (__ecx + __ecx * 8) * 8) =  *( *((intOrPtr*)(0x8ecaca50 + (__ecx >> 6) * 8)) + 0x38 + (__ecx + __ecx * 8) * 8) & 0x000000fd;
				return _t24;
			}






                                                                                                                                                              0x7ff78ec7babc
                                                                                                                                                              0x7ff78ec7bac1
                                                                                                                                                              0x7ff78ec7bac6
                                                                                                                                                              0x7ff78ec7bade
                                                                                                                                                              0x7ff78ec7bae7
                                                                                                                                                              0x7ff78ec7bae9
                                                                                                                                                              0x7ff78ec7baed
                                                                                                                                                              0x7ff78ec7baf8
                                                                                                                                                              0x7ff78ec7bafa
                                                                                                                                                              0x7ff78ec7bb08
                                                                                                                                                              0x7ff78ec7bb10
                                                                                                                                                              0x7ff78ec7bb1d
                                                                                                                                                              0x7ff78ec7bb22
                                                                                                                                                              0x7ff78ec7bb2d
                                                                                                                                                              0x7ff78ec7bb4b
                                                                                                                                                              0x7ff78ec7bb64

                                                                                                                                                              APIs
                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF78EC7BA5C,?,?,?,?,00000000,?,?,00007FF78EC7BBB1), ref: 00007FF78EC7BB08
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00007FF78EC7BA5C,?,?,?,?,00000000,?,?,00007FF78EC7BBB1), ref: 00007FF78EC7BB12
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                              • Opcode ID: ddacae6aa89976049064c496390e2f418d38dbd4df1d4b0c029dff0bf2143edf
                                                                                                                                                              • Instruction ID: 6c2d04c909bd96f33cb6800f744c9fbf279e590fa41a293701462e30ea00b8d1
                                                                                                                                                              • Opcode Fuzzy Hash: ddacae6aa89976049064c496390e2f418d38dbd4df1d4b0c029dff0bf2143edf
                                                                                                                                                              • Instruction Fuzzy Hash: 8E110461F08A9185DA10AB6AE9441B9A762FB44BF0FA44331EE7D0B7D8DF7CD010C750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC74784 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC74699), ref: 00007FF78EC747B7
                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC74699), ref: 00007FF78EC747CD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                              • Opcode ID: 40cd053a4a77d0828c45793dd0685d93c9fdf8fa582ea42d2a9a6ce314da643c
                                                                                                                                                              • Instruction ID: 0098cd925bb363da4636ee70440334c553ab12efae4d09afffca78242f84923a
                                                                                                                                                              • Opcode Fuzzy Hash: 40cd053a4a77d0828c45793dd0685d93c9fdf8fa582ea42d2a9a6ce314da643c
                                                                                                                                                              • Instruction Fuzzy Hash: 8D117731E0C75281EB54AB99E85117BF7A0FB85765FA0023AFAAD819E4EF3CD054CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC76868 Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC766E5), ref: 00007FF78EC7688B
                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC766E5), ref: 00007FF78EC768A1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                              • Opcode ID: b0a876e5b4efe6886098bed98d7bfd7bac4ab3368499571b6693e9ded2bf2281
                                                                                                                                                              • Instruction ID: 6b7d0372e2a2dffc4b5da9575838276c5063e26519e43f67c8d895c41d68b011
                                                                                                                                                              • Opcode Fuzzy Hash: b0a876e5b4efe6886098bed98d7bfd7bac4ab3368499571b6693e9ded2bf2281
                                                                                                                                                              • Instruction Fuzzy Hash: DF018E32A1C361C6E764AF59E80123AF7A0FB81761FB00236EAB9055D4DF3DD050DB20
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7A2B8 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF78EC7A2B8(intOrPtr* __rax, void* __rcx) {
				int _t1;
				intOrPtr _t3;
				void* _t4;
				void* _t11;
				intOrPtr _t14;

				if (__rcx == 0) goto 0x8ec7a2f3;
				_t14 =  *0x8ecad280; // 0x2176c610000, executed
				_t1 = HeapFree(_t11, ??); // executed
				if (_t1 != 0) goto 0x8ec7a2ee;
				_t3 = E00007FF77FF78EC75D34(GetLastError(), __rax, _t14, __rcx);
				_t4 = E00007FF77FF78EC75E08(__rax);
				 *__rax = _t3;
				return _t4;
			}








                                                                                                                                                              0x7ff78ec7a2bb
                                                                                                                                                              0x7ff78ec7a2c7
                                                                                                                                                              0x7ff78ec7a2ce
                                                                                                                                                              0x7ff78ec7a2d6
                                                                                                                                                              0x7ff78ec7a2e0
                                                                                                                                                              0x7ff78ec7a2e7
                                                                                                                                                              0x7ff78ec7a2ec
                                                                                                                                                              0x7ff78ec7a2f3

                                                                                                                                                              APIs
                                                                                                                                                              • RtlReleasePrivilege.NTDLL(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2CE
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2D8
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastPrivilegeRelease
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1334314998-0
                                                                                                                                                              • Opcode ID: 3e03568b67aaf4224c3ffade366a14ad34e1255bca52690c7e22dee6db176c31
                                                                                                                                                              • Instruction ID: 45c221811c3e8e5213683fef8e46d5d96625a5156fc27d23b1bb57fe2879436a
                                                                                                                                                              • Opcode Fuzzy Hash: 3e03568b67aaf4224c3ffade366a14ad34e1255bca52690c7e22dee6db176c31
                                                                                                                                                              • Instruction Fuzzy Hash: 09E04650E0D20282FB587BF6DD480789251BF88740BE40430CC0D862A2EF3CA885C330
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC765D0 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF78EC765D0() {
				int _t1;
				void* _t9;
				void* _t10;

				_t1 = RemoveDirectoryW(); // executed
				if (_t1 != 0) goto 0x8ec765f0;
				E00007FF77FF78EC75D7C(GetLastError(), _t9, _t10);
				goto 0x8ec765f2;
				return 0;
			}






                                                                                                                                                              0x7ff78ec765d4
                                                                                                                                                              0x7ff78ec765dc
                                                                                                                                                              0x7ff78ec765e6
                                                                                                                                                              0x7ff78ec765ee
                                                                                                                                                              0x7ff78ec765f6

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DirectoryErrorLastRemove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 377330604-0
                                                                                                                                                              • Opcode ID: e4dd92b3064689af602b4e4e7181ba5192e1339f465707d76e98c325e7120e80
                                                                                                                                                              • Instruction ID: a613151949df7df404eb58b70b63cc4089cf10a946a73aa60fdd09ad94bb3905
                                                                                                                                                              • Opcode Fuzzy Hash: e4dd92b3064689af602b4e4e7181ba5192e1339f465707d76e98c325e7120e80
                                                                                                                                                              • Instruction Fuzzy Hash: CCD0C920E2951381E6A437F99D855B991903F58720FF00630C42A802E0EF3CA0859221
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC77424 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF78EC77424() {
				int _t1;
				void* _t9;
				void* _t10;

				_t1 = DeleteFileW(); // executed
				if (_t1 != 0) goto 0x8ec77444;
				E00007FF77FF78EC75D7C(GetLastError(), _t9, _t10);
				goto 0x8ec77446;
				return 0;
			}






                                                                                                                                                              0x7ff78ec77428
                                                                                                                                                              0x7ff78ec77430
                                                                                                                                                              0x7ff78ec7743a
                                                                                                                                                              0x7ff78ec77442
                                                                                                                                                              0x7ff78ec7744a

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DeleteErrorFileLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2018770650-0
                                                                                                                                                              • Opcode ID: bd7185f71aa38c52c58037eba970718be9f64da75a9fe0a4fa296b8582ddc786
                                                                                                                                                              • Instruction ID: ce967f8ecb42cd694c74e6ae54f3f08542b6f0d912422aff2701a73f9a2f76de
                                                                                                                                                              • Opcode Fuzzy Hash: bd7185f71aa38c52c58037eba970718be9f64da75a9fe0a4fa296b8582ddc786
                                                                                                                                                              • Instruction Fuzzy Hash: DFD0C910E1950385E65837F99E8517995903F58735FF00630CC2A812E1EF3CA0959522
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC65D50 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide_findclose
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2772937645-0
                                                                                                                                                              • Opcode ID: feb4d2765c29cc406cf1108b7f40156b248ec341c40b61e41463505a466142cc
                                                                                                                                                              • Instruction ID: 7134c51ef9ddd1c8357157656a5600a4eb755f5c9b4d7ddcf20e32b3ab9ed1f0
                                                                                                                                                              • Opcode Fuzzy Hash: feb4d2765c29cc406cf1108b7f40156b248ec341c40b61e41463505a466142cc
                                                                                                                                                              • Instruction Fuzzy Hash: F7718252E18BC581E611DB2CD5052FDA360F7A9B4CFA4E325DB9C125A2EF38E2D9C700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7B828 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF78EC7B828(signed int __edi, intOrPtr* __rax, long long __rbx, signed char** __rcx, long long __rdi, long long __rsi, void* __r12, long long _a8, long long _a16, long long _a24) {
				void* _t55;
				signed int _t56;
				signed int _t76;
				signed int _t77;
				intOrPtr* _t94;
				signed char* _t96;
				void* _t109;
				signed char** _t117;

				_t98 = __rbx;
				_t94 = __rax;
				_t76 = __edi;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t117 = __rcx;
				if (__rcx != 0) goto 0x8ec7b85a;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec7b979;
				if (( *(__rcx + 0x14) >> 0x0000000d & 0x00000001) == 0) goto 0x8ec7b979;
				if (( *(__rcx + 0x14) >> 0x0000000c & 0x00000001) != 0) goto 0x8ec7b979;
				if (( *(__rcx + 0x14) >> 0x00000001 & 0x00000001) == 0) goto 0x8ec7b889;
				asm("lock or dword [ecx+0x14], 0x10");
				goto 0x8ec7b979;
				asm("lock or dword [ecx+0x14], 0x1");
				if (( *(__rcx + 0x14) & 0x000004c0) != 0) goto 0x8ec7b89d; // executed
				E00007FF77FF78EC82B10( *(__rcx + 0x14) & 0x000004c0, __rax, __rbx, __rcx, _t109); // executed
				 *((long long*)(__rcx)) =  *((intOrPtr*)(__rcx + 8));
				_t55 = E00007FF77FF78EC79634(__rax, __rcx);
				r8d =  *((intOrPtr*)(__rcx + 0x20));
				_t56 = E00007FF77FF78EC7B2C0( *((intOrPtr*)(__rcx + 0x20)), _t55, _t76, _t98,  *((intOrPtr*)(__rcx + 8)),  *((intOrPtr*)(__rcx + 8)), __r12); // executed
				_t117[2] = _t56;
				_t19 = _t94 + 1; // 0x1
				if (_t19 - 1 <= 0) goto 0x8ec7b967;
				_t77 = _t76 | 0xffffffff;
				if ((_t117[2] & 0x00000006) != 0) goto 0x8ec7b932;
				if (E00007FF77FF78EC79634(_t94, _t117) == _t77) goto 0x8ec7b91d;
				if (E00007FF77FF78EC79634(_t94, _t117) == 0xfffffffe) goto 0x8ec7b91d;
				E00007FF77FF78EC79634(_t94, _t117);
				E00007FF77FF78EC79634(_t94, _t117);
				goto 0x8ec7b924;
				if (( *0x7FF78EC9D408 & 0x00000082) != 0x82) goto 0x8ec7b932;
				asm("lock or dword [esi+0x14], 0x20");
				if (_t117[4] != 0x200) goto 0x8ec7b956;
				if ((_t117[2] >> 0x00000006 & 0x00000001) == 0) goto 0x8ec7b956;
				if ((_t117[2] >> 0x00000008 & 0x00000001) != 0) goto 0x8ec7b956;
				_t117[4] = 0x1000;
				_t96 =  *_t117;
				_t117[2] =  &(_t117[2][_t77]);
				 *_t117 =  &(_t96[1]);
				goto 0x8ec7b97c;
				asm("sbb eax, eax");
				asm("lock or [esi+0x14], eax");
				_t117[2] = _t117[2] & 0x00000000;
				return  *_t96 & 0x000000ff | 0xffffffff;
			}











                                                                                                                                                              0x7ff78ec7b828
                                                                                                                                                              0x7ff78ec7b828
                                                                                                                                                              0x7ff78ec7b828
                                                                                                                                                              0x7ff78ec7b828
                                                                                                                                                              0x7ff78ec7b82d
                                                                                                                                                              0x7ff78ec7b832
                                                                                                                                                              0x7ff78ec7b83d
                                                                                                                                                              0x7ff78ec7b843
                                                                                                                                                              0x7ff78ec7b845
                                                                                                                                                              0x7ff78ec7b84a
                                                                                                                                                              0x7ff78ec7b850
                                                                                                                                                              0x7ff78ec7b855
                                                                                                                                                              0x7ff78ec7b862
                                                                                                                                                              0x7ff78ec7b870
                                                                                                                                                              0x7ff78ec7b87d
                                                                                                                                                              0x7ff78ec7b87f
                                                                                                                                                              0x7ff78ec7b884
                                                                                                                                                              0x7ff78ec7b889
                                                                                                                                                              0x7ff78ec7b896
                                                                                                                                                              0x7ff78ec7b898
                                                                                                                                                              0x7ff78ec7b8a7
                                                                                                                                                              0x7ff78ec7b8aa
                                                                                                                                                              0x7ff78ec7b8af
                                                                                                                                                              0x7ff78ec7b8b7
                                                                                                                                                              0x7ff78ec7b8bc
                                                                                                                                                              0x7ff78ec7b8bf
                                                                                                                                                              0x7ff78ec7b8c5
                                                                                                                                                              0x7ff78ec7b8ce
                                                                                                                                                              0x7ff78ec7b8d3
                                                                                                                                                              0x7ff78ec7b8df
                                                                                                                                                              0x7ff78ec7b8ec
                                                                                                                                                              0x7ff78ec7b8f1
                                                                                                                                                              0x7ff78ec7b907
                                                                                                                                                              0x7ff78ec7b91b
                                                                                                                                                              0x7ff78ec7b92b
                                                                                                                                                              0x7ff78ec7b92d
                                                                                                                                                              0x7ff78ec7b939
                                                                                                                                                              0x7ff78ec7b943
                                                                                                                                                              0x7ff78ec7b94d
                                                                                                                                                              0x7ff78ec7b94f
                                                                                                                                                              0x7ff78ec7b956
                                                                                                                                                              0x7ff78ec7b959
                                                                                                                                                              0x7ff78ec7b962
                                                                                                                                                              0x7ff78ec7b965
                                                                                                                                                              0x7ff78ec7b969
                                                                                                                                                              0x7ff78ec7b971
                                                                                                                                                              0x7ff78ec7b975
                                                                                                                                                              0x7ff78ec7b993

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: a4f00bea79d1eb4c1b6700124423a9acd4f797a9145562bc88c4d22da0ee68a5
                                                                                                                                                              • Instruction ID: 75653d98bd7cae596c2fdb1b0944d38d7894fbb794d4d5c9619856700c75b30d
                                                                                                                                                              • Opcode Fuzzy Hash: a4f00bea79d1eb4c1b6700124423a9acd4f797a9145562bc88c4d22da0ee68a5
                                                                                                                                                              • Instruction Fuzzy Hash: 28419332D1920587EA64AA9DE94027DBBB1FF54B94FA40231D69E877D1CF3CE802C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC662C0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 52%
                                                                                                                                                              			E00007FF77FF78EC662C0(void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, void* __r8) {
				void* _t12;
				void* _t14;
				void* _t27;
				void* _t28;
				void* _t31;
				long long _t33;
				void* _t35;
				long long _t52;
				void* _t57;
				long long _t58;
				void* _t60;
				void* _t62;
				void* _t67;
				void* _t68;
				void* _t71;
				void* _t72;

				_t52 = __rdi;
				_t33 = __rbx;
				_t31 = __rax;
				_t67 = __rcx;
				_t57 = __r8;
				_t71 = __rdx;
				r13d = 0; // executed
				0x8ec73eec(); // executed
				_t72 = __rax;
				if (__rax == 0) goto 0x8ec663d3;
				_t1 = _t68 + 2; // 0x2
				r8d = _t1;
				_t12 = E00007FF77FF78EC6EB90(__rax, __rbx, __rcx, __rdi); // executed
				if (_t12 < 0) goto 0x8ec663d3;
				 *((long long*)(_t62 + 0x50)) = _t33;
				E00007FF77FF78EC77DE4(__rax, _t33, _t67, _t52); // executed
				_t34 = _t31;
				if (_t31 - __r8 < 0) goto 0x8ec663ce;
				 *((long long*)(_t62 + 0x58)) = _t58;
				 *((long long*)(_t62 + 0x60)) = _t52;
				_t5 = _t34 - 0x2000; // -8192
				_t60 =  <  ? _t68 : _t5;
				_t35 = _t31 - _t60;
				if (_t35 - __r8 < 0) goto 0x8ec663c4;
				r8d = 0;
				_t14 = E00007FF77FF78EC6EB90(_t31, _t35, _t67, _t52); // executed
				if (_t14 < 0) goto 0x8ec663c4;
				E00007FF77FF78EC6E878(_t60, _t35, _t67); // executed
				_t27 = _t31 - _t35;
				if (_t27 != 0) goto 0x8ec663c4;
				if (_t27 == 0) goto 0x8ec663ab;
				_t6 = _t72 - 1; // -1
				_t28 = E00007FF77FF78EC6B6B0(0x2000, _t6 + _t35 - _t57 + 1, _t71, _t57);
				if (_t28 == 0) goto 0x8ec663bd;
				if (_t28 != 0) goto 0x8ec66390;
				if (_t60 != 0) goto 0x8ec66330;
				goto 0x8ec663c4;
				return E00007FF77FF78EC73ED8(0x2000, _t72, _t71, _t57);
			}



















                                                                                                                                                              0x7ff78ec662c0
                                                                                                                                                              0x7ff78ec662c0
                                                                                                                                                              0x7ff78ec662c0
                                                                                                                                                              0x7ff78ec662ce
                                                                                                                                                              0x7ff78ec662d1
                                                                                                                                                              0x7ff78ec662d9
                                                                                                                                                              0x7ff78ec662dc
                                                                                                                                                              0x7ff78ec662df
                                                                                                                                                              0x7ff78ec662e4
                                                                                                                                                              0x7ff78ec662ea
                                                                                                                                                              0x7ff78ec662f2
                                                                                                                                                              0x7ff78ec662f2
                                                                                                                                                              0x7ff78ec662f9
                                                                                                                                                              0x7ff78ec66300
                                                                                                                                                              0x7ff78ec66309
                                                                                                                                                              0x7ff78ec6630e
                                                                                                                                                              0x7ff78ec66313
                                                                                                                                                              0x7ff78ec66319
                                                                                                                                                              0x7ff78ec6631f
                                                                                                                                                              0x7ff78ec66324
                                                                                                                                                              0x7ff78ec66337
                                                                                                                                                              0x7ff78ec6633e
                                                                                                                                                              0x7ff78ec66342
                                                                                                                                                              0x7ff78ec66348
                                                                                                                                                              0x7ff78ec6634a
                                                                                                                                                              0x7ff78ec66353
                                                                                                                                                              0x7ff78ec6635a
                                                                                                                                                              0x7ff78ec6636a
                                                                                                                                                              0x7ff78ec6636f
                                                                                                                                                              0x7ff78ec66372
                                                                                                                                                              0x7ff78ec6637b
                                                                                                                                                              0x7ff78ec6637d
                                                                                                                                                              0x7ff78ec6639e
                                                                                                                                                              0x7ff78ec663a0
                                                                                                                                                              0x7ff78ec663a9
                                                                                                                                                              0x7ff78ec663b5
                                                                                                                                                              0x7ff78ec663bb
                                                                                                                                                              0x7ff78ec663eb

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                              • Opcode ID: 188ec1169d3a4325d2099948b0344a3d420aaf128338e40883ecb3dcbb6b4c36
                                                                                                                                                              • Instruction ID: c2ac2c63f04ff8aff98f24426e6f810352edf90e81a65835298cf6457d096c00
                                                                                                                                                              • Opcode Fuzzy Hash: 188ec1169d3a4325d2099948b0344a3d420aaf128338e40883ecb3dcbb6b4c36
                                                                                                                                                              • Instruction Fuzzy Hash: 7721A021F0829246FA10BB92E9043BBE651BF45BC8FE85435EE1E077A6DF7CE445C250
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7B2C0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                              			E00007FF77FF78EC7B2C0(void* __ebx, signed int __ecx, signed int __edi, signed int __rbx, void* __rdx, signed int __rdi, signed int __r12, void* _a16, void* _a24, void* _a32) {
				signed int _t44;
				void* _t45;
				void* _t48;
				signed int* _t53;
				signed int* _t55;
				signed int* _t57;
				signed int* _t66;
				void* _t69;
				signed long long _t74;
				signed long long _t80;

				_t44 = __edi;
				_t53 = _t66;
				_t53[4] = __rbx;
				_t53[6] = __rdi;
				_t53[8] = __r12;
				_t53[2] = __ecx;
				r14d = r8d;
				if (__edi != 0xfffffffe) goto 0x8ec7b302;
				E00007FF77FF78EC75DE8(_t53);
				 *_t53 =  *_t53 & 0x00000000;
				E00007FF77FF78EC75E08(_t53);
				 *_t53 = 9;
				goto 0x8ec7b3bc;
				if (__ecx < 0) goto 0x8ec7b3a4;
				_t48 = _t44 -  *0x8ecace50; // 0x40
				if (_t48 >= 0) goto 0x8ec7b3a4;
				_t80 = __ecx >> 6;
				_t74 = __ecx + __ecx * 8;
				_t55 =  *((intOrPtr*)(0x8ecaca50 + _t80 * 8));
				if (( *(_t55 + 0x38 + _t74 * 8) & 0x00000001) == 0) goto 0x8ec7b3a4;
				if (r14d - 0x7fffffff <= 0) goto 0x8ec7b358;
				E00007FF77FF78EC75DE8(_t55);
				 *_t55 =  *_t55 & 0x00000000;
				E00007FF77FF78EC75E08(_t55);
				 *_t55 = 0x16;
				goto 0x8ec7b3b7;
				E00007FF77FF78EC76AD0();
				_t57 =  *((intOrPtr*)(0x8ecaca50 + _t80 * 8));
				if (( *(0x8ecaca50 + 0x38 + _t74 * 8) & 0x00000001) != 0) goto 0x8ec7b38a;
				E00007FF77FF78EC75E08(_t57);
				 *0x8ecaca50 = 9;
				E00007FF77FF78EC75DE8(_t57);
				 *0x8ecaca50 =  *0x8ecaca50 & 0x00000000;
				goto 0x8ec7b399;
				r8d = r14d;
				E00007FF77FF78EC7B3DC(__edi, _t45, _t57, 0x8ecaca50, __rdx, _t69); // executed
				E00007FF77FF78EC76BB8();
				goto 0x8ec7b3bf;
				E00007FF77FF78EC75DE8(_t57);
				 *0x8ecaca50 =  *0x8ecaca50 & 0x00000000;
				E00007FF77FF78EC75E08(_t57);
				 *_t57 = 9;
				return E00007FF77FF78EC7A250() | 0xffffffff;
			}













                                                                                                                                                              0x7ff78ec7b2c0
                                                                                                                                                              0x7ff78ec7b2c0
                                                                                                                                                              0x7ff78ec7b2c3
                                                                                                                                                              0x7ff78ec7b2c7
                                                                                                                                                              0x7ff78ec7b2cb
                                                                                                                                                              0x7ff78ec7b2cf
                                                                                                                                                              0x7ff78ec7b2dc
                                                                                                                                                              0x7ff78ec7b2e8
                                                                                                                                                              0x7ff78ec7b2ea
                                                                                                                                                              0x7ff78ec7b2ef
                                                                                                                                                              0x7ff78ec7b2f2
                                                                                                                                                              0x7ff78ec7b2f7
                                                                                                                                                              0x7ff78ec7b2fd
                                                                                                                                                              0x7ff78ec7b304
                                                                                                                                                              0x7ff78ec7b30a
                                                                                                                                                              0x7ff78ec7b310
                                                                                                                                                              0x7ff78ec7b31c
                                                                                                                                                              0x7ff78ec7b32a
                                                                                                                                                              0x7ff78ec7b32e
                                                                                                                                                              0x7ff78ec7b338
                                                                                                                                                              0x7ff78ec7b341
                                                                                                                                                              0x7ff78ec7b343
                                                                                                                                                              0x7ff78ec7b348
                                                                                                                                                              0x7ff78ec7b34b
                                                                                                                                                              0x7ff78ec7b350
                                                                                                                                                              0x7ff78ec7b356
                                                                                                                                                              0x7ff78ec7b35a
                                                                                                                                                              0x7ff78ec7b369
                                                                                                                                                              0x7ff78ec7b373
                                                                                                                                                              0x7ff78ec7b375
                                                                                                                                                              0x7ff78ec7b37a
                                                                                                                                                              0x7ff78ec7b380
                                                                                                                                                              0x7ff78ec7b385
                                                                                                                                                              0x7ff78ec7b388
                                                                                                                                                              0x7ff78ec7b38a
                                                                                                                                                              0x7ff78ec7b392
                                                                                                                                                              0x7ff78ec7b39b
                                                                                                                                                              0x7ff78ec7b3a2
                                                                                                                                                              0x7ff78ec7b3a4
                                                                                                                                                              0x7ff78ec7b3a9
                                                                                                                                                              0x7ff78ec7b3ac
                                                                                                                                                              0x7ff78ec7b3b1
                                                                                                                                                              0x7ff78ec7b3d8

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: b59e1c72e791777bb94a1bb83b09c738e79e1c4d1884165a8cec492615d4a699
                                                                                                                                                              • Instruction ID: 620b2ce8975b472b8825d2f3840de8ae89722ea7b165380196bbb4bdb7e2bd3f
                                                                                                                                                              • Opcode Fuzzy Hash: b59e1c72e791777bb94a1bb83b09c738e79e1c4d1884165a8cec492615d4a699
                                                                                                                                                              • Instruction Fuzzy Hash: 01311622E1864286F611BB99CD4137DAA52BF94BA5FF10235E91D073D2CF7CA481C731
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC78C5D Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00007FF77FF78EC78C5D(void* __ecx, char __edx, intOrPtr* __rax, long long __rbx, long long _a8, char _a16, char _a24, char _a32) {
				long long _v16;
				long long _v24;
				char _v32;
				long long _v40;
				char _v48;
				char _v52;
				void* _v56;
				void* _t28;
				intOrPtr* _t50;
				WCHAR* _t53;

				E00007FF77FF78EC79588();
				asm("int3");
				_a24 = r8d;
				_a16 = __edx;
				_v40 = 0xfffffffe;
				_a8 = __rbx;
				if (r8d != 0) goto 0x8ec78cd3;
				GetModuleHandleW(_t53);
				if (__rax == 0) goto 0x8ec78cd3;
				if ( *__rax != 0x5a4d) goto 0x8ec78cd3;
				_t50 =  *((intOrPtr*)(__rax + 0x3c)) + __rax;
				if ( *_t50 != 0x4550) goto 0x8ec78cd3;
				if ( *((intOrPtr*)(_t50 + 0x18)) != 0x20b) goto 0x8ec78cd3;
				if ( *((intOrPtr*)(_t50 + 0x84)) - 0xe <= 0) goto 0x8ec78cd3;
				if ( *((intOrPtr*)(_t50 + 0xf8)) == 0) goto 0x8ec78cd3;
				E00007FF77FF78EC78D90(0x20b, __ecx, __rax);
				_a32 = 0;
				_v32 =  &_a16;
				_v24 =  &_a24;
				_v16 =  &_a32;
				_v52 = 2;
				_v48 = 2;
				_t28 = E00007FF77FF78EC78B60(__rbx,  &_v48,  &_v32,  &_v52); // executed
				if (_a24 == 0) goto 0x8ec78d21;
				return _t28;
			}













                                                                                                                                                              0x7ff78ec78c5d
                                                                                                                                                              0x7ff78ec78c63
                                                                                                                                                              0x7ff78ec78c64
                                                                                                                                                              0x7ff78ec78c69
                                                                                                                                                              0x7ff78ec78c75
                                                                                                                                                              0x7ff78ec78c7d
                                                                                                                                                              0x7ff78ec78c87
                                                                                                                                                              0x7ff78ec78c8b
                                                                                                                                                              0x7ff78ec78c94
                                                                                                                                                              0x7ff78ec78c9e
                                                                                                                                                              0x7ff78ec78ca4
                                                                                                                                                              0x7ff78ec78cad
                                                                                                                                                              0x7ff78ec78cb8
                                                                                                                                                              0x7ff78ec78cc1
                                                                                                                                                              0x7ff78ec78cca
                                                                                                                                                              0x7ff78ec78cce
                                                                                                                                                              0x7ff78ec78cd3
                                                                                                                                                              0x7ff78ec78cdb
                                                                                                                                                              0x7ff78ec78ce3
                                                                                                                                                              0x7ff78ec78ceb
                                                                                                                                                              0x7ff78ec78cf4
                                                                                                                                                              0x7ff78ec78cf7
                                                                                                                                                              0x7ff78ec78d0a
                                                                                                                                                              0x7ff78ec78d14
                                                                                                                                                              0x7ff78ec78d20

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3947729631-0
                                                                                                                                                              • Opcode ID: 0bebaf44e8f762645a494b291c5ca6244a17afd98d0e17bd06afa907fe576d93
                                                                                                                                                              • Instruction ID: 8afe7a434fb043a29e9a1243577c8eac9c26eea47c9ca5f39410581d9de11199
                                                                                                                                                              • Opcode Fuzzy Hash: 0bebaf44e8f762645a494b291c5ca6244a17afd98d0e17bd06afa907fe576d93
                                                                                                                                                              • Instruction Fuzzy Hash: C821B032E05B2689EB64AFB9C8412FE77A0FB44718FA44635D71C06AC5EF78D485C7A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC752D8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E00007FF77FF78EC752D8(intOrPtr __ebp, long long __rbx, short* __rcx, long long __rdx, long long __rbp, void* __r8, long long __r9, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v48;
				long long _v56;
				void* __rsi;
				intOrPtr _t57;
				signed long long _t81;
				intOrPtr _t83;
				intOrPtr _t86;
				long long _t89;
				signed long long _t97;
				void* _t98;
				signed long long _t99;
				short* _t105;
				long long _t106;
				void* _t109;
				signed long long _t111;
				intOrPtr* _t117;
				long long _t125;

				r8d = 0x40;
				goto 0x8ec7520c;
				asm("int3");
				_t81 = _t111;
				 *((long long*)(_t81 + 0x10)) = __rdx;
				_push(_t98);
				 *((long long*)(_t81 - 0x28)) = 0xfffffffe;
				 *((long long*)(_t81 + 0x18)) = __rbx;
				 *((long long*)(_t81 + 0x20)) = __rbp;
				_t89 = __r9;
				_t109 = __r8;
				_t105 = __rcx;
				r14d = 0;
				_t57 = r14d;
				if (__rcx == 0) goto 0x8ec75327;
				if (__r8 != 0) goto 0x8ec75323;
				goto 0x8ec754cd;
				 *((intOrPtr*)(__rcx)) = r14w;
				if (__rdx != 0) goto 0x8ec75359;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				_v48 = __r9;
				_v56 = _t125;
				r9d = 0;
				r8d = 0;
				E00007FF77FF78EC7A180(_t81, __r9, __rcx, __rdx, __rcx, __r8, __r8);
				goto 0x8ec754cd;
				if ( *((intOrPtr*)(__r9 + 0x28)) != r14b) goto 0x8ec7536c;
				E00007FF77FF78EC735D0(_t81 | 0xffffffff, __r9, __r9, _t105, _t125);
				_t83 =  *((intOrPtr*)(__r9 + 0x18));
				if ( *((intOrPtr*)(_t83 + 0xc)) != 0xfde9) goto 0x8ec7539f;
				_a8 = _t125;
				_v56 = __r9;
				_t97 =  &_a16;
				E00007FF77FF78EC7F938(_t83, __r9, _t105, _t97, _t109,  &_a8);
				goto 0x8ec754cd;
				if (_t105 == 0) goto 0x8ec7547e;
				if ( *((intOrPtr*)(_t83 + 0x138)) != _t125) goto 0x8ec753d7;
				if (_t109 == 0) goto 0x8ec753cf;
				 *_t105 =  *(_t98 + _t97) & 0x000000ff;
				if ( *(_t98 + _t97) == r14b) goto 0x8ec753cf;
				_t99 = _t98 + 1;
				_t106 = _t105 + 2;
				if (_t99 - _t109 < 0) goto 0x8ec753b6;
				goto 0x8ec754cd;
				_v48 = __ebp;
				_v56 = _t106;
				r9d = _t57;
				E00007FF77FF78EC7EC04();
				if (_t99 != 0) goto 0x8ec754ca;
				if (GetLastError() == 0x7a) goto 0x8ec75419;
				 *((char*)(_t89 + 0x30)) = 1;
				 *((intOrPtr*)(_t89 + 0x2c)) = 0x2a;
				 *_t106 = r14w;
				goto 0x8ec753cf;
				r9d = __ebp;
				_t117 = _a16;
				if (__ebp == 0) goto 0x8ec75452;
				r9d = r9d - 1;
				if ( *_t117 == r14b) goto 0x8ec75452;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t89 + 0x18)))) + _t97 * 2)) - r14w >= 0) goto 0x8ec7544a;
				if ( *((intOrPtr*)(_t117 + 1)) == r14b) goto 0x8ec75408;
				goto 0x8ec75426;
				r8d = r8d - r10d;
				_t86 =  *((intOrPtr*)(_t89 + 0x18));
				_v48 = __ebp;
				_v56 = _t106;
				r9d = r8d;
				E00007FF77FF78EC7EC04();
				if (_t86 != 0) goto 0x8ec754cd;
				goto 0x8ec75408;
				if ( *((intOrPtr*)(_t86 + 0x138)) != _t125) goto 0x8ec75499;
				if ( *((intOrPtr*)(_t97 + (_t99 | 0xffffffffffffffff) + 1)) != r14b) goto 0x8ec7548b;
				goto 0x8ec753cf;
				_v48 = r14d;
				_v56 = _t125;
				r9d = _t57;
				E00007FF77FF78EC7EC04();
				if (_t86 != 0) goto 0x8ec754ca;
				 *((char*)(_t89 + 0x30)) = 1;
				 *((intOrPtr*)(_t89 + 0x2c)) = 0x2a;
				goto 0x8ec753cf;
				return _t86;
			}




















                                                                                                                                                              0x7ff78ec752d8
                                                                                                                                                              0x7ff78ec752de
                                                                                                                                                              0x7ff78ec752e3
                                                                                                                                                              0x7ff78ec752e4
                                                                                                                                                              0x7ff78ec752e7
                                                                                                                                                              0x7ff78ec752ec
                                                                                                                                                              0x7ff78ec752f3
                                                                                                                                                              0x7ff78ec752fb
                                                                                                                                                              0x7ff78ec752ff
                                                                                                                                                              0x7ff78ec75303
                                                                                                                                                              0x7ff78ec75306
                                                                                                                                                              0x7ff78ec75309
                                                                                                                                                              0x7ff78ec7530c
                                                                                                                                                              0x7ff78ec7530f
                                                                                                                                                              0x7ff78ec75315
                                                                                                                                                              0x7ff78ec7531a
                                                                                                                                                              0x7ff78ec7531e
                                                                                                                                                              0x7ff78ec75323
                                                                                                                                                              0x7ff78ec7532a
                                                                                                                                                              0x7ff78ec7532c
                                                                                                                                                              0x7ff78ec75331
                                                                                                                                                              0x7ff78ec75339
                                                                                                                                                              0x7ff78ec7533e
                                                                                                                                                              0x7ff78ec75343
                                                                                                                                                              0x7ff78ec75346
                                                                                                                                                              0x7ff78ec7534b
                                                                                                                                                              0x7ff78ec75354
                                                                                                                                                              0x7ff78ec7535d
                                                                                                                                                              0x7ff78ec75362
                                                                                                                                                              0x7ff78ec7536c
                                                                                                                                                              0x7ff78ec75379
                                                                                                                                                              0x7ff78ec7537b
                                                                                                                                                              0x7ff78ec75380
                                                                                                                                                              0x7ff78ec7538d
                                                                                                                                                              0x7ff78ec75395
                                                                                                                                                              0x7ff78ec7539a
                                                                                                                                                              0x7ff78ec753a2
                                                                                                                                                              0x7ff78ec753af
                                                                                                                                                              0x7ff78ec753b4
                                                                                                                                                              0x7ff78ec753ba
                                                                                                                                                              0x7ff78ec753c1
                                                                                                                                                              0x7ff78ec753c3
                                                                                                                                                              0x7ff78ec753c6
                                                                                                                                                              0x7ff78ec753cd
                                                                                                                                                              0x7ff78ec753d2
                                                                                                                                                              0x7ff78ec753d7
                                                                                                                                                              0x7ff78ec753db
                                                                                                                                                              0x7ff78ec753e4
                                                                                                                                                              0x7ff78ec753ed
                                                                                                                                                              0x7ff78ec753f7
                                                                                                                                                              0x7ff78ec75406
                                                                                                                                                              0x7ff78ec75408
                                                                                                                                                              0x7ff78ec7540c
                                                                                                                                                              0x7ff78ec75413
                                                                                                                                                              0x7ff78ec75417
                                                                                                                                                              0x7ff78ec75419
                                                                                                                                                              0x7ff78ec75421
                                                                                                                                                              0x7ff78ec75426
                                                                                                                                                              0x7ff78ec75428
                                                                                                                                                              0x7ff78ec7542e
                                                                                                                                                              0x7ff78ec75440
                                                                                                                                                              0x7ff78ec75448
                                                                                                                                                              0x7ff78ec75450
                                                                                                                                                              0x7ff78ec75452
                                                                                                                                                              0x7ff78ec75455
                                                                                                                                                              0x7ff78ec75459
                                                                                                                                                              0x7ff78ec7545d
                                                                                                                                                              0x7ff78ec75462
                                                                                                                                                              0x7ff78ec75470
                                                                                                                                                              0x7ff78ec7547a
                                                                                                                                                              0x7ff78ec7547c
                                                                                                                                                              0x7ff78ec75489
                                                                                                                                                              0x7ff78ec75492
                                                                                                                                                              0x7ff78ec75494
                                                                                                                                                              0x7ff78ec75499
                                                                                                                                                              0x7ff78ec7549e
                                                                                                                                                              0x7ff78ec754a3
                                                                                                                                                              0x7ff78ec754ae
                                                                                                                                                              0x7ff78ec754b8
                                                                                                                                                              0x7ff78ec754ba
                                                                                                                                                              0x7ff78ec754be
                                                                                                                                                              0x7ff78ec754c5
                                                                                                                                                              0x7ff78ec754df

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: e90f8ce5764a470f7ee9635705d620940d88810dc673939d3ef575fbcdedae18
                                                                                                                                                              • Instruction ID: 264bffaa3ac7070ae6641fcf4b4b2d150190ebb5a694112a2902172745d23fd3
                                                                                                                                                              • Opcode Fuzzy Hash: e90f8ce5764a470f7ee9635705d620940d88810dc673939d3ef575fbcdedae18
                                                                                                                                                              • Instruction Fuzzy Hash: 37115E62E1C64181EA60BFD9DC0027DE6A4BF8AB80FE44431EA8C57A86DF3DD840C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC856FC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC856FC(intOrPtr* __rax, long long __rbx, long long _a8, intOrPtr _a40) {

				_a8 = __rbx;
				if (_a40 != 0) goto 0x8ec85731;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				return 0x16;
			}



                                                                                                                                                              0x7ff78ec856fc
                                                                                                                                                              0x7ff78ec85711
                                                                                                                                                              0x7ff78ec85713
                                                                                                                                                              0x7ff78ec8571d
                                                                                                                                                              0x7ff78ec8571f
                                                                                                                                                              0x7ff78ec85730

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: c650bf575fa2f7bb189ae025094c64fb66ae43678ec3bfe28347eb49f4fdf436
                                                                                                                                                              • Instruction ID: 52bde30d70b15e3aaf8a8616ff7535cb95629c8af18bd3c11a9ad7ca5761bf98
                                                                                                                                                              • Opcode Fuzzy Hash: c650bf575fa2f7bb189ae025094c64fb66ae43678ec3bfe28347eb49f4fdf436
                                                                                                                                                              • Instruction Fuzzy Hash: FC21A432E28A4187D761AF58D540379B7A0FB84B94FB48234EA9D476D9DF7DD400CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6E898 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC6E898(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, long long __r14, void* _a8, void* _a16, void* _a24, void* _a32, intOrPtr _a40) {
				intOrPtr* _t19;
				intOrPtr* _t31;

				_t19 = _t31;
				 *((long long*)(_t19 + 8)) = __rbx;
				 *((long long*)(_t19 + 0x10)) = __rsi;
				 *((long long*)(_t19 + 0x18)) = __rdi;
				 *((long long*)(_t19 + 0x20)) = __r14;
				if (__r8 == 0) goto 0x8ec6e8f1;
				if (__r9 == 0) goto 0x8ec6e8f1;
				if (_a40 != 0) goto 0x8ec6e90e;
				if (__rdx == 0xffffffff) goto 0x8ec6e8e1;
				E00007FF77FF78EC6B7B0();
				E00007FF77FF78EC75E08(_t19);
				 *_t19 = 0x16;
				E00007FF77FF78EC7A250();
				return 0;
			}





                                                                                                                                                              0x7ff78ec6e898
                                                                                                                                                              0x7ff78ec6e89b
                                                                                                                                                              0x7ff78ec6e89f
                                                                                                                                                              0x7ff78ec6e8a3
                                                                                                                                                              0x7ff78ec6e8a7
                                                                                                                                                              0x7ff78ec6e8c0
                                                                                                                                                              0x7ff78ec6e8c5
                                                                                                                                                              0x7ff78ec6e8cf
                                                                                                                                                              0x7ff78ec6e8d5
                                                                                                                                                              0x7ff78ec6e8dc
                                                                                                                                                              0x7ff78ec6e8e1
                                                                                                                                                              0x7ff78ec6e8e6
                                                                                                                                                              0x7ff78ec6e8ec
                                                                                                                                                              0x7ff78ec6e90d

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 7ebeecbcdb1d8057a2822b1a152219fbc768fe8e98c4c3a3d681a8446870843b
                                                                                                                                                              • Instruction ID: 040c8e4d0df4753fb26f9fa9a43831ad62c9745a7c6e4fb38730d4f9508f2a96
                                                                                                                                                              • Opcode Fuzzy Hash: 7ebeecbcdb1d8057a2822b1a152219fbc768fe8e98c4c3a3d681a8446870843b
                                                                                                                                                              • Instruction Fuzzy Hash: B101A121E0875145EA04BFDAD90006AE691BF99FE0FA88636EE5C17BE6DF3CE501C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7625C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                              			E00007FF77FF78EC7625C(void* __eax, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				void* __rdi;
				void* _t9;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t23;
				intOrPtr* _t26;
				long long _t27;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t42;
				void* _t43;

				_t27 = __rbx;
				_t26 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_t36 = __rdx;
				_t18 =  *0x8ecac9d0 - _t27; // 0x0
				_t34 = __rcx;
				if (_t18 != 0) goto 0x8ec7628a;
				_t19 =  *0x8ecac9d8 - _t27; // 0x2176c638aa0
				if (_t19 != 0) goto 0x8ec7628a;
				goto 0x8ec762e0;
				if (__rcx != 0) goto 0x8ec762a1;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec76285;
				_t9 = E00007FF77FF78EC762F0(__rbx, __rcx, __rdx, __rcx, __rdx, _t42, _t43);
				if (_t26 == 0) goto 0x8ec762d4;
				0x8ec80664(); // executed
				if (_t9 != 0) goto 0x8ec762d4;
				_t23 =  *0x8ecac9d0 - _t27; // 0x0
				if (_t23 == 0) goto 0x8ec762d7;
				if (E00007FF77FF78EC76444(_t17, _t27, _t34, _t36, _t34, _t36, _t38) != 0) goto 0x8ec762d7;
				E00007FF77FF78EC7A2B8(_t26, _t34);
				return 0xffffffff;
			}
















                                                                                                                                                              0x7ff78ec7625c
                                                                                                                                                              0x7ff78ec7625c
                                                                                                                                                              0x7ff78ec7625c
                                                                                                                                                              0x7ff78ec76261
                                                                                                                                                              0x7ff78ec7626d
                                                                                                                                                              0x7ff78ec76270
                                                                                                                                                              0x7ff78ec76277
                                                                                                                                                              0x7ff78ec7627a
                                                                                                                                                              0x7ff78ec7627c
                                                                                                                                                              0x7ff78ec76283
                                                                                                                                                              0x7ff78ec76288
                                                                                                                                                              0x7ff78ec7628d
                                                                                                                                                              0x7ff78ec7628f
                                                                                                                                                              0x7ff78ec76294
                                                                                                                                                              0x7ff78ec7629a
                                                                                                                                                              0x7ff78ec7629f
                                                                                                                                                              0x7ff78ec762a1
                                                                                                                                                              0x7ff78ec762a9
                                                                                                                                                              0x7ff78ec762b3
                                                                                                                                                              0x7ff78ec762ba
                                                                                                                                                              0x7ff78ec762bc
                                                                                                                                                              0x7ff78ec762c3
                                                                                                                                                              0x7ff78ec762d2
                                                                                                                                                              0x7ff78ec762d9
                                                                                                                                                              0x7ff78ec762ef

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: a7c351470d4ea0eca9c17b03632287dd5109028738290b81677b6573d5c06ba4
                                                                                                                                                              • Instruction ID: eff100eb7ddd7484a8162af50c6df19a680ad8d7de92a2277a16b02c44548549
                                                                                                                                                              • Opcode Fuzzy Hash: a7c351470d4ea0eca9c17b03632287dd5109028738290b81677b6573d5c06ba4
                                                                                                                                                              • Instruction Fuzzy Hash: 4B015720E0D65241FBE0BBEAED021799290BF457A4FF446B5EA2C526C6DF3CA441C221
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7E248 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF78EC7E248(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x8ec7e267;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x8ec7e2aa;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x8ec7e28e;
				if (E00007FF77FF78EC78F9C() == 0) goto 0x8ec7e2aa;
				if (E00007FF77FF78EC82A40(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x8ec7e2aa;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x8ec7e279;
				goto 0x8ec7e2b7;
				E00007FF77FF78EC75E08(_t22);
				 *_t22 = 0xc;
				return 0;
			}





                                                                                                                                                              0x7ff78ec7e248
                                                                                                                                                              0x7ff78ec7e257
                                                                                                                                                              0x7ff78ec7e25b
                                                                                                                                                              0x7ff78ec7e25b
                                                                                                                                                              0x7ff78ec7e265
                                                                                                                                                              0x7ff78ec7e273
                                                                                                                                                              0x7ff78ec7e277
                                                                                                                                                              0x7ff78ec7e280
                                                                                                                                                              0x7ff78ec7e28c
                                                                                                                                                              0x7ff78ec7e29d
                                                                                                                                                              0x7ff78ec7e2a6
                                                                                                                                                              0x7ff78ec7e2a8
                                                                                                                                                              0x7ff78ec7e2aa
                                                                                                                                                              0x7ff78ec7e2af
                                                                                                                                                              0x7ff78ec7e2bc

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF78EC7AD46,?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA), ref: 00007FF78EC7E29D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 0e1c66f5bdb0b3596c655908444cb66e6adca1508c0fe937eac4c5b3f6554faa
                                                                                                                                                              • Instruction ID: 331983316b894fa05db3ed7cb37fe83408365d3a053a841291b64b2db23f7411
                                                                                                                                                              • Opcode Fuzzy Hash: 0e1c66f5bdb0b3596c655908444cb66e6adca1508c0fe937eac4c5b3f6554faa
                                                                                                                                                              • Instruction Fuzzy Hash: D9F01452F0921249FE987AEAD9552B593817F89B80FE84538CD0E86292EF3CE480C230
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7CFA0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF78EC7CFA0(intOrPtr* __rax, void* __rcx) {

				if (__rcx - 0xffffffe0 > 0) goto 0x8ec7cfeb;
				_t16 =  ==  ? __rax : __rcx;
				goto 0x8ec7cfd2;
				if (E00007FF77FF78EC78F9C() == 0) goto 0x8ec7cfeb;
				if (E00007FF77FF78EC82A40(__rax,  ==  ? __rax : __rcx) == 0) goto 0x8ec7cfeb;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0x8ec7cfbd;
				goto 0x8ec7cff8;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0xc;
				return 0;
			}



                                                                                                                                                              0x7ff78ec7cfad
                                                                                                                                                              0x7ff78ec7cfb7
                                                                                                                                                              0x7ff78ec7cfbb
                                                                                                                                                              0x7ff78ec7cfc4
                                                                                                                                                              0x7ff78ec7cfd0
                                                                                                                                                              0x7ff78ec7cfde
                                                                                                                                                              0x7ff78ec7cfe7
                                                                                                                                                              0x7ff78ec7cfe9
                                                                                                                                                              0x7ff78ec7cfeb
                                                                                                                                                              0x7ff78ec7cff0
                                                                                                                                                              0x7ff78ec7cffd

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF78EC77378,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FF78EC7CFDE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 421352df23b8ccfc7cd24c307d24daf565dba5e50752b2c898e853f67429b997
                                                                                                                                                              • Instruction ID: d16db2e65b7b34e5dd18c51ba3450631079a0956ea18ace560a707a11713b333
                                                                                                                                                              • Opcode Fuzzy Hash: 421352df23b8ccfc7cd24c307d24daf565dba5e50752b2c898e853f67429b997
                                                                                                                                                              • Instruction Fuzzy Hash: ADF0F861E0920355FA687AEADD41BB992847F887A0FE80730DD2E862C1DF3CE491C634
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC740D0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                              			E00007FF77FF78EC740D0() {
				void* __rbx;
				void* _t6;
				void* _t10;
				intOrPtr* _t11;
				long long _t12;
				void* _t14;
				signed long long _t15;
				signed long long _t19;
				void* _t20;
				void* _t21;
				void* _t22;

				E00007FF77FF78EC75B4C(_t12, _t14, _t20, _t21, _t22);
				E00007FF77FF78EC7E864(_t12, _t20);
				_t15 =  *0x8ecac778; // 0x0
				E00007FF77FF78EC7A6F8(_t10,  *((intOrPtr*)(_t12 + _t15)));
				_t11 =  *0x8ecac778; // 0x0
				DeleteCriticalSection(??);
				if (_t12 + 8 != 0x18) goto 0x8ec740e2;
				_t19 =  *0x8ecac778; // 0x0, executed
				_t6 = E00007FF77FF78EC7A2B8(_t11, _t19); // executed
				 *0x8ecac778 =  *0x8ecac778 & 0x00000000;
				return _t6;
			}














                                                                                                                                                              0x7ff78ec740d6
                                                                                                                                                              0x7ff78ec740db
                                                                                                                                                              0x7ff78ec740e2
                                                                                                                                                              0x7ff78ec740ed
                                                                                                                                                              0x7ff78ec740f2
                                                                                                                                                              0x7ff78ec74101
                                                                                                                                                              0x7ff78ec7410f
                                                                                                                                                              0x7ff78ec74111
                                                                                                                                                              0x7ff78ec74118
                                                                                                                                                              0x7ff78ec7411d
                                                                                                                                                              0x7ff78ec7412a

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalDeleteSection
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 166494926-0
                                                                                                                                                              • Opcode ID: e1c96a70a2839e20f2cb8991fe92810636a4fafd16601bc20944a39d4b22cc6b
                                                                                                                                                              • Instruction ID: 5fcad2df1ab3554b0dfa19256f0a3da3c1c7b87a5f173305d972dcba0b7c42d0
                                                                                                                                                              • Opcode Fuzzy Hash: e1c96a70a2839e20f2cb8991fe92810636a4fafd16601bc20944a39d4b22cc6b
                                                                                                                                                              • Instruction Fuzzy Hash: AEF039A5E0890685FB00BBFADC817789390FF89B45FE00536C91E92262CF3CE4A0C231
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC76598 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E00007FF77FF78EC76598(void* __ecx, intOrPtr* __rax, void* __rcx, void* __rdx) {
				void* __rbx;
				void* _t3;
				void* _t13;

				if (__rdx != 0) goto 0x8ec765b8;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec765c8; // executed
				_t3 = E00007FF77FF78EC7621C(_t13, __rcx, __rdx); // executed
				if (_t3 == 0) goto 0x8ec765c8;
				E00007FF77FF78EC75E08(__rax);
				return  *__rax;
			}






                                                                                                                                                              0x7ff78ec765a3
                                                                                                                                                              0x7ff78ec765a5
                                                                                                                                                              0x7ff78ec765af
                                                                                                                                                              0x7ff78ec765b1
                                                                                                                                                              0x7ff78ec765b6
                                                                                                                                                              0x7ff78ec765b8
                                                                                                                                                              0x7ff78ec765bf
                                                                                                                                                              0x7ff78ec765c1
                                                                                                                                                              0x7ff78ec765cf

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 0deb42d2f979eab4873e50de96c4b6618150dbdae13e8f2939796a1b0d3d173e
                                                                                                                                                              • Instruction ID: 5b84114d46adb1ea70c303b0f26dae448ba4786cd5980e214313b2b5c219a0c0
                                                                                                                                                              • Opcode Fuzzy Hash: 0deb42d2f979eab4873e50de96c4b6618150dbdae13e8f2939796a1b0d3d173e
                                                                                                                                                              • Instruction Fuzzy Hash: DBE0ECB1E2C60786F7943AECCD821B89550BF99380FF05035D91C06287DF3D6848E631
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC663F0 Relevance: 1.3, APIs: 1, Instructions: 92COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DirectoryErrorLastRemove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 377330604-0
                                                                                                                                                              • Opcode ID: eaa162c17eb9bd289cc5b0245b0775d52439cfd2c88a51040736a1bcb85d58ce
                                                                                                                                                              • Instruction ID: e6ab88bc650476b7cb45235f7423b5a85935d9172c853d4083e7166c438ff2c1
                                                                                                                                                              • Opcode Fuzzy Hash: eaa162c17eb9bd289cc5b0245b0775d52439cfd2c88a51040736a1bcb85d58ce
                                                                                                                                                              • Instruction Fuzzy Hash: 3A419516D1C68581E651AB64D5022BDA360FBA5748FA0A336DF9E121A7EF38E6C8C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 00007FF78EC64710 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FF77FF78EC64710(long long __rax, void* __rcx) {
				void* __rbx;
				void* _t6;
				long long _t11;
				void* _t12;
				void* _t22;
				void* _t23;

				_t11 = __rax;
				_t12 = __rcx;
				E00007FF77FF78EC66270(__rax, __rcx, __rcx + 0x10);
				 *((long long*)(_t12 + 0x4048)) = _t11;
				_t6 = E00007FF77FF78EC66270(_t11, _t12, _t12 + 0x1010);
				 *((long long*)(_t12 + 0x4050)) = _t11;
				if ( *((intOrPtr*)(_t12 + 0x4048)) == 0) goto 0x8ec6475a;
				if (_t11 == 0) goto 0x8ec6475a;
				goto 0x8ec65090;
				E00007FF77FF78EC61C50(_t6, _t11, "LOADER: Failed to load tcl/tk libraries\n", _t11, _t22, _t23);
				return 0xffffffff;
			}









                                                                                                                                                              0x7ff78ec64710
                                                                                                                                                              0x7ff78ec64716
                                                                                                                                                              0x7ff78ec6471d
                                                                                                                                                              0x7ff78ec64729
                                                                                                                                                              0x7ff78ec64730
                                                                                                                                                              0x7ff78ec6473c
                                                                                                                                                              0x7ff78ec64746
                                                                                                                                                              0x7ff78ec6474b
                                                                                                                                                              0x7ff78ec64755
                                                                                                                                                              0x7ff78ec64761
                                                                                                                                                              0x7ff78ec64770

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                              • API String ID: 2238633743-1453502826
                                                                                                                                                              • Opcode ID: 981787bd2c62c6071da115d1111ff149fd0a13d4906ba2427ae116529c5332c6
                                                                                                                                                              • Instruction ID: f929e91842bc1ee89ba81835d57226143d70d80135a2e38d87825ba6f7948a64
                                                                                                                                                              • Opcode Fuzzy Hash: 981787bd2c62c6071da115d1111ff149fd0a13d4906ba2427ae116529c5332c6
                                                                                                                                                              • Instruction Fuzzy Hash: AFE1D3A0E0DB13A0EE58EB85F950679A3A1BF05781FF46939C81E06364EF7CE548D321
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC831CC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF78EC831CC(void* __edx, void* __rbx, unsigned int __rcx, void* __rdi, void* __rsi, long long __r9, signed int __r10, void* __r12, void* __r14, void* __r15) {
				signed long long _t32;
				void* _t43;
				void* _t45;
				void* _t46;
				signed long long _t47;
				long long _t54;

				_t43 = __rdi;
				_t45 = _t46 - 0x6e0;
				_t47 = _t46 - 0x7e0;
				_t32 =  *0x8ec9d000; // 0xa1f108556e84
				 *(_t45 + 0x6d0) = _t32 ^ _t47;
				_t54 =  *((intOrPtr*)(_t45 + 0x740));
				 *(_t47 + 0x30) = __rcx;
				 *((long long*)(_t47 + 0x78)) = _t54;
				 *((long long*)(_t45 - 0x78)) = __r9;
				 *((intOrPtr*)(_t47 + 0x74)) = r8d;
				E00007FF77FF78EC87120(_t47 + 0x60);
				r15d = 1;
				if (( *(_t47 + 0x60) & 0x0000001f) != 0x1f) goto 0x8ec83238;
				 *((char*)(_t47 + 0x68)) = 0;
				goto 0x8ec83247;
				E00007FF77FF78EC8718C(( *(_t47 + 0x60) & 0x0000001f) - 0x1f, _t47 + 0x60);
				 *((intOrPtr*)(_t47 + 0x68)) = r15b;
				 *((long long*)(__r9 + 8)) = _t54;
				_t15 = _t43 + 0xd; // 0x2d
				_t22 =  <  ? _t15 : 0x20;
				r8d = 0;
				 *((intOrPtr*)(__r9)) =  <  ? _t15 : 0x20;
				E00007FF77FF78EC870BC(0, _t32 ^ _t47, _t47 + 0x70);
				r10d = 0x7ff;
				if (( *(_t47 + 0x30) >> 0x00000034 & __r10) != 0) goto 0x8ec832b2;
			}









                                                                                                                                                              0x7ff78ec831cc
                                                                                                                                                              0x7ff78ec831d7
                                                                                                                                                              0x7ff78ec831df
                                                                                                                                                              0x7ff78ec831e6
                                                                                                                                                              0x7ff78ec831f0
                                                                                                                                                              0x7ff78ec831f7
                                                                                                                                                              0x7ff78ec83201
                                                                                                                                                              0x7ff78ec8320d
                                                                                                                                                              0x7ff78ec83212
                                                                                                                                                              0x7ff78ec83216
                                                                                                                                                              0x7ff78ec8321b
                                                                                                                                                              0x7ff78ec83224
                                                                                                                                                              0x7ff78ec8322f
                                                                                                                                                              0x7ff78ec83231
                                                                                                                                                              0x7ff78ec83236
                                                                                                                                                              0x7ff78ec8323d
                                                                                                                                                              0x7ff78ec83242
                                                                                                                                                              0x7ff78ec83253
                                                                                                                                                              0x7ff78ec8325b
                                                                                                                                                              0x7ff78ec8325e
                                                                                                                                                              0x7ff78ec83261
                                                                                                                                                              0x7ff78ec83266
                                                                                                                                                              0x7ff78ec8326f
                                                                                                                                                              0x7ff78ec83277
                                                                                                                                                              0x7ff78ec8328e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                              • API String ID: 808467561-2761157908
                                                                                                                                                              • Opcode ID: 42b717f0d44ccf592da154f50b842089685f8764c1b93b53b78347bbf76736df
                                                                                                                                                              • Instruction ID: 29a81ccfd49abbf20829812d23c0d49266253a3ffcec32d91e69458cb7b22ac6
                                                                                                                                                              • Opcode Fuzzy Hash: 42b717f0d44ccf592da154f50b842089685f8764c1b93b53b78347bbf76736df
                                                                                                                                                              • Instruction Fuzzy Hash: 1FB2E972E182A28BE7659FA8D6407FDB7A1FB58344FA06135DA0957B84DF3CE900CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC665D0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 25%
                                                                                                                                                              			E00007FF77FF78EC665D0(void* __ecx, void* __rax, void* __r8, long long _a24, intOrPtr _a32, long long _a40, long long _a48, char _a56, signed int _a8248) {
				long _t15;
				void* _t19;
				signed long long _t32;
				long long _t37;
				void* _t46;
				void* _t51;
				void* _t52;
				void* _t53;

				E00007FF77FF78EC6A070(0x2050, __rax, _t52, _t53);
				_t47 = _t46 - __rax;
				_t32 =  *0x8ec9d000; // 0xa1f108556e84
				_a8248 = _t32 ^ _t46 - __rax;
				if (__ecx != 0) goto 0x8ec665fd;
				_t15 = GetLastError();
				_a40 = _t37;
				r9d = 0x400;
				_a32 = 0x1000;
				r8d = _t15;
				_a24 =  &_a56;
				if (FormatMessageW(??, ??, ??, ??, ??, ??, ??) != 0) goto 0x8ec6664c;
				E00007FF77FF78EC61CB0("FormatMessageW", "No error messages generated.\n", __r8, _t51);
				goto 0x8ec666a5;
				_a48 = _t37;
				_a40 = _t37;
				r9d = 0xffffffff;
				_a32 = 0x1000;
				_a24 = 0x8ecaaff0;
				if (WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??) != 0) goto 0x8ec666a2;
				_t19 = E00007FF77FF78EC61CB0("WideCharToMultiByte", "Failed to encode wchar_t as UTF-8.\n",  &_a56, _t51);
				goto 0x8ec666a5;
				return E00007FF77FF78EC6A040(_t19, 0xfde9, _a8248 ^ _t47);
			}











                                                                                                                                                              0x7ff78ec665d7
                                                                                                                                                              0x7ff78ec665dc
                                                                                                                                                              0x7ff78ec665df
                                                                                                                                                              0x7ff78ec665e9
                                                                                                                                                              0x7ff78ec665f5
                                                                                                                                                              0x7ff78ec665f7
                                                                                                                                                              0x7ff78ec66604
                                                                                                                                                              0x7ff78ec66609
                                                                                                                                                              0x7ff78ec6660f
                                                                                                                                                              0x7ff78ec66617
                                                                                                                                                              0x7ff78ec6661a
                                                                                                                                                              0x7ff78ec6662e
                                                                                                                                                              0x7ff78ec6663e
                                                                                                                                                              0x7ff78ec6664a
                                                                                                                                                              0x7ff78ec6664c
                                                                                                                                                              0x7ff78ec66656
                                                                                                                                                              0x7ff78ec6665b
                                                                                                                                                              0x7ff78ec66668
                                                                                                                                                              0x7ff78ec66672
                                                                                                                                                              0x7ff78ec66684
                                                                                                                                                              0x7ff78ec66694
                                                                                                                                                              0x7ff78ec666a0
                                                                                                                                                              0x7ff78ec666bd

                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(WideCharToMultiByte,00007FF78EC61CE4,?,?,00000000,00007FF78EC66864), ref: 00007FF78EC665F7
                                                                                                                                                              • FormatMessageW.KERNEL32 ref: 00007FF78EC66626
                                                                                                                                                              • WideCharToMultiByte.KERNEL32 ref: 00007FF78EC6667C
                                                                                                                                                                • Part of subcall function 00007FF78EC61CB0: GetLastError.KERNEL32(?,?,00000000,00007FF78EC66864,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC61CD7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                              • API String ID: 2383786077-2573406579
                                                                                                                                                              • Opcode ID: 620d5d36900d1fa5d35eb7c9ac16ae22a16bc84afd8ff29625592f9522aca46c
                                                                                                                                                              • Instruction ID: 2671336339aab51cf1cdf885b0658beb1fc96e3b785e78fc0b15723f0380dd3f
                                                                                                                                                              • Opcode Fuzzy Hash: 620d5d36900d1fa5d35eb7c9ac16ae22a16bc84afd8ff29625592f9522aca46c
                                                                                                                                                              • Instruction Fuzzy Hash: F1219271E0CA4291FB60BF95F95077AA261FF88384FE44139D55E826A4EF3CD145C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6A95C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                              • Opcode ID: e8cdbb987c13ff60472e0623c9c4020c60fb11b603f6bd6efae15d4dc6113c05
                                                                                                                                                              • Instruction ID: bfce6bb503155b6e320e9ed0674cbfa9385085883fbb6814a24f70b90606b3d4
                                                                                                                                                              • Opcode Fuzzy Hash: e8cdbb987c13ff60472e0623c9c4020c60fb11b603f6bd6efae15d4dc6113c05
                                                                                                                                                              • Instruction Fuzzy Hash: 7B314372A09B8185EB609FA0E8407EEB365FB84744F94443ADA4D47B95DF3CD548C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC79F80 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E00007FF77FF78EC79F80(void* __ecx, intOrPtr __edx, long long __rbx, long long __rsi) {
				void* _t36;
				int _t38;
				signed long long _t60;
				long long _t63;
				_Unknown_base(*)()* _t82;
				void* _t86;
				void* _t87;
				void* _t89;
				signed long long _t90;
				struct _EXCEPTION_POINTERS* _t95;

				 *((long long*)(_t89 + 0x10)) = __rbx;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t87 = _t89 - 0x4f0;
				_t90 = _t89 - 0x5f0;
				_t60 =  *0x8ec9d000; // 0xa1f108556e84
				 *(_t87 + 0x4e0) = _t60 ^ _t90;
				if (__ecx == 0xffffffff) goto 0x8ec79fbf;
				E00007FF77FF78EC6A954(_t36);
				r8d = 0x98;
				E00007FF77FF78EC6B7B0();
				r8d = 0x4d0;
				E00007FF77FF78EC6B7B0();
				 *((long long*)(_t90 + 0x48)) = _t90 + 0x70;
				_t63 = _t87 + 0x10;
				 *((long long*)(_t90 + 0x50)) = _t63;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t63 == 0) goto 0x8ec7a052;
				 *(_t90 + 0x38) =  *(_t90 + 0x38) & 0x00000000;
				 *((long long*)(_t90 + 0x30)) = _t90 + 0x58;
				 *((long long*)(_t90 + 0x28)) = _t90 + 0x60;
				 *((long long*)(_t90 + 0x20)) = _t87 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t87 + 0x108)) =  *((intOrPtr*)(_t87 + 0x508));
				 *((intOrPtr*)(_t90 + 0x70)) = __edx;
				 *((long long*)(_t87 + 0xa8)) = _t87 + 0x510;
				 *((long long*)(_t87 - 0x80)) =  *((intOrPtr*)(_t87 + 0x508));
				 *((intOrPtr*)(_t90 + 0x74)) = r8d;
				_t38 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t82, _t86);
				if (UnhandledExceptionFilter(_t95) != 0) goto 0x8ec7a0b4;
				if (_t38 != 0) goto 0x8ec7a0b4;
				if (__ecx == 0xffffffff) goto 0x8ec7a0b4;
				return E00007FF77FF78EC6A040(E00007FF77FF78EC6A954(_t40), __ecx,  *(_t87 + 0x4e0) ^ _t90);
			}













                                                                                                                                                              0x7ff78ec79f80
                                                                                                                                                              0x7ff78ec79f85
                                                                                                                                                              0x7ff78ec79f8e
                                                                                                                                                              0x7ff78ec79f96
                                                                                                                                                              0x7ff78ec79f9d
                                                                                                                                                              0x7ff78ec79fa7
                                                                                                                                                              0x7ff78ec79fb8
                                                                                                                                                              0x7ff78ec79fba
                                                                                                                                                              0x7ff78ec79fc6
                                                                                                                                                              0x7ff78ec79fcc
                                                                                                                                                              0x7ff78ec79fd7
                                                                                                                                                              0x7ff78ec79fdd
                                                                                                                                                              0x7ff78ec79fe7
                                                                                                                                                              0x7ff78ec79ff0
                                                                                                                                                              0x7ff78ec79ff4
                                                                                                                                                              0x7ff78ec79ff9
                                                                                                                                                              0x7ff78ec7a00e
                                                                                                                                                              0x7ff78ec7a011
                                                                                                                                                              0x7ff78ec7a01a
                                                                                                                                                              0x7ff78ec7a01c
                                                                                                                                                              0x7ff78ec7a02f
                                                                                                                                                              0x7ff78ec7a03c
                                                                                                                                                              0x7ff78ec7a045
                                                                                                                                                              0x7ff78ec7a04c
                                                                                                                                                              0x7ff78ec7a059
                                                                                                                                                              0x7ff78ec7a06b
                                                                                                                                                              0x7ff78ec7a06f
                                                                                                                                                              0x7ff78ec7a07d
                                                                                                                                                              0x7ff78ec7a081
                                                                                                                                                              0x7ff78ec7a085
                                                                                                                                                              0x7ff78ec7a08f
                                                                                                                                                              0x7ff78ec7a0a2
                                                                                                                                                              0x7ff78ec7a0a6
                                                                                                                                                              0x7ff78ec7a0ab
                                                                                                                                                              0x7ff78ec7a0da

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                              • Opcode ID: 38c404c70a445b1321690087ba332b2ca65edbc79732dc857bff3aa9857afa8a
                                                                                                                                                              • Instruction ID: d8323b4263796dc5ea02b750ed79c345528e5e2c2e36c7c5ba456bbb23c1d0ff
                                                                                                                                                              • Opcode Fuzzy Hash: 38c404c70a445b1321690087ba332b2ca65edbc79732dc857bff3aa9857afa8a
                                                                                                                                                              • Instruction Fuzzy Hash: 7B317232A18F8186DB60DF65E8402AEB3A4FB88754FA00535EE9D43BA5DF3CD555CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC80D64 Relevance: 7.8, APIs: 5, Instructions: 282COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00007FF77FF78EC80D64(void* __ecx, long long __rbx, intOrPtr* __rcx, void** __rdx) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t70;
				void* _t77;
				signed int _t96;
				void* _t109;
				void* _t113;
				signed long long _t140;
				signed long long _t141;
				intOrPtr _t142;
				signed short* _t143;
				intOrPtr* _t145;
				void* _t146;
				intOrPtr* _t154;
				intOrPtr* _t156;
				intOrPtr* _t159;
				long long _t160;
				intOrPtr* _t161;
				signed short* _t167;
				signed short* _t168;
				signed long long _t180;
				signed long long _t182;
				long long _t186;
				signed long long _t202;
				void* _t207;
				intOrPtr* _t211;
				intOrPtr* _t212;
				void* _t214;
				intOrPtr _t220;
				void* _t222;
				void* _t223;
				void* _t225;
				signed long long _t226;
				void* _t228;
				void* _t239;
				signed long long _t240;
				long long _t241;
				void* _t244;
				union _FINDEX_INFO_LEVELS _t249;
				signed short* _t250;
				signed long long _t254;
				intOrPtr* _t255;
				WCHAR* _t258;
				signed long long _t260;

				 *((long long*)(_t225 + 0x18)) = __rbx;
				_t223 = _t225 - 0x1c0;
				_t226 = _t225 - 0x2c0;
				_t140 =  *0x8ec9d000; // 0xa1f108556e84
				_t141 = _t140 ^ _t226;
				 *(_t223 + 0x1b8) = _t141;
				r12d = 0;
				 *((long long*)(_t226 + 0x50)) = __rdx;
				if (__rdx != 0) goto 0x8ec80dbc;
				E00007FF77FF78EC75E08(_t141);
				_t5 = _t239 + 0x16; // 0x16
				 *_t141 = _t5;
				E00007FF77FF78EC7A250();
				goto 0x8ec81114;
				asm("xorps xmm0, xmm0");
				 *__rdx = _t239;
				_t142 =  *((intOrPtr*)(__rcx));
				asm("movdqu [esp+0x30], xmm0");
				 *(_t226 + 0x40) = _t239;
				if (_t142 == 0) goto 0x8ec80fec;
				 *((intOrPtr*)(_t223 + 0x1b0)) = 0x3f002a;
				 *((intOrPtr*)(_t223 + 0x1b4)) = r12w;
				E00007FF77FF78EC7EA20(_t142, _t223 + 0x1b0);
				_t250 =  *((intOrPtr*)(__rcx));
				if (_t142 != 0) goto 0x8ec80e44;
				r8d = 0;
				_t167 = _t250;
				if (E00007FF77FF78EC81154(0x801, _t167, _t223 + 0x1b0,  *((intOrPtr*)(_t226 + 0x38)), _t228, _t226 + 0x30) != 0) goto 0x8ec80f95;
				goto 0x8ec80f89;
				if (_t142 == _t250) goto 0x8ec80e68;
				_t109 = ( *_t167 & 0x0000ffff) - 0x2f - 0x2d;
				if (_t109 > 0) goto 0x8ec80e5f;
				asm("dec eax");
				if (_t109 < 0) goto 0x8ec80e68;
				_t168 = _t167 - 2;
				if (_t168 != _t250) goto 0x8ec80e49;
				_t96 =  *_t168 & 0x0000ffff;
				if (_t96 != 0x3a) goto 0x8ec80e7a;
				_t143 =  &(_t250[1]);
				if (_t168 != _t143) goto 0x8ec80ec9;
				_t113 = _t96 - 0x2f - 0x2d;
				if (_t113 > 0) goto 0x8ec80e8f;
				asm("dec eax");
				if (_t113 < 0) goto 0x8ec80e92;
				 *((intOrPtr*)(_t226 + 0x28)) = r12d;
				 *(_t226 + 0x20) = _t239;
				asm("dec ebp");
				r9d = 0;
				FindFirstFileExW(_t258, _t249, _t244);
				if (_t143 != 0xffffffff) goto 0x8ec80ef5;
				if (E00007FF77FF78EC81154(_t143, _t250, _t239,  *((intOrPtr*)(_t226 + 0x38)), _t239, _t226 + 0x30) != 0) goto 0x8ec80fc4;
				goto 0x8ec80f89;
				_t240 =  *((intOrPtr*)(_t226 + 0x38)) -  *((intOrPtr*)(_t226 + 0x30)) >> 3;
				if ( *((short*)(_t223 - 0x74)) != 0x2e) goto 0x8ec80f1d;
				_t70 =  *(_t223 - 0x72) & 0x0000ffff;
				if (_t70 == 0) goto 0x8ec80f3b;
				if (_t70 != 0x2e) goto 0x8ec80f1d;
				if ( *((intOrPtr*)(_t223 - 0x70)) == 0) goto 0x8ec80f3b;
				if (E00007FF77FF78EC81154(_t143, _t223 - 0x74, _t250,  *((intOrPtr*)(_t226 + 0x38)) -  *((intOrPtr*)(_t226 + 0x30)) >> 3, _t244 & (_t168 - _t250 >> 0x00000001) + 0x00000001, _t226 + 0x30) != 0) goto 0x8ec80fbb;
				if (FindNextFileW(_t239) != 0) goto 0x8ec80f01;
				_t220 =  *((intOrPtr*)(_t226 + 0x38));
				_t211 =  *((intOrPtr*)(_t226 + 0x30));
				if (_t240 == _t220 - _t211 >> 3) goto 0x8ec80f7d;
				_t33 =  &(_t143[4]); // 0x8
				r8d = _t33;
				E00007FF77FF78EC86760(_t143, _t211 + _t240 * 8, (_t220 - _t211 >> 3) - _t240, _t211, _t220, _t223, _t244 & (_t168 - _t250 >> 0x00000001) + 0x00000001, 0x7ff78ec80d50, __rcx);
				FindClose(_t207);
				r12d = 0;
				_t260 = __rcx + 8;
				goto 0x8ec80dda;
				_t154 = _t211;
				if (_t211 ==  *((intOrPtr*)(_t226 + 0x38))) goto 0x8ec81067;
				E00007FF77FF78EC7A2B8( *_t260,  *_t154);
				if (_t154 + 8 !=  *((intOrPtr*)(_t226 + 0x38))) goto 0x8ec80fa3;
				goto 0x8ec81067;
				FindClose(_t214);
				_t212 =  *((intOrPtr*)(_t226 + 0x30));
				_t156 = _t212;
				if (_t212 ==  *((intOrPtr*)(_t226 + 0x38))) goto 0x8ec81067;
				_t180 =  *_t156;
				_t77 = E00007FF77FF78EC7A2B8( *_t260, _t180);
				if (_t156 + 8 !=  *((intOrPtr*)(_t226 + 0x38))) goto 0x8ec80fd7;
				goto 0x8ec81067;
				_t202 = _t240;
				 *(_t226 + 0x48) = _t202;
				_t145 = _t212;
				_t254 = (_t220 - _t212 >> 3) + 1;
				if (_t212 == _t220) goto 0x8ec8102e;
				_t182 = (_t180 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *_t145 + _t182 * 2)) != r12w) goto 0x8ec81010;
				_t146 = _t145 + 8;
				if (_t146 != _t220) goto 0x8ec81009;
				 *(_t226 + 0x48) = _t202 + 1 + _t182;
				r8d = 2;
				E00007FF77FF78EC782B4(_t77, _t254, _t202 + 1 + _t182, _t244 & (_t168 - _t250 >> 0x00000001) + 0x00000001);
				if (_t146 != 0) goto 0x8ec81076;
				E00007FF77FF78EC7A2B8(_t146, _t254);
				_t159 = _t212;
				if (_t212 == _t220) goto 0x8ec81064;
				E00007FF77FF78EC7A2B8(_t146,  *_t159);
				_t160 = _t159 + 8;
				if (_t160 != _t220) goto 0x8ec81053;
				E00007FF77FF78EC7A2B8(_t146, _t212);
				goto 0x8ec81114;
				_t186 = _t146 + _t254 * 8;
				_t255 = _t212;
				 *((long long*)(_t223 + 0x1b0)) = _t186;
				_t241 = _t186;
				if (_t212 == _t220) goto 0x8ec810e2;
				if ( *((intOrPtr*)( *_t255 + ((_t260 | 0xffffffff) + 1) * 2)) != 0) goto 0x8ec8109b;
				if (E00007FF77FF78EC80C50(_t241 - _t186 >> 1, _t160, _t241,  *(_t226 + 0x48) - (_t241 - _t186 >> 1), _t220,  *_t255, (_t260 | 0xffffffff) + 2, _t222) != 0) goto 0x8ec8113e;
				 *((long long*)(_t255 + _t160 - _t212)) = _t241;
				if (_t255 + 8 != _t220) goto 0x8ec81092;
				 *((long long*)( *((intOrPtr*)(_t226 + 0x50)))) = _t160;
				E00007FF77FF78EC7A2B8( *((intOrPtr*)(_t226 + 0x50)),  *((intOrPtr*)(_t223 + 0x1b0)));
				_t161 = _t212;
				if (_t212 == _t220) goto 0x8ec8110a;
				E00007FF77FF78EC7A2B8( *((intOrPtr*)(_t226 + 0x50)),  *_t161);
				if (_t161 + 8 != _t220) goto 0x8ec810f9;
				E00007FF77FF78EC7A2B8( *((intOrPtr*)(_t226 + 0x50)), _t212);
				return E00007FF77FF78EC6A040(0, 0,  *(_t223 + 0x1b8) ^ _t226);
			}

















































                                                                                                                                                              0x7ff78ec80d64
                                                                                                                                                              0x7ff78ec80d74
                                                                                                                                                              0x7ff78ec80d7c
                                                                                                                                                              0x7ff78ec80d83
                                                                                                                                                              0x7ff78ec80d8a
                                                                                                                                                              0x7ff78ec80d8d
                                                                                                                                                              0x7ff78ec80d94
                                                                                                                                                              0x7ff78ec80d97
                                                                                                                                                              0x7ff78ec80da2
                                                                                                                                                              0x7ff78ec80da4
                                                                                                                                                              0x7ff78ec80da9
                                                                                                                                                              0x7ff78ec80dae
                                                                                                                                                              0x7ff78ec80db0
                                                                                                                                                              0x7ff78ec80db7
                                                                                                                                                              0x7ff78ec80dbc
                                                                                                                                                              0x7ff78ec80dbf
                                                                                                                                                              0x7ff78ec80dc2
                                                                                                                                                              0x7ff78ec80dc5
                                                                                                                                                              0x7ff78ec80dd5
                                                                                                                                                              0x7ff78ec80ddd
                                                                                                                                                              0x7ff78ec80dea
                                                                                                                                                              0x7ff78ec80df7
                                                                                                                                                              0x7ff78ec80e09
                                                                                                                                                              0x7ff78ec80e0e
                                                                                                                                                              0x7ff78ec80e17
                                                                                                                                                              0x7ff78ec80e1e
                                                                                                                                                              0x7ff78ec80e23
                                                                                                                                                              0x7ff78ec80e34
                                                                                                                                                              0x7ff78ec80e3f
                                                                                                                                                              0x7ff78ec80e47
                                                                                                                                                              0x7ff78ec80e50
                                                                                                                                                              0x7ff78ec80e54
                                                                                                                                                              0x7ff78ec80e59
                                                                                                                                                              0x7ff78ec80e5d
                                                                                                                                                              0x7ff78ec80e5f
                                                                                                                                                              0x7ff78ec80e66
                                                                                                                                                              0x7ff78ec80e68
                                                                                                                                                              0x7ff78ec80e6f
                                                                                                                                                              0x7ff78ec80e71
                                                                                                                                                              0x7ff78ec80e78
                                                                                                                                                              0x7ff78ec80e7e
                                                                                                                                                              0x7ff78ec80e82
                                                                                                                                                              0x7ff78ec80e87
                                                                                                                                                              0x7ff78ec80e8d
                                                                                                                                                              0x7ff78ec80e95
                                                                                                                                                              0x7ff78ec80ea5
                                                                                                                                                              0x7ff78ec80eac
                                                                                                                                                              0x7ff78ec80eaf
                                                                                                                                                              0x7ff78ec80eba
                                                                                                                                                              0x7ff78ec80ec7
                                                                                                                                                              0x7ff78ec80ee0
                                                                                                                                                              0x7ff78ec80ef0
                                                                                                                                                              0x7ff78ec80efc
                                                                                                                                                              0x7ff78ec80f06
                                                                                                                                                              0x7ff78ec80f08
                                                                                                                                                              0x7ff78ec80f0f
                                                                                                                                                              0x7ff78ec80f15
                                                                                                                                                              0x7ff78ec80f1b
                                                                                                                                                              0x7ff78ec80f35
                                                                                                                                                              0x7ff78ec80f4b
                                                                                                                                                              0x7ff78ec80f4d
                                                                                                                                                              0x7ff78ec80f52
                                                                                                                                                              0x7ff78ec80f64
                                                                                                                                                              0x7ff78ec80f74
                                                                                                                                                              0x7ff78ec80f74
                                                                                                                                                              0x7ff78ec80f78
                                                                                                                                                              0x7ff78ec80f80
                                                                                                                                                              0x7ff78ec80f86
                                                                                                                                                              0x7ff78ec80f89
                                                                                                                                                              0x7ff78ec80f90
                                                                                                                                                              0x7ff78ec80f95
                                                                                                                                                              0x7ff78ec80f9d
                                                                                                                                                              0x7ff78ec80fa6
                                                                                                                                                              0x7ff78ec80fb4
                                                                                                                                                              0x7ff78ec80fb6
                                                                                                                                                              0x7ff78ec80fbe
                                                                                                                                                              0x7ff78ec80fc4
                                                                                                                                                              0x7ff78ec80fc9
                                                                                                                                                              0x7ff78ec80fd1
                                                                                                                                                              0x7ff78ec80fd7
                                                                                                                                                              0x7ff78ec80fda
                                                                                                                                                              0x7ff78ec80fe8
                                                                                                                                                              0x7ff78ec80fea
                                                                                                                                                              0x7ff78ec80fef
                                                                                                                                                              0x7ff78ec80ff5
                                                                                                                                                              0x7ff78ec80ffe
                                                                                                                                                              0x7ff78ec81001
                                                                                                                                                              0x7ff78ec81007
                                                                                                                                                              0x7ff78ec81010
                                                                                                                                                              0x7ff78ec81018
                                                                                                                                                              0x7ff78ec8101d
                                                                                                                                                              0x7ff78ec81027
                                                                                                                                                              0x7ff78ec81029
                                                                                                                                                              0x7ff78ec8102e
                                                                                                                                                              0x7ff78ec81037
                                                                                                                                                              0x7ff78ec81042
                                                                                                                                                              0x7ff78ec81046
                                                                                                                                                              0x7ff78ec8104b
                                                                                                                                                              0x7ff78ec81051
                                                                                                                                                              0x7ff78ec81056
                                                                                                                                                              0x7ff78ec8105b
                                                                                                                                                              0x7ff78ec81062
                                                                                                                                                              0x7ff78ec8106a
                                                                                                                                                              0x7ff78ec81071
                                                                                                                                                              0x7ff78ec81076
                                                                                                                                                              0x7ff78ec8107a
                                                                                                                                                              0x7ff78ec8107d
                                                                                                                                                              0x7ff78ec81084
                                                                                                                                                              0x7ff78ec8108a
                                                                                                                                                              0x7ff78ec810a3
                                                                                                                                                              0x7ff78ec810c8
                                                                                                                                                              0x7ff78ec810d1
                                                                                                                                                              0x7ff78ec810e0
                                                                                                                                                              0x7ff78ec810e9
                                                                                                                                                              0x7ff78ec810ec
                                                                                                                                                              0x7ff78ec810f1
                                                                                                                                                              0x7ff78ec810f7
                                                                                                                                                              0x7ff78ec810fc
                                                                                                                                                              0x7ff78ec81108
                                                                                                                                                              0x7ff78ec8110d
                                                                                                                                                              0x7ff78ec8113d

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2227656907-0
                                                                                                                                                              • Opcode ID: fd4a9bfda042c9443d9aa9375a356fea78cc617cd4b82e203b5d264eab4a71de
                                                                                                                                                              • Instruction ID: 17f670cfbbd02f1e7232cb5f2cccb4514b1e543fd2ebc7e93a1560b7c307e4d5
                                                                                                                                                              • Opcode Fuzzy Hash: fd4a9bfda042c9443d9aa9375a356fea78cc617cd4b82e203b5d264eab4a71de
                                                                                                                                                              • Instruction Fuzzy Hash: 67B1D822F186A241FA60ABA5DA111BAE390FB45BE4FE45135EE5D47BC5DF3CE841C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC82D40 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                              			E00007FF77FF78EC82D40(signed int __ecx, signed int __rax, signed int* __rcx, unsigned int __rdx, signed int __r9, void* __r10, long long __r13, signed int _a8, long long _a16, signed int _a24, signed int _a32) {
				long long _v64;
				char _v532;
				intOrPtr _v536;
				signed long long _v552;
				signed int _v560;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				intOrPtr _v584;
				void* __rbx;
				void* __rsi;
				void* _t132;
				signed int _t148;
				intOrPtr _t161;
				signed int _t163;
				intOrPtr _t164;
				signed int _t180;
				signed int _t191;
				signed int _t192;
				signed int _t213;
				void* _t230;
				signed long long _t241;
				signed int _t244;
				void* _t252;
				signed int* _t255;
				intOrPtr* _t262;
				signed long long _t267;
				signed long long _t269;
				signed long long _t271;
				signed long long _t273;
				signed long long _t277;
				signed long long _t279;
				char* _t285;
				signed int _t288;
				signed long long _t289;
				signed long long _t297;
				signed long long _t298;
				void* _t306;
				signed long long _t327;

				_a16 = __rdx;
				r10d =  *__rcx;
				if (r10d == 0) goto 0x8ec831b5;
				_t161 =  *__rdx;
				_v584 = _t161;
				if (_t161 == 0) goto 0x8ec831b5;
				r10d = r10d - 1;
				if (_t252 - 1 != 0) goto 0x8ec82e71;
				r12d =  *(__rdx + 4);
				if (r12d != 1) goto 0x8ec82db6;
				_t255 =  &(__rcx[1]);
				 *__rcx = 0;
				r9d = 0;
				_v536 = 0;
				E00007FF77FF78EC8440C(__rax, _t252, _t255, __rdx, __rcx,  &_v532, __r9);
				goto 0x8ec831b7;
				if (r10d != 0) goto 0x8ec82df1;
				_t163 = _t255[1];
				 *_t255 = 0;
				r9d = 0;
				_v536 = 0;
				E00007FF77FF78EC8440C(__rax, _t252,  &(_t255[1]), __rdx, __rcx,  &_v532, __r9);
				_t180 = _t163 % r12d;
				__rcx[1] = _t180;
				bpl = _t180 != 0;
				 *__rcx = 0;
				goto 0x8ec831b7;
				r15d = 0xffffffff;
				if (r10d == r15d) goto 0x8ec82e35;
				asm("o16 nop [eax+eax]");
				r10d = r10d + r15d;
				if (r10d != r15d) goto 0x8ec82e10;
				r9d = 0;
				_v536 = 0;
				_t285 =  &_v532;
				 *__rcx = 0;
				_t132 = E00007FF77FF78EC8440C(__rax | _t279 << 0x00000020, _t252,  &(__rcx[1]), __rdx, __rcx, _t285, __r9);
				__rcx[1] = r14d;
				__rcx[2] = __ecx;
				bpl = __ecx != 0;
				 *__rcx = 1;
				goto 0x8ec831b7;
				if (_t132 - r10d > 0) goto 0x8ec831b5;
				r8d = r10d;
				_t269 = r10d;
				r8d = r8d - _t132;
				r9d = r10d;
				_t277 = r8d;
				if (_t269 - _t277 < 0) goto 0x8ec82ed7;
				_t262 = (__rdx >> 0x20) + 4 + _t269 * 4;
				if ( *((intOrPtr*)(__rdx - _t277 * 4 - __rcx + _t262)) !=  *_t262) goto 0x8ec82ec0;
				r9d = r9d - 1;
				if (_t269 - 1 - _t277 >= 0) goto 0x8ec82ea7;
				goto 0x8ec82ed7;
				_t271 = r9d - r8d;
				_t241 = r9d;
				if ( *((intOrPtr*)(__rdx + 4 + _t271 * 4)) -  *(__rcx + 4 + _t241 * 4) >= 0) goto 0x8ec82eda;
				r8d = r8d + 1;
				_t213 = r8d;
				if (_t213 == 0) goto 0x8ec831b5;
				r9d =  *(__rdx + 4 + _t241 * 4);
				r11d =  *(__rdx + 4 + _t241 * 4);
				asm("inc ecx");
				_a24 = r11d;
				if (_t213 == 0) goto 0x8ec82f21;
				r12d = 0x20;
				r12d = r12d - 0x1f;
				_a8 = r12d;
				if (0x1f - _t252 - 2 == 0) goto 0x8ec82f6d;
				goto 0x8ec82f30;
				_a8 = 0;
				r12d = 0;
				r9d = r11d >> r12d;
				r11d = r11d << 0x20;
				r9d = r9d | r9d << 0x00000020;
				_a24 = r11d;
				if (_t163 - 2 <= 0) goto 0x8ec82f6d;
				r11d = r11d |  *(__rdx + 4 + _t241 * 4) >> r12d;
				_a24 = r11d;
				r14d = _t285 - 1;
				_v560 = _t279;
				if (r14d < 0) goto 0x8ec8317e;
				r15d = 0xffffffff;
				_v64 = __r13;
				r13d = __rdx + _t252;
				_v552 = _t241;
				_v568 = __r9;
				if (r13d - r10d > 0) goto 0x8ec82fad;
				goto 0x8ec82faf;
				_a32 = 0;
				r11d =  *(__rcx + 4 + _t241 * 4);
				_v576 = _t262 - 4;
				_v572 = 0;
				if (0x20 == 0) goto 0x8ec83007;
				r8d = r11d;
				r11d = r11d << 0x20;
				if (r13d - 3 < 0) goto 0x8ec8300c;
				_t148 =  *(__rcx + 4 + (_v576 << 0x20) * 4) >> r12d;
				r11d = r11d | _t148;
				goto 0x8ec8300c;
				_t288 = _v576;
				_t244 = _t288;
				r8d = _t148 % __r9;
				if (_t244 - _t327 <= 0) goto 0x8ec83038;
				_t297 = _t327;
				_t289 = _t288 + 0x1;
				if (_t289 - _t327 > 0) goto 0x8ec83071;
				_t267 = _t289 << 0x00000020 | _t279;
				if (0x1 - _t267 <= 0) goto 0x8ec8306d;
				_t298 = _t297 - 1;
				if (_t289 + _v568 - _t327 <= 0) goto 0x8ec83050;
				_t164 = _v584;
				if (_t298 == 0) goto 0x8ec83150;
				r11d = 0;
				if (_t164 == 0) goto 0x8ec830f3;
				r15d = _a8;
				r8d = r10d;
				_t306 =  >=  ? _t279 + 0x1 >> 0x20 : (_t279 + 0x1 >> 0x20) + 1;
				r11d = r11d + 1;
				 *((intOrPtr*)(__rcx + 4 + _t267 * 4)) = __rcx[0xffffffff00000002] - r8d;
				if (r11d - _t164 < 0) goto 0x8ec830a0;
				_a8 = r15d;
				r15d = 0xffffffff;
				r12d = _a8;
				if (0x1 - _t306 >= 0) goto 0x8ec8314c;
				r10d = 0;
				if (_t164 == 0) goto 0x8ec83149;
				asm("o16 nop [eax+eax]");
				r10d = r10d + 1;
				_t273 =  &(__rcx[0xffffffff00000001]);
				 *(_t273 + 4) = r8d;
				_t230 = r10d - _t164;
				if (_t230 < 0) goto 0x8ec83120;
				r10d = __r13 - 1;
				r13d = r13d - 1;
				r14d = r14d - 1;
				_v560 = (_v560 << 0x20) + 0x1;
				if (_t230 >= 0) goto 0x8ec82fa1;
				_t191 = _t306 + 1;
				if (_t191 -  *__rcx >= 0) goto 0x8ec8319c;
				 *((intOrPtr*)(__rcx + 4 + ((0x1 + _t244) * _v568 * _t297 - _t271) * _t298 * 4)) = 0;
				if (_t191 + 1 -  *__rcx < 0) goto 0x8ec83190;
				 *__rcx = _t191;
				if (_t191 == 0) goto 0x8ec831b0;
				_t192 = _t191 - 1;
				if ( *((intOrPtr*)(__rcx + 4 + _t273 * 4)) != 0) goto 0x8ec831b0;
				 *__rcx = _t192;
				if (_t192 != 0) goto 0x8ec831a2;
				goto 0x8ec831b7;
				return 0;
			}










































                                                                                                                                                              0x7ff78ec82d40
                                                                                                                                                              0x7ff78ec82d56
                                                                                                                                                              0x7ff78ec82d62
                                                                                                                                                              0x7ff78ec82d68
                                                                                                                                                              0x7ff78ec82d6a
                                                                                                                                                              0x7ff78ec82d70
                                                                                                                                                              0x7ff78ec82d76
                                                                                                                                                              0x7ff78ec82d7e
                                                                                                                                                              0x7ff78ec82d84
                                                                                                                                                              0x7ff78ec82d8e
                                                                                                                                                              0x7ff78ec82d98
                                                                                                                                                              0x7ff78ec82d9c
                                                                                                                                                              0x7ff78ec82d9e
                                                                                                                                                              0x7ff78ec82da1
                                                                                                                                                              0x7ff78ec82daa
                                                                                                                                                              0x7ff78ec82db1
                                                                                                                                                              0x7ff78ec82db9
                                                                                                                                                              0x7ff78ec82dbb
                                                                                                                                                              0x7ff78ec82dc3
                                                                                                                                                              0x7ff78ec82dc5
                                                                                                                                                              0x7ff78ec82dcc
                                                                                                                                                              0x7ff78ec82dd5
                                                                                                                                                              0x7ff78ec82dde
                                                                                                                                                              0x7ff78ec82de3
                                                                                                                                                              0x7ff78ec82de6
                                                                                                                                                              0x7ff78ec82dea
                                                                                                                                                              0x7ff78ec82dec
                                                                                                                                                              0x7ff78ec82df1
                                                                                                                                                              0x7ff78ec82e00
                                                                                                                                                              0x7ff78ec82e05
                                                                                                                                                              0x7ff78ec82e1b
                                                                                                                                                              0x7ff78ec82e33
                                                                                                                                                              0x7ff78ec82e35
                                                                                                                                                              0x7ff78ec82e38
                                                                                                                                                              0x7ff78ec82e3c
                                                                                                                                                              0x7ff78ec82e41
                                                                                                                                                              0x7ff78ec82e4c
                                                                                                                                                              0x7ff78ec82e54
                                                                                                                                                              0x7ff78ec82e61
                                                                                                                                                              0x7ff78ec82e64
                                                                                                                                                              0x7ff78ec82e6a
                                                                                                                                                              0x7ff78ec82e6c
                                                                                                                                                              0x7ff78ec82e74
                                                                                                                                                              0x7ff78ec82e7a
                                                                                                                                                              0x7ff78ec82e7d
                                                                                                                                                              0x7ff78ec82e80
                                                                                                                                                              0x7ff78ec82e83
                                                                                                                                                              0x7ff78ec82e86
                                                                                                                                                              0x7ff78ec82e8c
                                                                                                                                                              0x7ff78ec82ea3
                                                                                                                                                              0x7ff78ec82ead
                                                                                                                                                              0x7ff78ec82eaf
                                                                                                                                                              0x7ff78ec82ebc
                                                                                                                                                              0x7ff78ec82ebe
                                                                                                                                                              0x7ff78ec82ec6
                                                                                                                                                              0x7ff78ec82ec9
                                                                                                                                                              0x7ff78ec82ed5
                                                                                                                                                              0x7ff78ec82ed7
                                                                                                                                                              0x7ff78ec82eda
                                                                                                                                                              0x7ff78ec82edd
                                                                                                                                                              0x7ff78ec82ee8
                                                                                                                                                              0x7ff78ec82ef0
                                                                                                                                                              0x7ff78ec82ef5
                                                                                                                                                              0x7ff78ec82ef9
                                                                                                                                                              0x7ff78ec82f01
                                                                                                                                                              0x7ff78ec82f08
                                                                                                                                                              0x7ff78ec82f10
                                                                                                                                                              0x7ff78ec82f13
                                                                                                                                                              0x7ff78ec82f1d
                                                                                                                                                              0x7ff78ec82f1f
                                                                                                                                                              0x7ff78ec82f26
                                                                                                                                                              0x7ff78ec82f2d
                                                                                                                                                              0x7ff78ec82f3f
                                                                                                                                                              0x7ff78ec82f42
                                                                                                                                                              0x7ff78ec82f45
                                                                                                                                                              0x7ff78ec82f48
                                                                                                                                                              0x7ff78ec82f53
                                                                                                                                                              0x7ff78ec82f62
                                                                                                                                                              0x7ff78ec82f65
                                                                                                                                                              0x7ff78ec82f6d
                                                                                                                                                              0x7ff78ec82f71
                                                                                                                                                              0x7ff78ec82f7c
                                                                                                                                                              0x7ff78ec82f85
                                                                                                                                                              0x7ff78ec82f8b
                                                                                                                                                              0x7ff78ec82f93
                                                                                                                                                              0x7ff78ec82f97
                                                                                                                                                              0x7ff78ec82f9c
                                                                                                                                                              0x7ff78ec82fa4
                                                                                                                                                              0x7ff78ec82fab
                                                                                                                                                              0x7ff78ec82faf
                                                                                                                                                              0x7ff78ec82fc2
                                                                                                                                                              0x7ff78ec82fc7
                                                                                                                                                              0x7ff78ec82fcc
                                                                                                                                                              0x7ff78ec82fd2
                                                                                                                                                              0x7ff78ec82fd9
                                                                                                                                                              0x7ff78ec82fec
                                                                                                                                                              0x7ff78ec82ff3
                                                                                                                                                              0x7ff78ec83000
                                                                                                                                                              0x7ff78ec83002
                                                                                                                                                              0x7ff78ec83005
                                                                                                                                                              0x7ff78ec83007
                                                                                                                                                              0x7ff78ec8300e
                                                                                                                                                              0x7ff78ec83014
                                                                                                                                                              0x7ff78ec8301d
                                                                                                                                                              0x7ff78ec8302c
                                                                                                                                                              0x7ff78ec83035
                                                                                                                                                              0x7ff78ec8303b
                                                                                                                                                              0x7ff78ec83057
                                                                                                                                                              0x7ff78ec8305d
                                                                                                                                                              0x7ff78ec8305f
                                                                                                                                                              0x7ff78ec8306b
                                                                                                                                                              0x7ff78ec8306d
                                                                                                                                                              0x7ff78ec83074
                                                                                                                                                              0x7ff78ec8307d
                                                                                                                                                              0x7ff78ec83082
                                                                                                                                                              0x7ff78ec8308c
                                                                                                                                                              0x7ff78ec830b4
                                                                                                                                                              0x7ff78ec830ca
                                                                                                                                                              0x7ff78ec830d1
                                                                                                                                                              0x7ff78ec830d4
                                                                                                                                                              0x7ff78ec830db
                                                                                                                                                              0x7ff78ec830dd
                                                                                                                                                              0x7ff78ec830e5
                                                                                                                                                              0x7ff78ec830eb
                                                                                                                                                              0x7ff78ec830fd
                                                                                                                                                              0x7ff78ec830ff
                                                                                                                                                              0x7ff78ec83104
                                                                                                                                                              0x7ff78ec83115
                                                                                                                                                              0x7ff78ec83124
                                                                                                                                                              0x7ff78ec8312b
                                                                                                                                                              0x7ff78ec8313c
                                                                                                                                                              0x7ff78ec83144
                                                                                                                                                              0x7ff78ec83147
                                                                                                                                                              0x7ff78ec8314c
                                                                                                                                                              0x7ff78ec83155
                                                                                                                                                              0x7ff78ec83167
                                                                                                                                                              0x7ff78ec8316b
                                                                                                                                                              0x7ff78ec83170
                                                                                                                                                              0x7ff78ec8317e
                                                                                                                                                              0x7ff78ec83186
                                                                                                                                                              0x7ff78ec83194
                                                                                                                                                              0x7ff78ec8319a
                                                                                                                                                              0x7ff78ec8319c
                                                                                                                                                              0x7ff78ec831a0
                                                                                                                                                              0x7ff78ec831a2
                                                                                                                                                              0x7ff78ec831a8
                                                                                                                                                              0x7ff78ec831aa
                                                                                                                                                              0x7ff78ec831ae
                                                                                                                                                              0x7ff78ec831b3
                                                                                                                                                              0x7ff78ec831c8

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1502251526-3916222277
                                                                                                                                                              • Opcode ID: cde1b8b2f6d1160984fe15dbaba42dea7d5925037cfa26e03551a8a86da9f649
                                                                                                                                                              • Instruction ID: f60bbfca0e8452560c1bd1166d638861c3d7caaaf45cd0dfd9dc483363cc3c27
                                                                                                                                                              • Opcode Fuzzy Hash: cde1b8b2f6d1160984fe15dbaba42dea7d5925037cfa26e03551a8a86da9f649
                                                                                                                                                              • Instruction Fuzzy Hash: BDC11972F1829687D724DF99E248A6AF791F788B84F949135DF4A43B84DB3CE805CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC88B08 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 15204871-0
                                                                                                                                                              • Opcode ID: bc390de868ea73124265393c67e6da1affeb6238bb5df05aa1662538549b98e5
                                                                                                                                                              • Instruction ID: b2e87ed162e493dd156a2bd788a77b335568b32f10616a33e8fe63cd2917dcf7
                                                                                                                                                              • Opcode Fuzzy Hash: bc390de868ea73124265393c67e6da1affeb6238bb5df05aa1662538549b98e5
                                                                                                                                                              • Instruction Fuzzy Hash: 7BB16F73A01B558BEB15DF2AC98236C77A0F744F48FA48922DB5D87BA8CB39D851C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7D588 Relevance: 2.6, Strings: 2, Instructions: 144COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                              			E00007FF77FF78EC7D588(void* __ebp, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32, long long _a64) {
				void* _t17;
				long long _t32;
				void* _t42;
				void* _t45;
				void* _t46;

				_t46 = _t42;
				 *((long long*)(_t46 + 8)) = __rbx;
				 *((long long*)(_t46 + 0x10)) = __rbp;
				 *((long long*)(_t46 + 0x18)) = __rsi;
				 *((long long*)(_t46 + 0x20)) = __rdi;
				r13b = r9b;
				_t16 =  >  ? __ebp : 0;
				_t17 = ( >  ? __ebp : 0) + 9;
				if (__rdx - __rax > 0) goto 0x8ec7d610;
				_t32 = _a64;
				 *((long long*)(_t46 - 0x20)) = _t32;
				r9d = 0;
				 *(_t46 - 0x28) =  *(_t46 - 0x28) & 0x00000000;
				r8d = 0;
				 *((char*)(_t32 + 0x30)) = 1;
				 *((intOrPtr*)(_t32 + 0x2c)) = 0x22;
				E00007FF77FF78EC7A180(__rax, __rbx, _t32, __rdx, __rsi, r8d, _t45);
				return 0x22;
			}








                                                                                                                                                              0x7ff78ec7d588
                                                                                                                                                              0x7ff78ec7d58b
                                                                                                                                                              0x7ff78ec7d58f
                                                                                                                                                              0x7ff78ec7d593
                                                                                                                                                              0x7ff78ec7d597
                                                                                                                                                              0x7ff78ec7d5ad
                                                                                                                                                              0x7ff78ec7d5b6
                                                                                                                                                              0x7ff78ec7d5b9
                                                                                                                                                              0x7ff78ec7d5c1
                                                                                                                                                              0x7ff78ec7d5c3
                                                                                                                                                              0x7ff78ec7d5d0
                                                                                                                                                              0x7ff78ec7d5d4
                                                                                                                                                              0x7ff78ec7d5d7
                                                                                                                                                              0x7ff78ec7d5dc
                                                                                                                                                              0x7ff78ec7d5e1
                                                                                                                                                              0x7ff78ec7d5e5
                                                                                                                                                              0x7ff78ec7d5ea
                                                                                                                                                              0x7ff78ec7d60f

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                              • API String ID: 0-3030954782
                                                                                                                                                              • Opcode ID: 7415e6b30dec67e1f7b88c6f5fac3f2653a2dc06fd9f2d83c2e1fa89a9b54909
                                                                                                                                                              • Instruction ID: 92242febe4ecef1cda59d401ed1bb4efdb96107d6b42adb5c735242caad72f55
                                                                                                                                                              • Opcode Fuzzy Hash: 7415e6b30dec67e1f7b88c6f5fac3f2653a2dc06fd9f2d83c2e1fa89a9b54909
                                                                                                                                                              • Instruction Fuzzy Hash: 94516462F1C2C546E7249A79DC0076AAB91F745B94FA88231CBAC4BAC5CF3DD040C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC857C0 Relevance: 1.7, APIs: 1, Instructions: 182COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00007FF77FF78EC857C0(signed int __ecx, signed int __ebp, long long __rbx, signed char* __rdx, long long __rsi, long long __rbp, void* __r8, intOrPtr* __r9, signed int _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				signed int _t45;
				signed int _t49;
				signed char _t50;
				void* _t56;
				void* _t63;
				signed int _t77;
				signed int _t88;
				signed int _t89;
				unsigned int _t90;
				void* _t95;
				void* _t109;
				intOrPtr* _t127;
				void* _t132;
				void* _t138;
				void* _t145;
				void* _t152;
				void* _t153;
				intOrPtr* _t154;
				void* _t156;

				_t129 = __rbx;
				_t152 = _t145;
				 *((long long*)(_t152 + 0x10)) = __rbx;
				 *((long long*)(_t152 + 0x18)) = __rbp;
				 *((long long*)(_t152 + 0x20)) = __rsi;
				_push(_t138);
				 *((char*)(__r9)) = 0;
				r10d = r10d & 0x0000003f;
				_t154 = __r9;
				_t88 = r8d;
				_t127 =  *((intOrPtr*)(0x8ecaca50 + (__ecx >> 6) * 8));
				if ( *((intOrPtr*)(_t127 + 0x38 + (__ecx + __ecx * 8) * 8)) >= 0) goto 0x8ec85a07;
				if ((0x00074000 & r8d) != 0) goto 0x8ec8583c;
				_t132 = _t152 + 8;
				_a8 = 0;
				_t95 = E00007FF77FF78EC7557C(_t127, _t132);
				if (_t95 != 0) goto 0x8ec85a22;
				if (_t95 != 0) goto 0x8ec85876;
				asm("bts esi, 0xe");
				if ((_t88 & 0x00074000) == 0x4000) goto 0x8ec8588c;
				if ((0xffffbfff & _t132 - 0x00010000) == 0) goto 0x8ec8587a;
				if ((0xffffbfff & _t132 - 0x00020000) == 0) goto 0x8ec85887;
				_t45 = _t132 - 0x40000;
				if ((0xffffbfff & _t45) != 0) goto 0x8ec8588f;
				 *((char*)(__r9)) = 1;
				goto 0x8ec8588f;
				_t89 = _t88 | _t45;
				goto 0x8ec8583c;
				if ((_t89 & 0x00000301) != 0x301) goto 0x8ec8588f;
				 *__r9 = dil;
				goto 0x8ec8588f;
				 *((char*)(__r9)) = 0;
				if ((_t89 & 0x00070000) == 0) goto 0x8ec85a07;
				if (( *__rdx & 0x00000040) != 0) goto 0x8ec85a07;
				_t90 = __rdx[4];
				_t49 = _t90 & 0xc0000000;
				if (_t49 == 0x40000000) goto 0x8ec858cc;
				if (_t49 == 0x80000000) goto 0x8ec85944;
				if (_t49 != 0xc0000000) goto 0x8ec85a07;
				_t50 = __rdx[8];
				if (_t50 == 0) goto 0x8ec85a07;
				if (_t50 - 2 <= 0) goto 0x8ec858ea;
				if (_t50 - 4 <= 0) goto 0x8ec8590a;
				_t109 = _t50 - 5;
				if (_t109 != 0) goto 0x8ec85a07;
				if (_t109 == 0) goto 0x8ec859d2;
				if ( *((char*)(__r9)) - 1 != 1) goto 0x8ec85a07;
				goto 0x8ec859dc;
				r8d = 2;
				E00007FF77FF78EC7BC0C(_t127, __rbx, _t138, _t156, _t153);
				if (_t127 == 0) goto 0x8ec858ea;
				r8d = 0;
				E00007FF77FF78EC7BC0C(_t127, _t129, _t138);
				if (_t127 != 0xffffffff) goto 0x8ec85939;
				E00007FF77FF78EC75E08(_t127);
				goto 0x8ec85a09;
				if (_t90 >> 0x1f == 0) goto 0x8ec85a07;
				r8d = 3;
				_a8 = 0;
				_t56 = E00007FF77FF78EC7B3DC(__ebp, _t90 >> 0x1f, _t127, _t132,  &_a8, __r8);
				if (_t56 == 0xffffffff) goto 0x8ec8592d;
				if (_t56 == 2) goto 0x8ec8597c;
				if (_t56 != 3) goto 0x8ec859bb;
				if (_a8 != 0xbfbbef) goto 0x8ec8597c;
				 *_t154 = 1;
				goto 0x8ec85a07;
				_t77 = _a8 & 0x0000ffff;
				if (_t77 != 0xfffe) goto 0x8ec85996;
				E00007FF77FF78EC75E08(_t127);
				 *_t127 = 0x16;
				goto 0x8ec8592d;
				if (_t77 != 0xfeff) goto 0x8ec859bb;
				r8d = 0;
				E00007FF77FF78EC7BC0C(_t127, _t129, _t138);
				if (_t127 == 0xffffffff) goto 0x8ec8592d;
				 *_t154 = dil;
				goto 0x8ec85a07;
				r8d = 0;
				E00007FF77FF78EC7BC0C(_t127, _t129, _t138);
				if (_t127 != 0xffffffff) goto 0x8ec85a07;
				goto 0x8ec8592d;
				_a8 = 0xbfbbef;
				r8d = 3;
				r8d = r8d;
				_t63 = E00007FF77FF78EC7C74C(0, _t129, _t138);
				if (_t63 == 0xffffffff) goto 0x8ec8592d;
				if (3 - 0 + _t63 > 0) goto 0x8ec859e0;
				return 0;
			}























                                                                                                                                                              0x7ff78ec857c0
                                                                                                                                                              0x7ff78ec857c0
                                                                                                                                                              0x7ff78ec857c3
                                                                                                                                                              0x7ff78ec857c7
                                                                                                                                                              0x7ff78ec857cb
                                                                                                                                                              0x7ff78ec857cf
                                                                                                                                                              0x7ff78ec857e0
                                                                                                                                                              0x7ff78ec857e3
                                                                                                                                                              0x7ff78ec857f1
                                                                                                                                                              0x7ff78ec857f8
                                                                                                                                                              0x7ff78ec85802
                                                                                                                                                              0x7ff78ec8580b
                                                                                                                                                              0x7ff78ec85819
                                                                                                                                                              0x7ff78ec8581b
                                                                                                                                                              0x7ff78ec8581f
                                                                                                                                                              0x7ff78ec85828
                                                                                                                                                              0x7ff78ec8582a
                                                                                                                                                              0x7ff78ec85836
                                                                                                                                                              0x7ff78ec85838
                                                                                                                                                              0x7ff78ec8584b
                                                                                                                                                              0x7ff78ec8585a
                                                                                                                                                              0x7ff78ec85864
                                                                                                                                                              0x7ff78ec85866
                                                                                                                                                              0x7ff78ec8586e
                                                                                                                                                              0x7ff78ec85870
                                                                                                                                                              0x7ff78ec85874
                                                                                                                                                              0x7ff78ec85876
                                                                                                                                                              0x7ff78ec85878
                                                                                                                                                              0x7ff78ec85885
                                                                                                                                                              0x7ff78ec85887
                                                                                                                                                              0x7ff78ec8588a
                                                                                                                                                              0x7ff78ec8588c
                                                                                                                                                              0x7ff78ec85895
                                                                                                                                                              0x7ff78ec8589f
                                                                                                                                                              0x7ff78ec858a5
                                                                                                                                                              0x7ff78ec858b0
                                                                                                                                                              0x7ff78ec858b7
                                                                                                                                                              0x7ff78ec858be
                                                                                                                                                              0x7ff78ec858c6
                                                                                                                                                              0x7ff78ec858cc
                                                                                                                                                              0x7ff78ec858d2
                                                                                                                                                              0x7ff78ec858da
                                                                                                                                                              0x7ff78ec858df
                                                                                                                                                              0x7ff78ec858e1
                                                                                                                                                              0x7ff78ec858e4
                                                                                                                                                              0x7ff78ec858f1
                                                                                                                                                              0x7ff78ec858fa
                                                                                                                                                              0x7ff78ec85905
                                                                                                                                                              0x7ff78ec8590a
                                                                                                                                                              0x7ff78ec85911
                                                                                                                                                              0x7ff78ec85919
                                                                                                                                                              0x7ff78ec8591b
                                                                                                                                                              0x7ff78ec85922
                                                                                                                                                              0x7ff78ec8592b
                                                                                                                                                              0x7ff78ec8592d
                                                                                                                                                              0x7ff78ec85934
                                                                                                                                                              0x7ff78ec8593e
                                                                                                                                                              0x7ff78ec85944
                                                                                                                                                              0x7ff78ec8594a
                                                                                                                                                              0x7ff78ec85955
                                                                                                                                                              0x7ff78ec8595d
                                                                                                                                                              0x7ff78ec85961
                                                                                                                                                              0x7ff78ec85966
                                                                                                                                                              0x7ff78ec85971
                                                                                                                                                              0x7ff78ec85973
                                                                                                                                                              0x7ff78ec85977
                                                                                                                                                              0x7ff78ec8597c
                                                                                                                                                              0x7ff78ec85987
                                                                                                                                                              0x7ff78ec85989
                                                                                                                                                              0x7ff78ec8598e
                                                                                                                                                              0x7ff78ec85994
                                                                                                                                                              0x7ff78ec8599d
                                                                                                                                                              0x7ff78ec8599f
                                                                                                                                                              0x7ff78ec859a7
                                                                                                                                                              0x7ff78ec859b0
                                                                                                                                                              0x7ff78ec859b6
                                                                                                                                                              0x7ff78ec859b9
                                                                                                                                                              0x7ff78ec859bb
                                                                                                                                                              0x7ff78ec859c2
                                                                                                                                                              0x7ff78ec859cb
                                                                                                                                                              0x7ff78ec859cd
                                                                                                                                                              0x7ff78ec859dc
                                                                                                                                                              0x7ff78ec859e0
                                                                                                                                                              0x7ff78ec859eb
                                                                                                                                                              0x7ff78ec859f3
                                                                                                                                                              0x7ff78ec859fb
                                                                                                                                                              0x7ff78ec85a05
                                                                                                                                                              0x7ff78ec85a21

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 474895018-0
                                                                                                                                                              • Opcode ID: 62fd0fb53a18f0325237b5f4d992246be456f9e55d3a1d94135469ebd9c984cb
                                                                                                                                                              • Instruction ID: 461097d71a90e3bdb0c2cd5a20496d62472aea7e791b0d85e898af589e4bae91
                                                                                                                                                              • Opcode Fuzzy Hash: 62fd0fb53a18f0325237b5f4d992246be456f9e55d3a1d94135469ebd9c984cb
                                                                                                                                                              • Instruction Fuzzy Hash: 4261E922F182A245FB64A9A8D58077DE681BF50770FB44236DA6D876C1DFBCE841C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7D0D8 Relevance: 1.5, Strings: 1, Instructions: 260COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E00007FF77FF78EC7D0D8(void* __rax, long long __rbx, unsigned int* __rcx, signed long long __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, long long __r11, long long _a8, long long _a16, long long _a24, char* _a40, signed int _a48, signed int _a56, intOrPtr _a64, intOrPtr _a72, long long _a80) {
				void* _v40;
				long long _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				signed int _v72;
				unsigned int* _v80;
				long long _v88;
				void* __rdi;
				intOrPtr _t83;
				void* _t84;
				void* _t86;
				unsigned int* _t120;
				signed int _t121;
				void* _t139;
				char* _t158;
				unsigned long long _t170;
				char* _t184;
				char* _t185;
				intOrPtr _t186;
				unsigned int* _t189;
				char* _t192;
				intOrPtr* _t197;
				intOrPtr* _t198;
				void* _t202;
				void* _t203;
				signed long long _t206;
				signed long long _t211;
				signed long long _t214;
				void* _t217;
				char* _t219;
				void* _t220;
				signed int* _t222;
				signed int* _t231;
				signed int* _t232;
				signed int* _t233;
				signed int* _t239;
				long long _t243;
				void* _t245;
				intOrPtr* _t246;
				unsigned int* _t247;

				_t243 = __r11;
				_t229 = __r8;
				_t224 = __rbp;
				_t218 = __rsi;
				_t206 = __rdx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				r11d = 0;
				 *__rdx = r11b;
				_t120 =  >=  ? _a48 : r11d;
				_t184 = __rdx;
				_t247 = __rcx;
				_t5 = _t217 + 0xb; // 0xb
				if (__r8 - _t5 > 0) goto 0x8ec7d150;
				_t189 = _a80;
				_t7 = _t243 + 0x22; // 0x22
				_v80 = _t189;
				r9d = 0;
				r8d = 0;
				_v88 = __r11;
				_t189[0xc] = 1;
				_t189[0xb] = _t7;
				E00007FF77FF78EC7A180(__rax, __rdx, _t189, __rdx, __rsi, __rbp, __r8);
				goto 0x8ec7d46e;
				if (( *_t189 >> 0x00000034 & _t206) != _t206) goto 0x8ec7d1ef;
				_t236 = __r9;
				_v48 = _a80;
				_v56 = _a72;
				_v64 = _a64;
				_t158 = _a40;
				_v72 = r11b;
				_v80 = _t120;
				_v88 = _t158;
				if (E00007FF77FF78EC7D48C(_t184, _t247, _t184, _t217, _t218, _t229, __r9) == 0) goto 0x8ec7d1be;
				 *_t184 = 0;
				goto 0x8ec7d46e;
				_t192 = _t184;
				E00007FF77FF78EC6B4E8(_t76, _t7, 0x65, _t158, _t184, _t192, _t236);
				if (_t158 == 0) goto 0x8ec7d46c;
				 *_t158 = ((_a56 ^ 0x00000001) << 5) + 0x50;
				 *((char*)(_t158 + 3)) = 0;
				goto 0x8ec7d46c;
				if (_t192 >= 0) goto 0x8ec7d201;
				 *_t184 = 0x2d;
				_t185 = _t184 + 1;
				_t246 = _t185 + 1;
				r12d = 0x3ff;
				r15d = (_a56 ^ 0x00000001) & 0x000000ff;
				r8d = 0x30;
				_a48 = r15d;
				if ((0x00000000 &  *_t247) != 0) goto 0x8ec7d260;
				 *_t185 = r8b;
				asm("dec ebp");
				r12d = r12d & 0x000003fe;
				goto 0x8ec7d263;
				 *_t185 = 0x31;
				_t219 = _t246 + 1;
				if (_t120 != 0) goto 0x8ec7d270;
				goto 0x8ec7d2a7;
				_t186 = _a80;
				if ( *((intOrPtr*)(_t186 + 0x28)) != r11b) goto 0x8ec7d297;
				E00007FF77FF78EC735D0( ~( *_t247 & 0xffffffff), _t186, _t186, _t219);
				r11d = 0;
				_t32 = _t243 + 0x30; // 0x30
				r8d = _t32;
				_t83 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x18)) + 0xf8))))));
				 *_t246 = _t83;
				if (( *_t247 & 0xffffffff) <= 0) goto 0x8ec7d34b;
				if (_t120 <= 0) goto 0x8ec7d2f5;
				_t84 = _t83 + r8w;
				_t139 = _t84 - 0x39;
				if (_t139 <= 0) goto 0x8ec7d2e2;
				 *_t219 = _t84 + (r15d << 5) + 7;
				_t121 = _t120 - 1;
				_t220 = _t219 + 1;
				if (_t139 >= 0) goto 0x8ec7d2c2;
				goto 0x8ec7d343;
				r9d = _a72;
				r8d = r8w & 0xffff;
				_t86 = E00007FF77FF78EC7DAF0(_t84 + (r15d << 5) + 7, _t7, _t186, _t247, 0 >> 4, _t217, _t220, _t224);
				r11d = 0;
				if (_t86 == 0) goto 0x8ec7d343;
				_t197 = _t220 - 1;
				if (0x47 != 0) goto 0x8ec7d328;
				 *_t197 = 0x30;
				_t198 = _t197 - 1;
				goto 0x8ec7d317;
				if (_t198 == _t246) goto 0x8ec7d340;
				if ( *_t197 != 0x39) goto 0x8ec7d338;
				bpl = bpl + 0x3a;
				goto 0x8ec7d33b;
				 *_t198 = bpl;
				goto 0x8ec7d343;
				 *((char*)(_t198 - 1)) =  *((char*)(_t198 - 1)) + 1;
				r15d = _a48;
				if (_t121 <= 0) goto 0x8ec7d36c;
				r8d = _t121;
				E00007FF77FF78EC6B7B0();
				r11d = 0;
				goto 0x8ec7d371;
				_t222 =  ==  ? _t246 : _t220 + _t186;
				r15b = r15b << 5;
				r15b = r15b + 0x50;
				 *_t222 = r15b;
				_t239 =  &(_t222[0]);
				_t170 =  *_t247 >> 0x34;
				if ( *_t246 - r11b >= 0) goto 0x8ec7d3a4;
				_t202 = _t245 - _t170;
				_t47 = _t170 + 2; // 0x2d
				_t90 =  <  ? _t47 : 0x2b;
				_t222[0] =  <  ? _t47 : 0x2b;
				 *_t239 = dil;
				if (_t202 - 0x3e8 < 0) goto 0x8ec7d3f8;
				_t231 =  &(_t239[0]);
				_t211 = (_t220 - _t245 >> 7) + (_t220 - _t245 >> 7 >> 0x3f);
				 *_t239 = _t217 + _t211;
				_t203 = _t202 + _t211 * 0xfffffc18;
				if (_t231 != _t239) goto 0x8ec7d3fe;
				if (_t203 - 0x64 < 0) goto 0x8ec7d431;
				_t214 = (_t211 + _t203 >> 6) + (_t211 + _t203 >> 6 >> 0x3f);
				 *_t231 = _t217 + _t214;
				_t232 =  &(_t231[0]);
				if (_t232 != _t239) goto 0x8ec7d437;
				if (_t203 + _t214 * 0xffffff9c - 0xa < 0) goto 0x8ec7d462;
				 *_t232 = _t217 + (_t214 >> 2) + (_t214 >> 2 >> 0x3f);
				_t233 =  &(_t232[0]);
				 *_t233 = 0x367 + dil;
				_t233[0] = r11b;
				return 0;
			}











































                                                                                                                                                              0x7ff78ec7d0d8
                                                                                                                                                              0x7ff78ec7d0d8
                                                                                                                                                              0x7ff78ec7d0d8
                                                                                                                                                              0x7ff78ec7d0d8
                                                                                                                                                              0x7ff78ec7d0d8
                                                                                                                                                              0x7ff78ec7d0d8
                                                                                                                                                              0x7ff78ec7d0dd
                                                                                                                                                              0x7ff78ec7d0e2
                                                                                                                                                              0x7ff78ec7d0fb
                                                                                                                                                              0x7ff78ec7d100
                                                                                                                                                              0x7ff78ec7d109
                                                                                                                                                              0x7ff78ec7d10c
                                                                                                                                                              0x7ff78ec7d10f
                                                                                                                                                              0x7ff78ec7d112
                                                                                                                                                              0x7ff78ec7d11b
                                                                                                                                                              0x7ff78ec7d11d
                                                                                                                                                              0x7ff78ec7d125
                                                                                                                                                              0x7ff78ec7d129
                                                                                                                                                              0x7ff78ec7d12e
                                                                                                                                                              0x7ff78ec7d131
                                                                                                                                                              0x7ff78ec7d134
                                                                                                                                                              0x7ff78ec7d13b
                                                                                                                                                              0x7ff78ec7d13f
                                                                                                                                                              0x7ff78ec7d144
                                                                                                                                                              0x7ff78ec7d14b
                                                                                                                                                              0x7ff78ec7d165
                                                                                                                                                              0x7ff78ec7d173
                                                                                                                                                              0x7ff78ec7d176
                                                                                                                                                              0x7ff78ec7d188
                                                                                                                                                              0x7ff78ec7d193
                                                                                                                                                              0x7ff78ec7d197
                                                                                                                                                              0x7ff78ec7d19f
                                                                                                                                                              0x7ff78ec7d1a4
                                                                                                                                                              0x7ff78ec7d1a8
                                                                                                                                                              0x7ff78ec7d1b4
                                                                                                                                                              0x7ff78ec7d1b6
                                                                                                                                                              0x7ff78ec7d1b9
                                                                                                                                                              0x7ff78ec7d1c3
                                                                                                                                                              0x7ff78ec7d1c6
                                                                                                                                                              0x7ff78ec7d1ce
                                                                                                                                                              0x7ff78ec7d1e4
                                                                                                                                                              0x7ff78ec7d1e6
                                                                                                                                                              0x7ff78ec7d1ea
                                                                                                                                                              0x7ff78ec7d1f7
                                                                                                                                                              0x7ff78ec7d1f9
                                                                                                                                                              0x7ff78ec7d1fb
                                                                                                                                                              0x7ff78ec7d208
                                                                                                                                                              0x7ff78ec7d20e
                                                                                                                                                              0x7ff78ec7d214
                                                                                                                                                              0x7ff78ec7d218
                                                                                                                                                              0x7ff78ec7d221
                                                                                                                                                              0x7ff78ec7d246
                                                                                                                                                              0x7ff78ec7d248
                                                                                                                                                              0x7ff78ec7d254
                                                                                                                                                              0x7ff78ec7d257
                                                                                                                                                              0x7ff78ec7d25e
                                                                                                                                                              0x7ff78ec7d260
                                                                                                                                                              0x7ff78ec7d263
                                                                                                                                                              0x7ff78ec7d269
                                                                                                                                                              0x7ff78ec7d26e
                                                                                                                                                              0x7ff78ec7d270
                                                                                                                                                              0x7ff78ec7d27c
                                                                                                                                                              0x7ff78ec7d281
                                                                                                                                                              0x7ff78ec7d286
                                                                                                                                                              0x7ff78ec7d293
                                                                                                                                                              0x7ff78ec7d293
                                                                                                                                                              0x7ff78ec7d2a5
                                                                                                                                                              0x7ff78ec7d2a7
                                                                                                                                                              0x7ff78ec7d2ae
                                                                                                                                                              0x7ff78ec7d2c7
                                                                                                                                                              0x7ff78ec7d2d5
                                                                                                                                                              0x7ff78ec7d2d9
                                                                                                                                                              0x7ff78ec7d2dd
                                                                                                                                                              0x7ff78ec7d2e2
                                                                                                                                                              0x7ff78ec7d2e4
                                                                                                                                                              0x7ff78ec7d2e6
                                                                                                                                                              0x7ff78ec7d2f1
                                                                                                                                                              0x7ff78ec7d2f3
                                                                                                                                                              0x7ff78ec7d2f5
                                                                                                                                                              0x7ff78ec7d2fd
                                                                                                                                                              0x7ff78ec7d307
                                                                                                                                                              0x7ff78ec7d30c
                                                                                                                                                              0x7ff78ec7d311
                                                                                                                                                              0x7ff78ec7d313
                                                                                                                                                              0x7ff78ec7d31e
                                                                                                                                                              0x7ff78ec7d320
                                                                                                                                                              0x7ff78ec7d323
                                                                                                                                                              0x7ff78ec7d326
                                                                                                                                                              0x7ff78ec7d32b
                                                                                                                                                              0x7ff78ec7d330
                                                                                                                                                              0x7ff78ec7d332
                                                                                                                                                              0x7ff78ec7d336
                                                                                                                                                              0x7ff78ec7d33b
                                                                                                                                                              0x7ff78ec7d33e
                                                                                                                                                              0x7ff78ec7d340
                                                                                                                                                              0x7ff78ec7d343
                                                                                                                                                              0x7ff78ec7d34d
                                                                                                                                                              0x7ff78ec7d34f
                                                                                                                                                              0x7ff78ec7d35f
                                                                                                                                                              0x7ff78ec7d367
                                                                                                                                                              0x7ff78ec7d36a
                                                                                                                                                              0x7ff78ec7d375
                                                                                                                                                              0x7ff78ec7d379
                                                                                                                                                              0x7ff78ec7d37d
                                                                                                                                                              0x7ff78ec7d381
                                                                                                                                                              0x7ff78ec7d384
                                                                                                                                                              0x7ff78ec7d38b
                                                                                                                                                              0x7ff78ec7d39c
                                                                                                                                                              0x7ff78ec7d3a1
                                                                                                                                                              0x7ff78ec7d3af
                                                                                                                                                              0x7ff78ec7d3b2
                                                                                                                                                              0x7ff78ec7d3b5
                                                                                                                                                              0x7ff78ec7d3b8
                                                                                                                                                              0x7ff78ec7d3c2
                                                                                                                                                              0x7ff78ec7d3ce
                                                                                                                                                              0x7ff78ec7d3e0
                                                                                                                                                              0x7ff78ec7d3e6
                                                                                                                                                              0x7ff78ec7d3f0
                                                                                                                                                              0x7ff78ec7d3f6
                                                                                                                                                              0x7ff78ec7d3fc
                                                                                                                                                              0x7ff78ec7d419
                                                                                                                                                              0x7ff78ec7d41f
                                                                                                                                                              0x7ff78ec7d422
                                                                                                                                                              0x7ff78ec7d42f
                                                                                                                                                              0x7ff78ec7d435
                                                                                                                                                              0x7ff78ec7d455
                                                                                                                                                              0x7ff78ec7d458
                                                                                                                                                              0x7ff78ec7d465
                                                                                                                                                              0x7ff78ec7d468
                                                                                                                                                              0x7ff78ec7d48b

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: gfffffff
                                                                                                                                                              • API String ID: 0-1523873471
                                                                                                                                                              • Opcode ID: 8ee43a9b21c337af84c38aa11b89f1f538431f216f0265c1ebdbcf84e6c0f447
                                                                                                                                                              • Instruction ID: b81af03fc425ce4bfbcfeafe5dfec709699877af551257f663c19408ab8d3285
                                                                                                                                                              • Opcode Fuzzy Hash: 8ee43a9b21c337af84c38aa11b89f1f538431f216f0265c1ebdbcf84e6c0f447
                                                                                                                                                              • Instruction Fuzzy Hash: 44A15662F083C686EB21DB69D8007AEBBA1BB52B84F658131DE8D47785DF3DE901C711
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7744C Relevance: 1.4, Strings: 1, Instructions: 177COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                              			E00007FF77FF78EC7744C(long long __rbx, void* __rcx, void* __rdx, long long __rsi) {
				void* _t14;
				void* _t22;
				intOrPtr* _t53;
				signed long long _t55;
				void* _t72;
				long long _t85;
				intOrPtr* _t89;
				void* _t93;
				void* _t94;
				long long _t96;
				signed long long _t98;
				signed long long _t99;
				void* _t101;

				_t71 = __rdx;
				_t53 = _t89;
				 *((long long*)(_t53 + 0x10)) = __rbx;
				 *((long long*)(_t53 + 0x18)) = _t85;
				 *((long long*)(_t53 + 0x20)) = __rsi;
				_t94 = __rdx;
				r13d = 0;
				 *((long long*)(_t53 + 8)) = _t96;
				_t14 = E00007FF77FF78EC80A48();
				if (_t14 == 0) goto 0x8ec77499;
				if (_t14 == 0x16) goto 0x8ec77655;
				goto 0x8ec774ee;
				if ( *((intOrPtr*)(_t89 - 0x30 + 0x60)) == 0) goto 0x8ec774ee;
				if (E00007FF77FF78EC80AF4(0,  *((intOrPtr*)(_t89 - 0x30 + 0x60))) != 0) goto 0x8ec774bc;
				_t58 = _t96;
				goto 0x8ec77525;
				E00007FF77FF78EC77780(_t96, _t96, __rdx,  *((intOrPtr*)(_t89 - 0x30 + 0x60)), _t101);
				if (_t53 == 0) goto 0x8ec774e6;
				if (E00007FF77FF78EC80AF4(0, _t53) != 0) goto 0x8ec774e6;
				E00007FF77FF78EC7A2B8(_t53, _t53);
				goto 0x8ec77525;
				E00007FF77FF78EC7A2B8(_t53, _t53);
				if (_t53 == 0) goto 0x8ec77506;
				if (E00007FF77FF78EC80AF4(0, _t53) != 0) goto 0x8ec77506;
				goto 0x8ec77522;
				if (E00007FF77FF78EC80AF4(0, 0x8ec9170c) == 0) goto 0x8ec77522;
				_t22 = E00007FF77FF78EC7A2B8(_t53, _t96);
				_t99 = _t98 | 0xffffffff;
				if (_t94 == 0) goto 0x8ec77545;
				if ( *((intOrPtr*)(_t94 + (_t99 + 1) * 2)) != r13w) goto 0x8ec77539;
				goto 0x8ec77548;
				_t55 = _t99 + 1;
				if ( *((intOrPtr*)(0x8ec91710 + _t55 * 2)) != r13w) goto 0x8ec7754b;
				r15d = _t22 + 0xc + r13d;
				0x8ec73ed0(_t98, _t96, _t93, _t72);
				if (_t55 != 0) goto 0x8ec7759f;
				E00007FF77FF78EC73ED8(0, _t58, _t71, 0x8ec91718);
				E00007FF77FF78EC7A2B8(_t55, _t96);
				return 0;
			}
















                                                                                                                                                              0x7ff78ec7744c
                                                                                                                                                              0x7ff78ec7744c
                                                                                                                                                              0x7ff78ec7744f
                                                                                                                                                              0x7ff78ec77453
                                                                                                                                                              0x7ff78ec77457
                                                                                                                                                              0x7ff78ec77468
                                                                                                                                                              0x7ff78ec77475
                                                                                                                                                              0x7ff78ec7747a
                                                                                                                                                              0x7ff78ec77482
                                                                                                                                                              0x7ff78ec77489
                                                                                                                                                              0x7ff78ec7748e
                                                                                                                                                              0x7ff78ec77497
                                                                                                                                                              0x7ff78ec774a1
                                                                                                                                                              0x7ff78ec774af
                                                                                                                                                              0x7ff78ec774b7
                                                                                                                                                              0x7ff78ec774ba
                                                                                                                                                              0x7ff78ec774bf
                                                                                                                                                              0x7ff78ec774ca
                                                                                                                                                              0x7ff78ec774d8
                                                                                                                                                              0x7ff78ec774dc
                                                                                                                                                              0x7ff78ec774e4
                                                                                                                                                              0x7ff78ec774e9
                                                                                                                                                              0x7ff78ec774f1
                                                                                                                                                              0x7ff78ec774ff
                                                                                                                                                              0x7ff78ec77504
                                                                                                                                                              0x7ff78ec77519
                                                                                                                                                              0x7ff78ec77528
                                                                                                                                                              0x7ff78ec7752d
                                                                                                                                                              0x7ff78ec77534
                                                                                                                                                              0x7ff78ec77541
                                                                                                                                                              0x7ff78ec77543
                                                                                                                                                              0x7ff78ec7754b
                                                                                                                                                              0x7ff78ec77553
                                                                                                                                                              0x7ff78ec77561
                                                                                                                                                              0x7ff78ec77564
                                                                                                                                                              0x7ff78ec7756f
                                                                                                                                                              0x7ff78ec77573
                                                                                                                                                              0x7ff78ec7757b
                                                                                                                                                              0x7ff78ec7759e

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: TMP
                                                                                                                                                              • API String ID: 3215553584-3125297090
                                                                                                                                                              • Opcode ID: a37830abfd5b82deee67798d3e499572394b8c338e990cb5e406d0ad11f26401
                                                                                                                                                              • Instruction ID: 82e2e19c47ee0b980e52ba3a68a9b416db3eaac5dccb06695d535616d15418b4
                                                                                                                                                              • Opcode Fuzzy Hash: a37830abfd5b82deee67798d3e499572394b8c338e990cb5e406d0ad11f26401
                                                                                                                                                              • Instruction Fuzzy Hash: 0251B011F1A21A41FAA4BBAADD0157AD291BF45BC5FE88034DE0E437D6EF3CE452C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC82930 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC82930(long long __rax) {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x8ecad280 = __rax;
				return _t3 & 0xffffff00 | __rax != 0x00000000;
			}




                                                                                                                                                              0x7ff78ec82934
                                                                                                                                                              0x7ff78ec8293d
                                                                                                                                                              0x7ff78ec8294b

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                              • Opcode ID: 8318c770c4f45aa055814d428635f7f45cbec4c4c558b65e31452e9551a3ff8c
                                                                                                                                                              • Instruction ID: 85f583ab47f7ffb91d493fc69fa46d431868c95fad0544247b09321efebb1d1c
                                                                                                                                                              • Opcode Fuzzy Hash: 8318c770c4f45aa055814d428635f7f45cbec4c4c558b65e31452e9551a3ff8c
                                                                                                                                                              • Instruction Fuzzy Hash: 2AB09220E07B02C2EA883B92AD8661862A57F58B11FE90138C40C40320DF3CA4E5E720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC71FE4 Relevance: .3, Instructions: 345COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FF77FF78EC71FE4(void* __edi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v68;
				char _v70;
				signed int _v72;
				long long _v88;
				void* __rbp;
				intOrPtr _t120;
				void* _t123;
				unsigned int _t164;
				signed char _t165;
				unsigned int _t172;
				intOrPtr _t191;
				void* _t192;
				void* _t200;
				signed long long _t267;
				void* _t283;
				intOrPtr* _t287;
				intOrPtr* _t290;
				signed int* _t305;
				void* _t308;
				void* _t312;
				void* _t313;
				void* _t328;
				intOrPtr* _t330;

				_t307 = __rsi;
				_t192 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t312 = _t313;
				_t267 =  *0x8ec9d000; // 0xa1f108556e84
				_v56 = _t267 ^ _t313 - 0x00000050;
				_t120 =  *((intOrPtr*)(__rcx + 0x39));
				_t283 = __rcx;
				r13d = 1;
				dil = 0x78;
				r14b = 0x58;
				r15b = 0x41;
				_t200 = _t120 - 0x64;
				if (_t200 > 0) goto 0x8ec72087;
				if (_t200 == 0) goto 0x8ec720ea;
				if (_t120 == r15b) goto 0x8ec720f7;
				if (_t120 == 0x43) goto 0x8ec7206a;
				if (_t120 - 0x44 <= 0) goto 0x8ec72100;
				if (_t120 - 0x47 <= 0) goto 0x8ec720f7;
				if (_t120 == 0x53) goto 0x8ec720ac;
				if (_t120 == r14b) goto 0x8ec7207d;
				if (_t120 == 0x5a) goto 0x8ec72076;
				if (_t120 == 0x61) goto 0x8ec720f7;
				if (_t120 != 0x63) goto 0x8ec72100;
				E00007FF77FF78EC731E0(_t120, _t120 - 0x63, __rcx);
				goto 0x8ec720fc;
				E00007FF77FF78EC72C40(__rcx);
				goto 0x8ec720fc;
				_t123 = E00007FF77FF78EC703AC(r13b, __rcx, __rcx, __rsi, _t312);
				goto 0x8ec720fc;
				if (_t123 - 0x67 <= 0) goto 0x8ec720f7;
				if (_t123 == 0x69) goto 0x8ec720ea;
				if (_t123 == 0x6e) goto 0x8ec720e3;
				if (_t123 == 0x6f) goto 0x8ec720c3;
				if (_t123 == 0x70) goto 0x8ec720b3;
				if (_t123 == 0x73) goto 0x8ec720ac;
				if (_t123 == 0x75) goto 0x8ec720ee;
				if (_t123 != dil) goto 0x8ec72100;
				goto 0x8ec72080;
				E00007FF77FF78EC7341C(__rcx);
				goto 0x8ec720fc;
				 *((intOrPtr*)(__rcx + 0x30)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x34)) = 0xb;
				goto 0x8ec7207d;
				_t164 =  *(__rcx + 0x28);
				if ((r13b & _t164 >> 0x00000005) == 0) goto 0x8ec720d7;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x28) = _t164;
				E00007FF77FF78EC6FC04(0, __rcx, __rcx, _t307, _t312);
				goto 0x8ec720fc;
				E00007FF77FF78EC73368(__rcx, __rcx);
				goto 0x8ec720fc;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) | 0x00000010;
				E00007FF77FF78EC6FFD8(0, __rcx, __rcx, _t307, _t312);
				goto 0x8ec720fc;
				if (E00007FF77FF78EC72D34(0, _t192, __rcx, __rcx, _t307, _t312) != 0) goto 0x8ec72107;
				goto 0x8ec723ed;
				if ( *((char*)(__rcx + 0x38)) != 0) goto 0x8ec723ea;
				_t165 =  *(__rcx + 0x28);
				_v72 = 0;
				_v70 = 0;
				if ((r13b & 0) == 0) goto 0x8ec72154;
				if ((r13b & 0) == 0) goto 0x8ec72139;
				_v72 = 0x2d;
				goto 0x8ec72151;
				if ((r13b & _t165) == 0) goto 0x8ec72144;
				_v72 = 0x2b;
				goto 0x8ec72151;
				if ((r13b & 0) == 0) goto 0x8ec72154;
				_v72 = 0x20;
				_t308 = _t328;
				_t191 =  *((intOrPtr*)(__rcx + 0x39));
				if ((_t191 - r14b & 0x000000df) != 0) goto 0x8ec7216f;
				if ((r13b & _t165 >> 0x00000005) == 0) goto 0x8ec7216f;
				r8b = r13b;
				goto 0x8ec72172;
				r8b = 0;
				if (r8b != 0) goto 0x8ec72185;
				if ((_t191 - r15b & 0xffffff00 | (_t191 - r15b & 0x000000df) == 0x00000000) == 0) goto 0x8ec721a0;
				 *((char*)(_t312 + _t308 - 0x20)) = 0x30;
				if (_t191 == r14b) goto 0x8ec72194;
				if (_t191 != r15b) goto 0x8ec72197;
				dil = r14b;
				 *((intOrPtr*)(_t312 + _t308 - 0x1f)) = dil;
				r15d =  *((intOrPtr*)(__rcx + 0x2c));
				r15d = r15d -  *((intOrPtr*)(__rcx + 0x48));
				r15d = r15d;
				if ((_t165 & 0x0000000c) != 0) goto 0x8ec72210;
				if (r15d <= 0) goto 0x8ec72210;
				if ((r13b &  *( *((intOrPtr*)(__rcx + 0x460)) + 0x14) >> 0x0000000c) == 0) goto 0x8ec721db;
				if ( *((long long*)( *((intOrPtr*)(__rcx + 0x460)) + 8)) == 0) goto 0x8ec721f4;
				if (E00007FF77FF78EC7E230(0x20,  *((long long*)( *((intOrPtr*)(__rcx + 0x460)) + 8)),  *((intOrPtr*)(__rcx + 0x460))) == 0xffffffff) goto 0x8ec7220c;
				 *(__rcx + 0x20) = __rcx + 1;
				if ( *(__rcx + 0x20) == 0xfffffffe) goto 0x8ec72210;
				if (0 + r13d - r15d < 0) goto 0x8ec721bb;
				goto 0x8ec72210;
				 *(__rcx + 0x20) =  *(__rcx + 0x20) | 0xffffffff;
				_t60 = _t283 + 0x460; // 0x4a1
				_t330 = _t60;
				_t61 = _t283 + 0x20; // 0x61
				_t305 = _t61;
				if ((r13b &  *( *_t330 + 0x14) >> 0x0000000c) == 0) goto 0x8ec7223b;
				if ( *((long long*)( *_t330 + 8)) != 0) goto 0x8ec7223b;
				 *_t305 =  *_t305;
				goto 0x8ec72252;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				_t67 =  &_v72; // -31
				r8d = 0;
				_t287 = _t330;
				E00007FF77FF78EC73830(__rcx, _t287, _t67, _t308 + 2, _t312, _t305);
				_t172 =  *(__rcx + 0x28);
				if ((r13b & _t172 >> 0x00000003) == 0) goto 0x8ec722b8;
				if ((r13b & _t172 >> 0x00000002) != 0) goto 0x8ec722b8;
				if (r15d <= 0) goto 0x8ec722b8;
				if ((r13b &  *( *_t330 + 0x14) >> 0x0000000c) == 0) goto 0x8ec7228a;
				if ( *((long long*)( *_t330 + 8)) == 0) goto 0x8ec7229f;
				if (E00007FF77FF78EC7E230(0x30,  *((long long*)( *_t330 + 8)),  *_t330) == 0xffffffff) goto 0x8ec722b5;
				 *_t305 = _t287 + 1;
				if ( *_t305 == 0xfffffffe) goto 0x8ec722b8;
				if (0 + r13d - r15d < 0) goto 0x8ec72272;
				goto 0x8ec722b8;
				 *_t305 =  *_t305 | 0xffffffff;
				if ( *((char*)(__rcx + 0x4c)) == 0) goto 0x8ec7234d;
				if ( *((intOrPtr*)(__rcx + 0x48)) <= 0) goto 0x8ec7234d;
				_t83 =  &_v68; // -27
				r9d =  *( *(__rcx + 0x40)) & 0x0000ffff;
				_t84 =  &_v72; // -31
				_v72 = _v72 & 0x00000000;
				r8d = 6;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				if (E00007FF77FF78EC7DEF0( *((intOrPtr*)(__rcx + 8)), __rcx, _t84, _t83, _t312,  *((intOrPtr*)(__rcx + 8))) != 0) goto 0x8ec72348;
				r8d = _v72;
				if (r8d == 0) goto 0x8ec72348;
				if ((r13b &  *( *_t330 + 0x14) >> 0x0000000c) == 0) goto 0x8ec7232a;
				if ( *((long long*)( *_t330 + 8)) != 0) goto 0x8ec7232a;
				 *_t305 =  *_t305 + r8d;
				goto 0x8ec7233e;
				_v88 =  *((intOrPtr*)(_t283 + 8));
				_t96 =  &_v68; // -27
				E00007FF77FF78EC73830(_t283, _t330, _t96, _t308 + 2, _t312, _t305);
				if (0 + r13d !=  *(_t283 + 0x48)) goto 0x8ec722d2;
				goto 0x8ec72389;
				 *_t305 =  *_t305 | 0xffffffff;
				goto 0x8ec72389;
				r8d =  *(_t283 + 0x48);
				if ((r13b &  *( *_t330 + 0x14) >> 0x0000000c) == 0) goto 0x8ec72376;
				if ( *((long long*)( *_t330 + 8)) != 0) goto 0x8ec72376;
				 *_t305 =  *_t305 + r8d;
				goto 0x8ec72389;
				_v88 =  *((intOrPtr*)(_t283 + 8));
				_t290 = _t330;
				E00007FF77FF78EC73830(_t283, _t290,  *((intOrPtr*)(_t283 + 0x40)), _t308 + 2, _t312, _t305);
				if ( *_t305 < 0) goto 0x8ec723ea;
				if ((r13b &  *(_t283 + 0x28) >> 0x00000002) == 0) goto 0x8ec723ea;
				if (r15d <= 0) goto 0x8ec723ea;
				if ((r13b &  *( *_t330 + 0x14) >> 0x0000000c) == 0) goto 0x8ec723bc;
				if ( *((long long*)( *_t330 + 8)) == 0) goto 0x8ec723d1;
				if (E00007FF77FF78EC7E230(0x20,  *((long long*)( *_t330 + 8)),  *_t330) == 0xffffffff) goto 0x8ec723e7;
				 *_t305 = _t290 + 1;
				if ( *_t305 == 0xfffffffe) goto 0x8ec723ea;
				if (0 + r13d - r15d < 0) goto 0x8ec723a4;
				goto 0x8ec723ea;
				 *_t305 =  *_t305 | 0xffffffff;
				return E00007FF77FF78EC6A040(r13b,  *_t305, _v56 ^ _t313 - 0x00000050);
			}




























                                                                                                                                                              0x7ff78ec71fe4
                                                                                                                                                              0x7ff78ec71fe4
                                                                                                                                                              0x7ff78ec71fe4
                                                                                                                                                              0x7ff78ec71fe9
                                                                                                                                                              0x7ff78ec71fee
                                                                                                                                                              0x7ff78ec71ffc
                                                                                                                                                              0x7ff78ec72003
                                                                                                                                                              0x7ff78ec7200d
                                                                                                                                                              0x7ff78ec72011
                                                                                                                                                              0x7ff78ec72014
                                                                                                                                                              0x7ff78ec72017
                                                                                                                                                              0x7ff78ec7201d
                                                                                                                                                              0x7ff78ec72020
                                                                                                                                                              0x7ff78ec72023
                                                                                                                                                              0x7ff78ec72026
                                                                                                                                                              0x7ff78ec72028
                                                                                                                                                              0x7ff78ec7202a
                                                                                                                                                              0x7ff78ec72033
                                                                                                                                                              0x7ff78ec7203b
                                                                                                                                                              0x7ff78ec7203f
                                                                                                                                                              0x7ff78ec72047
                                                                                                                                                              0x7ff78ec7204f
                                                                                                                                                              0x7ff78ec72054
                                                                                                                                                              0x7ff78ec72058
                                                                                                                                                              0x7ff78ec7205c
                                                                                                                                                              0x7ff78ec72064
                                                                                                                                                              0x7ff78ec7206c
                                                                                                                                                              0x7ff78ec72071
                                                                                                                                                              0x7ff78ec72076
                                                                                                                                                              0x7ff78ec7207b
                                                                                                                                                              0x7ff78ec72080
                                                                                                                                                              0x7ff78ec72085
                                                                                                                                                              0x7ff78ec72089
                                                                                                                                                              0x7ff78ec7208d
                                                                                                                                                              0x7ff78ec72091
                                                                                                                                                              0x7ff78ec72095
                                                                                                                                                              0x7ff78ec72099
                                                                                                                                                              0x7ff78ec7209d
                                                                                                                                                              0x7ff78ec720a1
                                                                                                                                                              0x7ff78ec720a6
                                                                                                                                                              0x7ff78ec720aa
                                                                                                                                                              0x7ff78ec720ac
                                                                                                                                                              0x7ff78ec720b1
                                                                                                                                                              0x7ff78ec720b3
                                                                                                                                                              0x7ff78ec720ba
                                                                                                                                                              0x7ff78ec720c1
                                                                                                                                                              0x7ff78ec720c3
                                                                                                                                                              0x7ff78ec720ce
                                                                                                                                                              0x7ff78ec720d0
                                                                                                                                                              0x7ff78ec720d4
                                                                                                                                                              0x7ff78ec720dc
                                                                                                                                                              0x7ff78ec720e1
                                                                                                                                                              0x7ff78ec720e3
                                                                                                                                                              0x7ff78ec720e8
                                                                                                                                                              0x7ff78ec720ea
                                                                                                                                                              0x7ff78ec720f0
                                                                                                                                                              0x7ff78ec720f5
                                                                                                                                                              0x7ff78ec720fe
                                                                                                                                                              0x7ff78ec72102
                                                                                                                                                              0x7ff78ec7210b
                                                                                                                                                              0x7ff78ec72111
                                                                                                                                                              0x7ff78ec72116
                                                                                                                                                              0x7ff78ec7211c
                                                                                                                                                              0x7ff78ec72127
                                                                                                                                                              0x7ff78ec72131
                                                                                                                                                              0x7ff78ec72133
                                                                                                                                                              0x7ff78ec72137
                                                                                                                                                              0x7ff78ec7213c
                                                                                                                                                              0x7ff78ec7213e
                                                                                                                                                              0x7ff78ec72142
                                                                                                                                                              0x7ff78ec7214b
                                                                                                                                                              0x7ff78ec7214d
                                                                                                                                                              0x7ff78ec72151
                                                                                                                                                              0x7ff78ec72154
                                                                                                                                                              0x7ff78ec7215e
                                                                                                                                                              0x7ff78ec72168
                                                                                                                                                              0x7ff78ec7216a
                                                                                                                                                              0x7ff78ec7216d
                                                                                                                                                              0x7ff78ec7216f
                                                                                                                                                              0x7ff78ec7217f
                                                                                                                                                              0x7ff78ec72183
                                                                                                                                                              0x7ff78ec72185
                                                                                                                                                              0x7ff78ec7218d
                                                                                                                                                              0x7ff78ec72192
                                                                                                                                                              0x7ff78ec72194
                                                                                                                                                              0x7ff78ec72197
                                                                                                                                                              0x7ff78ec721a0
                                                                                                                                                              0x7ff78ec721a4
                                                                                                                                                              0x7ff78ec721a8
                                                                                                                                                              0x7ff78ec721ae
                                                                                                                                                              0x7ff78ec721b9
                                                                                                                                                              0x7ff78ec721cb
                                                                                                                                                              0x7ff78ec721d9
                                                                                                                                                              0x7ff78ec721f2
                                                                                                                                                              0x7ff78ec721fa
                                                                                                                                                              0x7ff78ec72200
                                                                                                                                                              0x7ff78ec72208
                                                                                                                                                              0x7ff78ec7220a
                                                                                                                                                              0x7ff78ec7220c
                                                                                                                                                              0x7ff78ec72214
                                                                                                                                                              0x7ff78ec72214
                                                                                                                                                              0x7ff78ec7221e
                                                                                                                                                              0x7ff78ec7221e
                                                                                                                                                              0x7ff78ec7222b
                                                                                                                                                              0x7ff78ec72235
                                                                                                                                                              0x7ff78ec72237
                                                                                                                                                              0x7ff78ec72239
                                                                                                                                                              0x7ff78ec7223b
                                                                                                                                                              0x7ff78ec72243
                                                                                                                                                              0x7ff78ec72247
                                                                                                                                                              0x7ff78ec7224a
                                                                                                                                                              0x7ff78ec7224d
                                                                                                                                                              0x7ff78ec72252
                                                                                                                                                              0x7ff78ec7225d
                                                                                                                                                              0x7ff78ec72265
                                                                                                                                                              0x7ff78ec72270
                                                                                                                                                              0x7ff78ec7227e
                                                                                                                                                              0x7ff78ec72288
                                                                                                                                                              0x7ff78ec7229d
                                                                                                                                                              0x7ff78ec722a4
                                                                                                                                                              0x7ff78ec722a9
                                                                                                                                                              0x7ff78ec722b1
                                                                                                                                                              0x7ff78ec722b3
                                                                                                                                                              0x7ff78ec722b5
                                                                                                                                                              0x7ff78ec722bc
                                                                                                                                                              0x7ff78ec722c6
                                                                                                                                                              0x7ff78ec722d6
                                                                                                                                                              0x7ff78ec722da
                                                                                                                                                              0x7ff78ec722df
                                                                                                                                                              0x7ff78ec722e3
                                                                                                                                                              0x7ff78ec722ec
                                                                                                                                                              0x7ff78ec722f2
                                                                                                                                                              0x7ff78ec722fe
                                                                                                                                                              0x7ff78ec72300
                                                                                                                                                              0x7ff78ec72307
                                                                                                                                                              0x7ff78ec72319
                                                                                                                                                              0x7ff78ec72323
                                                                                                                                                              0x7ff78ec72325
                                                                                                                                                              0x7ff78ec72328
                                                                                                                                                              0x7ff78ec7232a
                                                                                                                                                              0x7ff78ec72332
                                                                                                                                                              0x7ff78ec72339
                                                                                                                                                              0x7ff78ec72344
                                                                                                                                                              0x7ff78ec72346
                                                                                                                                                              0x7ff78ec72348
                                                                                                                                                              0x7ff78ec7234b
                                                                                                                                                              0x7ff78ec72354
                                                                                                                                                              0x7ff78ec72365
                                                                                                                                                              0x7ff78ec7236f
                                                                                                                                                              0x7ff78ec72371
                                                                                                                                                              0x7ff78ec72374
                                                                                                                                                              0x7ff78ec72376
                                                                                                                                                              0x7ff78ec72381
                                                                                                                                                              0x7ff78ec72384
                                                                                                                                                              0x7ff78ec7238c
                                                                                                                                                              0x7ff78ec72397
                                                                                                                                                              0x7ff78ec723a2
                                                                                                                                                              0x7ff78ec723b0
                                                                                                                                                              0x7ff78ec723ba
                                                                                                                                                              0x7ff78ec723cf
                                                                                                                                                              0x7ff78ec723d6
                                                                                                                                                              0x7ff78ec723db
                                                                                                                                                              0x7ff78ec723e3
                                                                                                                                                              0x7ff78ec723e5
                                                                                                                                                              0x7ff78ec723e7
                                                                                                                                                              0x7ff78ec72416

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 01b4ebd5f042ebb0c064ed8103ee719a8e8f0b23208b948f62020c7050f0d0b3
                                                                                                                                                              • Instruction ID: c7b631d6322ffc0ebcc2794fb2ac75fdf053d41d7c8f30cfe4c59e43eef48984
                                                                                                                                                              • Opcode Fuzzy Hash: 01b4ebd5f042ebb0c064ed8103ee719a8e8f0b23208b948f62020c7050f0d0b3
                                                                                                                                                              • Instruction Fuzzy Hash: 0FE1C3A2D0864286EB6CAAADC94437DA7E1FB04B58FA44235DE5D473D5CF39E842C321
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC727E4 Relevance: .3, Instructions: 339COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                              			E00007FF77FF78EC727E4(long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				short _v64;
				short _v68;
				signed short _v72;
				long long _v88;
				void* __rdi;
				signed int _t124;
				void* _t127;
				void* _t159;
				void* _t166;
				unsigned int _t167;
				signed char _t168;
				signed int _t179;
				signed short _t191;
				void* _t194;
				void* _t198;
				signed long long _t259;
				long long _t277;
				long long _t279;
				long long _t280;
				intOrPtr* _t282;
				intOrPtr _t286;
				intOrPtr* _t288;
				signed long long _t294;
				intOrPtr _t297;
				intOrPtr _t299;
				void* _t301;
				signed int* _t302;
				long long _t305;
				void* _t307;
				signed long long _t308;
				intOrPtr _t311;
				signed long long _t318;
				void* _t319;
				intOrPtr* _t321;

				_t305 = __rbp;
				_t303 = __rsi;
				_t279 = __rcx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t308 = _t307 - 0x50;
				_t259 =  *0x8ec9d000; // 0xa1f108556e84
				_v56 = _t259 ^ _t308;
				_t124 =  *(__rcx + 0x3a) & 0x0000ffff;
				_t277 = __rcx;
				_t6 = _t301 - 0x20; // 0x58
				_t191 = _t6;
				_t7 = _t301 - 0x77; // 0x1
				r12d = _t7;
				_t198 = _t124 - 0x64;
				if (_t198 > 0) goto 0x8ec7289a;
				if (_t198 == 0) goto 0x8ec7290b;
				if (_t124 == 0x41) goto 0x8ec72918;
				if (_t124 == 0x43) goto 0x8ec72877;
				if (_t124 - 0x44 <= 0) goto 0x8ec72923;
				if (_t124 - 0x47 <= 0) goto 0x8ec72918;
				if (_t124 == 0x53) goto 0x8ec728cd;
				if (_t124 == _t191) goto 0x8ec7288d;
				if (_t124 == 0x5a) goto 0x8ec72883;
				if (_t124 == 0x61) goto 0x8ec72918;
				if (_t124 != 0x63) goto 0x8ec72923;
				E00007FF77FF78EC732A4(_t124 - 0x63, __rcx, __rcx, __rsi);
				goto 0x8ec7291d;
				E00007FF77FF78EC72CB8(_t166, __rcx, __rcx, _t303);
				goto 0x8ec7291d;
				_t127 = E00007FF77FF78EC70594(r12b, __rcx, __rcx, _t303, __rbp);
				goto 0x8ec7291d;
				if (_t127 - 0x67 <= 0) goto 0x8ec72918;
				if (_t127 == 0x69) goto 0x8ec7290b;
				if (_t127 == 0x6e) goto 0x8ec72904;
				if (_t127 == 0x6f) goto 0x8ec728e4;
				if (_t127 == 0x70) goto 0x8ec728d4;
				if (_t127 == 0x73) goto 0x8ec728cd;
				if (_t127 == 0x75) goto 0x8ec7290f;
				if (_t127 != 0x78) goto 0x8ec72923;
				goto 0x8ec72890;
				E00007FF77FF78EC734B4(__rcx, __rcx, _t303);
				goto 0x8ec7291d;
				 *((intOrPtr*)(_t279 + 0x30)) = 0x10;
				 *((intOrPtr*)(_t279 + 0x34)) = 0xb;
				goto 0x8ec7288d;
				_t167 =  *(_t279 + 0x28);
				if ((r12b & _t167 >> 0x00000005) == 0) goto 0x8ec728f8;
				asm("bts ecx, 0x7");
				 *(_t277 + 0x28) = _t167;
				_t280 = _t277;
				E00007FF77FF78EC6FDEC(0, _t277, _t280, _t303, _t305);
				goto 0x8ec7291d;
				E00007FF77FF78EC73368(_t277, _t280);
				goto 0x8ec7291d;
				 *(_t280 + 0x28) =  *(_t280 + 0x28) | 0x00000010;
				E00007FF77FF78EC701C0(0, _t277, _t280, _t303, _t305);
				goto 0x8ec7291d;
				if (E00007FF77FF78EC72F80(0, 0x78, _t277, _t280, _t305) != 0) goto 0x8ec7292a;
				goto 0x8ec72c15;
				if ( *((intOrPtr*)(_t277 + 0x38)) != bpl) goto 0x8ec72c12;
				_t168 =  *(_t277 + 0x28);
				_v68 = 0;
				_v64 = 0;
				r13d = 0x20;
				if ((r12b & 0) == 0) goto 0x8ec72988;
				if ((r12b & 0) == 0) goto 0x8ec7296a;
				_v68 = _t319 + 0xd;
				goto 0x8ec72985;
				if ((r12b & _t168) == 0) goto 0x8ec72976;
				goto 0x8ec72963;
				if ((r12b & 0) == 0) goto 0x8ec72988;
				_v68 = r13w;
				_t294 = _t318;
				r8d =  *(_t277 + 0x3a) & 0x0000ffff;
				r10d = 0xffdf;
				if ((r10w & (r8w & 0xffffffff) - _t191) != 0) goto 0x8ec729ad;
				r9b = r12b;
				if ((r12b & 0) != 0) goto 0x8ec729b0;
				r9b = bpl;
				r15d = 0x30;
				if (r9b != 0) goto 0x8ec729ca;
				if (0 == 0) goto 0x8ec729e9;
				 *((intOrPtr*)(_t308 + 0x34 + _t294 * 2)) = r15w;
				if (r8w == _t191) goto 0x8ec729dd;
				if (r8w != 0x41) goto 0x8ec729e0;
				 *((short*)(_t308 + 0x36 + _t294 * 2)) = _t191 & 0x0000ffff;
				_t194 =  *((intOrPtr*)(_t277 + 0x2c)) -  *(_t277 + 0x48);
				if ((_t168 & 0x0000000c) != 0) goto 0x8ec72a56;
				r9d = 0;
				if (_t194 <= 0) goto 0x8ec72a56;
				_t311 =  *((intOrPtr*)(_t277 + 0x460));
				if ( *((intOrPtr*)(_t311 + 0x10)) !=  *((intOrPtr*)(_t311 + 8))) goto 0x8ec72a23;
				if ( *((intOrPtr*)(_t311 + 0x18)) == bpl) goto 0x8ec72a1b;
				goto 0x8ec72a1e;
				 *(_t277 + 0x20) =  *(_t277 + 0x20) + 0x00000001 | 0xffffffff;
				goto 0x8ec72a49;
				 *(_t277 + 0x20) = _t280 + 1;
				 *((intOrPtr*)(_t311 + 0x10)) =  *((intOrPtr*)(_t311 + 0x10)) + _t318;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t277 + 0x460)))))) = r13w;
				 *((long long*)( *((intOrPtr*)(_t277 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t277 + 0x460)))) + 2;
				if ( *(_t277 + 0x20) == 0xffffffff) goto 0x8ec72a56;
				r9d = r9d + r12d;
				if (r9d - _t194 < 0) goto 0x8ec72a00;
				_t302 = _t277 + 0x20;
				r8d = 0;
				_v88 =  *((intOrPtr*)(_t277 + 8));
				_t321 = _t277 + 0x460;
				_t282 = _t321;
				E00007FF77FF78EC73788(_t280 + 1, _t194, _t277, _t282, _t303, _t305, _t302);
				if ((r12b & 0) == 0) goto 0x8ec72ae2;
				if ((r12b &  *(_t277 + 0x28) >> 0x00000002) != 0) goto 0x8ec72ae2;
				r8d = 0;
				if (_t194 <= 0) goto 0x8ec72ae2;
				_t297 =  *_t321;
				if ( *((intOrPtr*)(_t297 + 0x10)) !=  *((intOrPtr*)(_t297 + 8))) goto 0x8ec72ab9;
				if ( *((intOrPtr*)(_t297 + 0x18)) == bpl) goto 0x8ec72ab2;
				goto 0x8ec72ab5;
				 *_t302 =  *_t302 + 0x00000001 | 0xffffffff;
				goto 0x8ec72ad5;
				 *_t302 = _t282 + 1;
				 *((intOrPtr*)(_t297 + 0x10)) =  *((intOrPtr*)(_t297 + 0x10)) + _t318;
				 *((intOrPtr*)( *((intOrPtr*)( *_t321)))) = r15w;
				 *((long long*)( *_t321)) =  *((long long*)( *_t321)) + 2;
				if ( *_t302 == 0xffffffff) goto 0x8ec72ae2;
				r8d = r8d + r12d;
				if (r8d - _t194 < 0) goto 0x8ec72a9b;
				if ( *((intOrPtr*)(_t277 + 0x4c)) != bpl) goto 0x8ec72bc4;
				if ( *(_t277 + 0x48) <= 0) goto 0x8ec72bc4;
				_t320 =  *((intOrPtr*)(_t277 + 8));
				if ( *((intOrPtr*)( *((intOrPtr*)(_t277 + 8)) + 0x28)) != bpl) goto 0x8ec72b0c;
				E00007FF77FF78EC735D0( *_t321, _t277,  *((intOrPtr*)(_t277 + 8)), _t303);
				r9d = 0;
				if ( *(_t277 + 0x48) == 0) goto 0x8ec72b89;
				_v72 = r9w;
				_t159 = E00007FF77FF78EC7E0A0( *_t302, 0, _t277,  &_v72,  *((intOrPtr*)(_t277 + 0x40)), _t302, _t303, _t305,  *((intOrPtr*)( *((intOrPtr*)(_t320 + 0x18)) + 8)),  *((intOrPtr*)(_t277 + 8)));
				r9d = 0;
				if (_t159 <= 0) goto 0x8ec72bbe;
				_t286 =  *_t321;
				if ( *((intOrPtr*)(_t286 + 0x10)) !=  *((intOrPtr*)(_t286 + 8))) goto 0x8ec72b64;
				if ( *((intOrPtr*)(_t286 + 0x18)) == r9b) goto 0x8ec72b5e;
				 *(_t277 + 0x20) =  *(_t277 + 0x20) + r12d;
				goto 0x8ec72b7c;
				 *(_t277 + 0x20) =  *(_t277 + 0x20) | 0xffffffff;
				goto 0x8ec72b7c;
				 *(_t277 + 0x20) =  *(_t277 + 0x20) + r12d;
				 *((intOrPtr*)(_t286 + 0x10)) =  *((intOrPtr*)(_t286 + 0x10)) + _t318;
				 *((short*)( *((intOrPtr*)( *_t321)))) = _v72 & 0x0000ffff;
				 *((long long*)( *_t321)) =  *((long long*)( *_t321)) + 2;
				if (0 + r12d !=  *(_t277 + 0x48)) goto 0x8ec72b17;
				r13d = 0x20;
				_t179 =  *_t302;
				if (_t179 < 0) goto 0x8ec72c12;
				if ((r12b & 0) == 0) goto 0x8ec72c12;
				r8d = 0;
				if (_t194 <= 0) goto 0x8ec72c12;
				_t299 =  *_t321;
				if ( *((intOrPtr*)(_t299 + 0x10)) !=  *((intOrPtr*)(_t299 + 8))) goto 0x8ec72be9;
				if ( *((intOrPtr*)(_t299 + 0x18)) == bpl) goto 0x8ec72be2;
				goto 0x8ec72be5;
				 *(_t277 + 0x20) =  *(_t277 + 0x20) | 0xffffffff;
				goto 0x8ec72b87;
				r8d =  *(_t277 + 0x48);
				_t288 = _t321;
				_v88 =  *((intOrPtr*)(_t277 + 8));
				E00007FF77FF78EC73788( *(_t277 + 0x28) >> 2, _t194, _t277, _t288, _t303, _t305, _t302);
				goto 0x8ec72b8f;
				 *_t302 = _t179 + 0x00000001 | 0xffffffff;
				goto 0x8ec72c05;
				 *_t302 = _t288 + 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t277 + 0x40)) + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t277 + 0x40)) + 0x10)) + _t318;
				 *((intOrPtr*)( *((intOrPtr*)( *_t321)))) = r13w;
				 *((long long*)( *_t321)) =  *((long long*)( *_t321)) + 2;
				if ( *_t302 == 0xffffffff) goto 0x8ec72c12;
				r8d = r8d + r12d;
				if (r8d - _t194 < 0) goto 0x8ec72ba7;
				return E00007FF77FF78EC6A040(r12b,  *_t302, _v56 ^ _t308);
			}







































                                                                                                                                                              0x7ff78ec727e4
                                                                                                                                                              0x7ff78ec727e4
                                                                                                                                                              0x7ff78ec727e4
                                                                                                                                                              0x7ff78ec727e4
                                                                                                                                                              0x7ff78ec727e9
                                                                                                                                                              0x7ff78ec727ee
                                                                                                                                                              0x7ff78ec727fc
                                                                                                                                                              0x7ff78ec72800
                                                                                                                                                              0x7ff78ec7280a
                                                                                                                                                              0x7ff78ec7280f
                                                                                                                                                              0x7ff78ec72818
                                                                                                                                                              0x7ff78ec7281b
                                                                                                                                                              0x7ff78ec7281b
                                                                                                                                                              0x7ff78ec7281e
                                                                                                                                                              0x7ff78ec7281e
                                                                                                                                                              0x7ff78ec72822
                                                                                                                                                              0x7ff78ec72826
                                                                                                                                                              0x7ff78ec72828
                                                                                                                                                              0x7ff78ec72832
                                                                                                                                                              0x7ff78ec7283c
                                                                                                                                                              0x7ff78ec72842
                                                                                                                                                              0x7ff78ec7284c
                                                                                                                                                              0x7ff78ec72856
                                                                                                                                                              0x7ff78ec7285b
                                                                                                                                                              0x7ff78ec72861
                                                                                                                                                              0x7ff78ec72867
                                                                                                                                                              0x7ff78ec72871
                                                                                                                                                              0x7ff78ec72879
                                                                                                                                                              0x7ff78ec7287e
                                                                                                                                                              0x7ff78ec72883
                                                                                                                                                              0x7ff78ec72888
                                                                                                                                                              0x7ff78ec72890
                                                                                                                                                              0x7ff78ec72895
                                                                                                                                                              0x7ff78ec7289e
                                                                                                                                                              0x7ff78ec728a4
                                                                                                                                                              0x7ff78ec728aa
                                                                                                                                                              0x7ff78ec728b0
                                                                                                                                                              0x7ff78ec728b6
                                                                                                                                                              0x7ff78ec728bc
                                                                                                                                                              0x7ff78ec728c2
                                                                                                                                                              0x7ff78ec728c7
                                                                                                                                                              0x7ff78ec728cb
                                                                                                                                                              0x7ff78ec728cd
                                                                                                                                                              0x7ff78ec728d2
                                                                                                                                                              0x7ff78ec728d4
                                                                                                                                                              0x7ff78ec728db
                                                                                                                                                              0x7ff78ec728e2
                                                                                                                                                              0x7ff78ec728e4
                                                                                                                                                              0x7ff78ec728ef
                                                                                                                                                              0x7ff78ec728f1
                                                                                                                                                              0x7ff78ec728f5
                                                                                                                                                              0x7ff78ec728fa
                                                                                                                                                              0x7ff78ec728fd
                                                                                                                                                              0x7ff78ec72902
                                                                                                                                                              0x7ff78ec72904
                                                                                                                                                              0x7ff78ec72909
                                                                                                                                                              0x7ff78ec7290b
                                                                                                                                                              0x7ff78ec72911
                                                                                                                                                              0x7ff78ec72916
                                                                                                                                                              0x7ff78ec72921
                                                                                                                                                              0x7ff78ec72925
                                                                                                                                                              0x7ff78ec7292e
                                                                                                                                                              0x7ff78ec72934
                                                                                                                                                              0x7ff78ec72939
                                                                                                                                                              0x7ff78ec72940
                                                                                                                                                              0x7ff78ec72945
                                                                                                                                                              0x7ff78ec72953
                                                                                                                                                              0x7ff78ec7295d
                                                                                                                                                              0x7ff78ec72963
                                                                                                                                                              0x7ff78ec72968
                                                                                                                                                              0x7ff78ec7296d
                                                                                                                                                              0x7ff78ec72974
                                                                                                                                                              0x7ff78ec7297d
                                                                                                                                                              0x7ff78ec7297f
                                                                                                                                                              0x7ff78ec72985
                                                                                                                                                              0x7ff78ec72988
                                                                                                                                                              0x7ff78ec7298d
                                                                                                                                                              0x7ff78ec7299e
                                                                                                                                                              0x7ff78ec729a2
                                                                                                                                                              0x7ff78ec729ab
                                                                                                                                                              0x7ff78ec729ad
                                                                                                                                                              0x7ff78ec729b4
                                                                                                                                                              0x7ff78ec729c4
                                                                                                                                                              0x7ff78ec729c8
                                                                                                                                                              0x7ff78ec729ca
                                                                                                                                                              0x7ff78ec729d4
                                                                                                                                                              0x7ff78ec729db
                                                                                                                                                              0x7ff78ec729e0
                                                                                                                                                              0x7ff78ec729ee
                                                                                                                                                              0x7ff78ec729f4
                                                                                                                                                              0x7ff78ec729f6
                                                                                                                                                              0x7ff78ec729fb
                                                                                                                                                              0x7ff78ec72a00
                                                                                                                                                              0x7ff78ec72a0f
                                                                                                                                                              0x7ff78ec72a15
                                                                                                                                                              0x7ff78ec72a19
                                                                                                                                                              0x7ff78ec72a1e
                                                                                                                                                              0x7ff78ec72a21
                                                                                                                                                              0x7ff78ec72a26
                                                                                                                                                              0x7ff78ec72a29
                                                                                                                                                              0x7ff78ec72a37
                                                                                                                                                              0x7ff78ec72a42
                                                                                                                                                              0x7ff78ec72a4c
                                                                                                                                                              0x7ff78ec72a4e
                                                                                                                                                              0x7ff78ec72a54
                                                                                                                                                              0x7ff78ec72a5a
                                                                                                                                                              0x7ff78ec72a5e
                                                                                                                                                              0x7ff78ec72a61
                                                                                                                                                              0x7ff78ec72a66
                                                                                                                                                              0x7ff78ec72a70
                                                                                                                                                              0x7ff78ec72a78
                                                                                                                                                              0x7ff78ec72a88
                                                                                                                                                              0x7ff78ec72a90
                                                                                                                                                              0x7ff78ec72a92
                                                                                                                                                              0x7ff78ec72a97
                                                                                                                                                              0x7ff78ec72a9b
                                                                                                                                                              0x7ff78ec72aa6
                                                                                                                                                              0x7ff78ec72aac
                                                                                                                                                              0x7ff78ec72ab0
                                                                                                                                                              0x7ff78ec72ab5
                                                                                                                                                              0x7ff78ec72ab7
                                                                                                                                                              0x7ff78ec72abc
                                                                                                                                                              0x7ff78ec72abe
                                                                                                                                                              0x7ff78ec72ac8
                                                                                                                                                              0x7ff78ec72acf
                                                                                                                                                              0x7ff78ec72ad8
                                                                                                                                                              0x7ff78ec72ada
                                                                                                                                                              0x7ff78ec72ae0
                                                                                                                                                              0x7ff78ec72ae6
                                                                                                                                                              0x7ff78ec72af1
                                                                                                                                                              0x7ff78ec72af7
                                                                                                                                                              0x7ff78ec72aff
                                                                                                                                                              0x7ff78ec72b04
                                                                                                                                                              0x7ff78ec72b10
                                                                                                                                                              0x7ff78ec72b15
                                                                                                                                                              0x7ff78ec72b20
                                                                                                                                                              0x7ff78ec72b31
                                                                                                                                                              0x7ff78ec72b36
                                                                                                                                                              0x7ff78ec72b3e
                                                                                                                                                              0x7ff78ec72b40
                                                                                                                                                              0x7ff78ec72b50
                                                                                                                                                              0x7ff78ec72b56
                                                                                                                                                              0x7ff78ec72b58
                                                                                                                                                              0x7ff78ec72b5c
                                                                                                                                                              0x7ff78ec72b5e
                                                                                                                                                              0x7ff78ec72b62
                                                                                                                                                              0x7ff78ec72b64
                                                                                                                                                              0x7ff78ec72b68
                                                                                                                                                              0x7ff78ec72b72
                                                                                                                                                              0x7ff78ec72b78
                                                                                                                                                              0x7ff78ec72b85
                                                                                                                                                              0x7ff78ec72b89
                                                                                                                                                              0x7ff78ec72b8f
                                                                                                                                                              0x7ff78ec72b93
                                                                                                                                                              0x7ff78ec72b9e
                                                                                                                                                              0x7ff78ec72ba0
                                                                                                                                                              0x7ff78ec72ba5
                                                                                                                                                              0x7ff78ec72ba7
                                                                                                                                                              0x7ff78ec72bb2
                                                                                                                                                              0x7ff78ec72bb8
                                                                                                                                                              0x7ff78ec72bbc
                                                                                                                                                              0x7ff78ec72bbe
                                                                                                                                                              0x7ff78ec72bc2
                                                                                                                                                              0x7ff78ec72bcb
                                                                                                                                                              0x7ff78ec72bcf
                                                                                                                                                              0x7ff78ec72bd6
                                                                                                                                                              0x7ff78ec72bdb
                                                                                                                                                              0x7ff78ec72be0
                                                                                                                                                              0x7ff78ec72be5
                                                                                                                                                              0x7ff78ec72be7
                                                                                                                                                              0x7ff78ec72bec
                                                                                                                                                              0x7ff78ec72bee
                                                                                                                                                              0x7ff78ec72bf8
                                                                                                                                                              0x7ff78ec72bff
                                                                                                                                                              0x7ff78ec72c08
                                                                                                                                                              0x7ff78ec72c0a
                                                                                                                                                              0x7ff78ec72c10
                                                                                                                                                              0x7ff78ec72c3f

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c1ab2d779eaba6c8c7dfe1f1897cbaafb481f92d9821034868eb03f3a2409d90
                                                                                                                                                              • Instruction ID: 0dd7587eefd975957f70bfc0b0de02209310a64dd9b55a0cc95875f954c82139
                                                                                                                                                              • Opcode Fuzzy Hash: c1ab2d779eaba6c8c7dfe1f1897cbaafb481f92d9821034868eb03f3a2409d90
                                                                                                                                                              • Instruction Fuzzy Hash: 77D19FA2E0864682EB6CAF9DC84057DB7E0FB04B94FA45536DE4D03394DF39E852C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC72418 Relevance: .3, Instructions: 317COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FF77FF78EC72418(void* __edi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v68;
				char _v70;
				signed int _v72;
				long long _v88;
				void* __rbp;
				intOrPtr _t108;
				void* _t111;
				void* _t140;
				unsigned int _t147;
				signed char _t148;
				unsigned int _t153;
				signed int _t159;
				void* _t169;
				void* _t172;
				void* _t173;
				signed long long _t231;
				void* _t247;
				intOrPtr* _t252;
				intOrPtr* _t256;
				void* _t261;
				intOrPtr _t264;
				intOrPtr _t268;
				signed int* _t270;
				void* _t274;
				void* _t275;
				intOrPtr _t279;
				void* _t286;
				intOrPtr* _t287;

				_t272 = __rsi;
				_t169 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t274 = _t275;
				_t276 = _t275 - 0x50;
				_t231 =  *0x8ec9d000; // 0xa1f108556e84
				_v56 = _t231 ^ _t275 - 0x00000050;
				_t108 =  *((intOrPtr*)(__rcx + 0x39));
				_t247 = __rcx;
				r13d = 1;
				dil = 0x78;
				sil = 0x58;
				r14b = 0x41;
				_t173 = _t108 - 0x64;
				if (_t173 > 0) goto 0x8ec724bb;
				if (_t173 == 0) goto 0x8ec7251e;
				if (_t108 == r14b) goto 0x8ec7252b;
				if (_t108 == 0x43) goto 0x8ec7249e;
				if (_t108 - 0x44 <= 0) goto 0x8ec72534;
				if (_t108 - 0x47 <= 0) goto 0x8ec7252b;
				if (_t108 == 0x53) goto 0x8ec724e0;
				if (_t108 == sil) goto 0x8ec724b1;
				if (_t108 == 0x5a) goto 0x8ec724aa;
				if (_t108 == 0x61) goto 0x8ec7252b;
				if (_t108 != 0x63) goto 0x8ec72534;
				E00007FF77FF78EC731E0(_t108, _t108 - 0x63, __rcx);
				goto 0x8ec72530;
				E00007FF77FF78EC72C40(__rcx);
				goto 0x8ec72530;
				_t111 = E00007FF77FF78EC703AC(r13b, __rcx, __rcx, __rsi, _t274);
				goto 0x8ec72530;
				if (_t111 - 0x67 <= 0) goto 0x8ec7252b;
				if (_t111 == 0x69) goto 0x8ec7251e;
				if (_t111 == 0x6e) goto 0x8ec72517;
				if (_t111 == 0x6f) goto 0x8ec724f7;
				if (_t111 == 0x70) goto 0x8ec724e7;
				if (_t111 == 0x73) goto 0x8ec724e0;
				if (_t111 == 0x75) goto 0x8ec72522;
				if (_t111 != dil) goto 0x8ec72534;
				goto 0x8ec724b4;
				E00007FF77FF78EC7341C(__rcx);
				goto 0x8ec72530;
				 *((intOrPtr*)(__rcx + 0x30)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x34)) = 0xb;
				goto 0x8ec724b1;
				_t147 =  *(__rcx + 0x28);
				if ((r13b & _t147 >> 0x00000005) == 0) goto 0x8ec7250b;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x28) = _t147;
				E00007FF77FF78EC6FC04(0, __rcx, __rcx, _t272, _t274);
				goto 0x8ec72530;
				E00007FF77FF78EC73368(__rcx, __rcx);
				goto 0x8ec72530;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) | 0x00000010;
				E00007FF77FF78EC6FFD8(0, __rcx, __rcx, _t272, _t274);
				goto 0x8ec72530;
				if (E00007FF77FF78EC72D34(0, _t169, __rcx, __rcx, _t272, _t274) != 0) goto 0x8ec7253b;
				goto 0x8ec727ba;
				if ( *((char*)(__rcx + 0x38)) != 0) goto 0x8ec727b7;
				_t148 =  *(__rcx + 0x28);
				_v72 = 0;
				_v70 = 0;
				if ((r13b & 0) == 0) goto 0x8ec72588;
				if ((r13b & 0) == 0) goto 0x8ec7256d;
				_v72 = 0x2d;
				goto 0x8ec72585;
				if ((r13b & _t148) == 0) goto 0x8ec72578;
				_v72 = 0x2b;
				goto 0x8ec72585;
				if ((r13b & 0) == 0) goto 0x8ec72588;
				_v72 = 0x20;
				_t261 = _t286;
				r8b =  *((intOrPtr*)(__rcx + 0x39));
				if ((r8b - sil & 0x000000df) != 0) goto 0x8ec725a5;
				if ((r13b & _t148 >> 0x00000005) == 0) goto 0x8ec725a5;
				r9b = r13b;
				goto 0x8ec725a8;
				r9b = 0;
				_t132 = r8b - r14b;
				if (r9b != 0) goto 0x8ec725bc;
				if ((r8b - r14b & 0xffffff00 | (_t132 & 0x000000df) == 0x00000000) == 0) goto 0x8ec725d7;
				 *((char*)(_t274 + _t261 - 0x20)) = 0x30;
				if (r8b == sil) goto 0x8ec725cb;
				if (r8b != r14b) goto 0x8ec725ce;
				dil = sil;
				 *((intOrPtr*)(_t274 + _t261 - 0x1f)) = dil;
				_t172 =  *((intOrPtr*)(__rcx + 0x2c)) -  *((intOrPtr*)(__rcx + 0x48));
				if ((_t148 & 0x0000000c) != 0) goto 0x8ec72643;
				r9d = 0;
				if (_t172 <= 0) goto 0x8ec72643;
				_t279 =  *((intOrPtr*)(__rcx + 0x460));
				if ( *((intOrPtr*)(_t279 + 0x10)) !=  *((intOrPtr*)(_t279 + 8))) goto 0x8ec72612;
				if ( *((char*)(_t279 + 0x18)) == 0) goto 0x8ec7260a;
				goto 0x8ec7260d;
				 *(__rcx + 0x20) =  *(__rcx + 0x20) + 0x00000001 | 0xffffffff;
				goto 0x8ec72636;
				 *(__rcx + 0x20) = __rcx + 1;
				 *((intOrPtr*)(_t279 + 0x10)) =  *((intOrPtr*)(_t279 + 0x10)) + _t286;
				 *((char*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))))) = 0x20;
				 *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) + _t286;
				if ( *(__rcx + 0x20) == 0xffffffff) goto 0x8ec72643;
				r9d = r9d + r13d;
				if (r9d - _t172 < 0) goto 0x8ec725ee;
				_t60 = _t247 + 0x20; // 0x98
				_t270 = _t60;
				r8d = 0;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				_t62 = _t247 + 0x460; // 0x4d8
				_t287 = _t62;
				_t252 = _t287;
				E00007FF77FF78EC736E4(__rcx + 1, _t169, _t172, __rcx, _t252, _t270, _t272, _t274, _t270);
				_t153 =  *(__rcx + 0x28);
				if ((r13b & _t153 >> 0x00000003) == 0) goto 0x8ec726cc;
				if ((r13b & _t153 >> 0x00000002) != 0) goto 0x8ec726cc;
				r8d = 0;
				if (_t172 <= 0) goto 0x8ec726cc;
				_t264 =  *_t287;
				if ( *((intOrPtr*)(_t264 + 0x10)) !=  *((intOrPtr*)(_t264 + 8))) goto 0x8ec726a5;
				if ( *((char*)(_t264 + 0x18)) == 0) goto 0x8ec7269e;
				goto 0x8ec726a1;
				 *_t270 =  *_t270 + 0x00000001 | 0xffffffff;
				goto 0x8ec726bf;
				 *_t270 = _t252 + 1;
				 *((intOrPtr*)(_t264 + 0x10)) =  *((intOrPtr*)(_t264 + 0x10)) + _t286;
				 *((char*)( *((intOrPtr*)( *_t287)))) = 0x30;
				 *((intOrPtr*)( *_t287)) =  *((intOrPtr*)( *_t287)) + _t286;
				if ( *_t270 == 0xffffffff) goto 0x8ec726cc;
				r8d = r8d + r13d;
				if (r8d - _t172 < 0) goto 0x8ec72687;
				if ( *((char*)(__rcx + 0x4c)) == 0) goto 0x8ec7273e;
				if ( *((intOrPtr*)(__rcx + 0x48)) <= 0) goto 0x8ec7273e;
				r14d = 0;
				_t79 =  &_v68; // -27
				r9d =  *( *(__rcx + 0x40)) & 0x0000ffff;
				_t80 =  &_v72; // -31
				_v72 = _v72 & 0x00000000;
				r8d = 6;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				if (E00007FF77FF78EC7DEF0( *((intOrPtr*)(__rcx + 8)), __rcx, _t80, _t79, _t274, _t279) != 0) goto 0x8ec72739;
				r8d = _v72;
				if (r8d == 0) goto 0x8ec72739;
				_v88 =  *((intOrPtr*)(_t247 + 8));
				_t140 = E00007FF77FF78EC736E4(_t139, _t169, _t172, _t247, _t287, _t270, _t272, _t274, _t270);
				r14d = r14d + r13d;
				if (r14d !=  *(_t247 + 0x48)) goto 0x8ec726df;
				goto 0x8ec7275a;
				 *_t270 =  *_t270 | 0xffffffff;
				goto 0x8ec7275a;
				r8d =  *(_t247 + 0x48);
				_t256 = _t287;
				_v88 =  *((intOrPtr*)(_t247 + 8));
				E00007FF77FF78EC736E4(_t140, _t169, _t172, _t247, _t256, _t270, _t272, _t274, _t270);
				_t159 =  *_t270;
				if (_t159 < 0) goto 0x8ec727b7;
				if ((r13b &  *(_t247 + 0x28) >> 0x00000002) == 0) goto 0x8ec727b7;
				r8d = 0;
				if (_t172 <= 0) goto 0x8ec727b7;
				_t268 =  *_t287;
				if ( *((intOrPtr*)(_t268 + 0x10)) !=  *((intOrPtr*)(_t268 + 8))) goto 0x8ec72790;
				if ( *((char*)(_t268 + 0x18)) == 0) goto 0x8ec72789;
				goto 0x8ec7278c;
				 *_t270 = _t159 + 0x00000001 | 0xffffffff;
				goto 0x8ec727aa;
				 *_t270 = _t256 + 1;
				 *((intOrPtr*)(_t268 + 0x10)) =  *((intOrPtr*)(_t268 + 0x10)) + _t286;
				 *((char*)( *((intOrPtr*)( *_t287)))) = 0x20;
				 *((intOrPtr*)( *_t287)) =  *((intOrPtr*)( *_t287)) + _t286;
				if ( *_t270 == 0xffffffff) goto 0x8ec727b7;
				r8d = r8d + r13d;
				if (r8d - _t172 < 0) goto 0x8ec72772;
				return E00007FF77FF78EC6A040(r13b,  *_t270, _v56 ^ _t276);
			}

































                                                                                                                                                              0x7ff78ec72418
                                                                                                                                                              0x7ff78ec72418
                                                                                                                                                              0x7ff78ec72418
                                                                                                                                                              0x7ff78ec7241d
                                                                                                                                                              0x7ff78ec72422
                                                                                                                                                              0x7ff78ec72430
                                                                                                                                                              0x7ff78ec72433
                                                                                                                                                              0x7ff78ec72437
                                                                                                                                                              0x7ff78ec72441
                                                                                                                                                              0x7ff78ec72445
                                                                                                                                                              0x7ff78ec72448
                                                                                                                                                              0x7ff78ec7244b
                                                                                                                                                              0x7ff78ec72451
                                                                                                                                                              0x7ff78ec72454
                                                                                                                                                              0x7ff78ec72457
                                                                                                                                                              0x7ff78ec7245a
                                                                                                                                                              0x7ff78ec7245c
                                                                                                                                                              0x7ff78ec7245e
                                                                                                                                                              0x7ff78ec72467
                                                                                                                                                              0x7ff78ec7246f
                                                                                                                                                              0x7ff78ec72473
                                                                                                                                                              0x7ff78ec7247b
                                                                                                                                                              0x7ff78ec72483
                                                                                                                                                              0x7ff78ec72488
                                                                                                                                                              0x7ff78ec7248c
                                                                                                                                                              0x7ff78ec72490
                                                                                                                                                              0x7ff78ec72498
                                                                                                                                                              0x7ff78ec724a0
                                                                                                                                                              0x7ff78ec724a5
                                                                                                                                                              0x7ff78ec724aa
                                                                                                                                                              0x7ff78ec724af
                                                                                                                                                              0x7ff78ec724b4
                                                                                                                                                              0x7ff78ec724b9
                                                                                                                                                              0x7ff78ec724bd
                                                                                                                                                              0x7ff78ec724c1
                                                                                                                                                              0x7ff78ec724c5
                                                                                                                                                              0x7ff78ec724c9
                                                                                                                                                              0x7ff78ec724cd
                                                                                                                                                              0x7ff78ec724d1
                                                                                                                                                              0x7ff78ec724d5
                                                                                                                                                              0x7ff78ec724da
                                                                                                                                                              0x7ff78ec724de
                                                                                                                                                              0x7ff78ec724e0
                                                                                                                                                              0x7ff78ec724e5
                                                                                                                                                              0x7ff78ec724e7
                                                                                                                                                              0x7ff78ec724ee
                                                                                                                                                              0x7ff78ec724f5
                                                                                                                                                              0x7ff78ec724f7
                                                                                                                                                              0x7ff78ec72502
                                                                                                                                                              0x7ff78ec72504
                                                                                                                                                              0x7ff78ec72508
                                                                                                                                                              0x7ff78ec72510
                                                                                                                                                              0x7ff78ec72515
                                                                                                                                                              0x7ff78ec72517
                                                                                                                                                              0x7ff78ec7251c
                                                                                                                                                              0x7ff78ec7251e
                                                                                                                                                              0x7ff78ec72524
                                                                                                                                                              0x7ff78ec72529
                                                                                                                                                              0x7ff78ec72532
                                                                                                                                                              0x7ff78ec72536
                                                                                                                                                              0x7ff78ec7253f
                                                                                                                                                              0x7ff78ec72545
                                                                                                                                                              0x7ff78ec7254a
                                                                                                                                                              0x7ff78ec72550
                                                                                                                                                              0x7ff78ec7255b
                                                                                                                                                              0x7ff78ec72565
                                                                                                                                                              0x7ff78ec72567
                                                                                                                                                              0x7ff78ec7256b
                                                                                                                                                              0x7ff78ec72570
                                                                                                                                                              0x7ff78ec72572
                                                                                                                                                              0x7ff78ec72576
                                                                                                                                                              0x7ff78ec7257f
                                                                                                                                                              0x7ff78ec72581
                                                                                                                                                              0x7ff78ec72585
                                                                                                                                                              0x7ff78ec72588
                                                                                                                                                              0x7ff78ec72594
                                                                                                                                                              0x7ff78ec7259e
                                                                                                                                                              0x7ff78ec725a0
                                                                                                                                                              0x7ff78ec725a3
                                                                                                                                                              0x7ff78ec725a5
                                                                                                                                                              0x7ff78ec725ab
                                                                                                                                                              0x7ff78ec725b6
                                                                                                                                                              0x7ff78ec725ba
                                                                                                                                                              0x7ff78ec725bc
                                                                                                                                                              0x7ff78ec725c4
                                                                                                                                                              0x7ff78ec725c9
                                                                                                                                                              0x7ff78ec725cb
                                                                                                                                                              0x7ff78ec725ce
                                                                                                                                                              0x7ff78ec725dc
                                                                                                                                                              0x7ff78ec725e2
                                                                                                                                                              0x7ff78ec725e4
                                                                                                                                                              0x7ff78ec725e9
                                                                                                                                                              0x7ff78ec725ee
                                                                                                                                                              0x7ff78ec725fd
                                                                                                                                                              0x7ff78ec72604
                                                                                                                                                              0x7ff78ec72608
                                                                                                                                                              0x7ff78ec7260d
                                                                                                                                                              0x7ff78ec72610
                                                                                                                                                              0x7ff78ec72615
                                                                                                                                                              0x7ff78ec72618
                                                                                                                                                              0x7ff78ec72626
                                                                                                                                                              0x7ff78ec72630
                                                                                                                                                              0x7ff78ec72639
                                                                                                                                                              0x7ff78ec7263b
                                                                                                                                                              0x7ff78ec72641
                                                                                                                                                              0x7ff78ec72647
                                                                                                                                                              0x7ff78ec72647
                                                                                                                                                              0x7ff78ec7264b
                                                                                                                                                              0x7ff78ec7264e
                                                                                                                                                              0x7ff78ec72653
                                                                                                                                                              0x7ff78ec72653
                                                                                                                                                              0x7ff78ec7265d
                                                                                                                                                              0x7ff78ec72664
                                                                                                                                                              0x7ff78ec72669
                                                                                                                                                              0x7ff78ec72674
                                                                                                                                                              0x7ff78ec7267c
                                                                                                                                                              0x7ff78ec7267e
                                                                                                                                                              0x7ff78ec72683
                                                                                                                                                              0x7ff78ec72687
                                                                                                                                                              0x7ff78ec72692
                                                                                                                                                              0x7ff78ec72698
                                                                                                                                                              0x7ff78ec7269c
                                                                                                                                                              0x7ff78ec726a1
                                                                                                                                                              0x7ff78ec726a3
                                                                                                                                                              0x7ff78ec726a8
                                                                                                                                                              0x7ff78ec726aa
                                                                                                                                                              0x7ff78ec726b4
                                                                                                                                                              0x7ff78ec726ba
                                                                                                                                                              0x7ff78ec726c2
                                                                                                                                                              0x7ff78ec726c4
                                                                                                                                                              0x7ff78ec726ca
                                                                                                                                                              0x7ff78ec726d0
                                                                                                                                                              0x7ff78ec726d6
                                                                                                                                                              0x7ff78ec726dc
                                                                                                                                                              0x7ff78ec726e3
                                                                                                                                                              0x7ff78ec726e7
                                                                                                                                                              0x7ff78ec726ec
                                                                                                                                                              0x7ff78ec726f0
                                                                                                                                                              0x7ff78ec726f9
                                                                                                                                                              0x7ff78ec726ff
                                                                                                                                                              0x7ff78ec7270b
                                                                                                                                                              0x7ff78ec7270d
                                                                                                                                                              0x7ff78ec72714
                                                                                                                                                              0x7ff78ec72721
                                                                                                                                                              0x7ff78ec72729
                                                                                                                                                              0x7ff78ec7272e
                                                                                                                                                              0x7ff78ec72735
                                                                                                                                                              0x7ff78ec72737
                                                                                                                                                              0x7ff78ec72739
                                                                                                                                                              0x7ff78ec7273c
                                                                                                                                                              0x7ff78ec72745
                                                                                                                                                              0x7ff78ec72749
                                                                                                                                                              0x7ff78ec72750
                                                                                                                                                              0x7ff78ec72755
                                                                                                                                                              0x7ff78ec7275a
                                                                                                                                                              0x7ff78ec7275e
                                                                                                                                                              0x7ff78ec72769
                                                                                                                                                              0x7ff78ec7276b
                                                                                                                                                              0x7ff78ec72770
                                                                                                                                                              0x7ff78ec72772
                                                                                                                                                              0x7ff78ec7277d
                                                                                                                                                              0x7ff78ec72783
                                                                                                                                                              0x7ff78ec72787
                                                                                                                                                              0x7ff78ec7278c
                                                                                                                                                              0x7ff78ec7278e
                                                                                                                                                              0x7ff78ec72793
                                                                                                                                                              0x7ff78ec72795
                                                                                                                                                              0x7ff78ec7279f
                                                                                                                                                              0x7ff78ec727a5
                                                                                                                                                              0x7ff78ec727ad
                                                                                                                                                              0x7ff78ec727af
                                                                                                                                                              0x7ff78ec727b5
                                                                                                                                                              0x7ff78ec727e3

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 25ae5f151df0c1ba02c4360836bc34a0f79240637f1c4d1dc95a112454dbe016
                                                                                                                                                              • Instruction ID: 5c24c673c4f086bfb01d1258410871d450dcbf396b78d61977e04abfb3d30071
                                                                                                                                                              • Opcode Fuzzy Hash: 25ae5f151df0c1ba02c4360836bc34a0f79240637f1c4d1dc95a112454dbe016
                                                                                                                                                              • Instruction Fuzzy Hash: CBD1D6A2D1864686EB6CABADC81027DA7E1FB04B48FB45136DE4C073D5DF39E842C360
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC69030 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8c8bf80d24b1585ea17529d93ee93efcec8c0fed6d1a39070f5825dee488f3f0
                                                                                                                                                              • Instruction ID: 120791c8552c54b6b96052397c7e15e142d598742f31c4f3e842b3200c118eab
                                                                                                                                                              • Opcode Fuzzy Hash: 8c8bf80d24b1585ea17529d93ee93efcec8c0fed6d1a39070f5825dee488f3f0
                                                                                                                                                              • Instruction Fuzzy Hash: C4C1D0726142E04BD398EB29E85947A73A1F7C8319BE8402AEB8B477C6C63CE455D721
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7115C Relevance: .2, Instructions: 248COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                              			E00007FF77FF78EC7115C(signed int __esi, long long __rbx, void* __rcx, long long __rbp, long long _a16, long long _a24) {
				long long _v32;
				long long _v40;
				void* __rsi;
				long long _t20;
				void* _t26;
				void* _t27;
				void* _t33;

				_a16 = __rbx;
				_a24 = __rbp;
				_t20 =  *((intOrPtr*)(__rcx + 8));
				if ( *((intOrPtr*)(__rcx + 0x460)) != 0) goto 0x8ec711bf;
				 *((char*)(_t20 + 0x30)) = 1;
				 *((intOrPtr*)(_t20 + 0x2c)) = 0x16;
				_v32 = _t20;
				r9d = 0;
				r8d = 0;
				_v40 = __rbp;
				E00007FF77FF78EC7A180(_t20, __rcx,  *((intOrPtr*)(__rcx + 0x460)), _t26, _t27, __rbp, _t33);
				return __esi | 0xffffffff;
			}










                                                                                                                                                              0x7ff78ec7115c
                                                                                                                                                              0x7ff78ec71161
                                                                                                                                                              0x7ff78ec7116e
                                                                                                                                                              0x7ff78ec71184
                                                                                                                                                              0x7ff78ec71186
                                                                                                                                                              0x7ff78ec7118a
                                                                                                                                                              0x7ff78ec71191
                                                                                                                                                              0x7ff78ec71196
                                                                                                                                                              0x7ff78ec71199
                                                                                                                                                              0x7ff78ec7119c
                                                                                                                                                              0x7ff78ec711a5
                                                                                                                                                              0x7ff78ec711be

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 145553e4eb520b9c4327cd244bf3735e6a69e68fb6006d4d8b81bdfca1e62c0f
                                                                                                                                                              • Instruction ID: 59d3639d58b3327e4669f1ff9bfc910904a58e215e75edfde6cdfaf61fe25ada
                                                                                                                                                              • Opcode Fuzzy Hash: 145553e4eb520b9c4327cd244bf3735e6a69e68fb6006d4d8b81bdfca1e62c0f
                                                                                                                                                              • Instruction Fuzzy Hash: 9BB1AF72E0868186E764AF7DD85027CBBA0FB05B48FA44139DE4D47799CF39D880C764
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC714E8 Relevance: .2, Instructions: 244COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                              			E00007FF77FF78EC714E8(signed int __esi, long long __rbx, signed long long __rcx, signed int __rbp, void* __r8, long long _a16, long long _a24) {
				long long _v32;
				long long _v40;
				void* __rdi;
				void* __rsi;
				signed int _t113;
				void* _t118;
				signed int _t133;
				signed int _t135;
				void* _t139;
				signed int _t141;
				signed int _t150;
				void* _t163;
				intOrPtr _t171;
				intOrPtr* _t173;
				intOrPtr* _t184;
				intOrPtr* _t189;
				signed long long _t192;
				signed long long _t194;
				intOrPtr _t200;
				intOrPtr _t202;
				void* _t204;
				void* _t209;
				void* _t211;
				signed int _t212;
				void* _t217;

				_t217 = __r8;
				_t212 = __rbp;
				_t194 = __rcx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t171 =  *((intOrPtr*)(__rcx + 8));
				_t141 = __esi | 0xffffffff;
				_t192 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x460)) != __rbp) goto 0x8ec7151f;
				 *((char*)(_t171 + 0x30)) = 1;
				 *((intOrPtr*)(_t171 + 0x2c)) = 0x16;
				goto 0x8ec7184d;
				if ( *((intOrPtr*)(__rcx + 0x10)) != __rbp) goto 0x8ec71555;
				 *((char*)(_t171 + 0x30)) = 1;
				r9d = 0;
				 *((intOrPtr*)(_t171 + 0x2c)) = 0x16;
				r8d = 0;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = __rbp;
				E00007FF77FF78EC7A180( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t204, _t211, __rbp, __r8);
				goto 0x8ec717fb;
				 *((intOrPtr*)(_t194 + 0x468)) =  *((intOrPtr*)(_t194 + 0x468)) + 1;
				if ( *((intOrPtr*)(_t194 + 0x468)) == 2) goto 0x8ec717f8;
				_t173 =  *((intOrPtr*)(_t192 + 0x10));
				 *((intOrPtr*)(_t192 + 0x48)) = 0;
				 *(_t192 + 0x24) = bpl;
				r8b =  *_t173;
				 *((long long*)(_t192 + 0x10)) = _t173 + 1;
				 *((intOrPtr*)(_t192 + 0x39)) = r8b;
				if (r8b == 0) goto 0x8ec717e5;
				r9b = r8b;
				if ( *(_t192 + 0x20) < 0) goto 0x8ec717e5;
				_t22 = _t217 - 0x20; // -32
				if (_t22 - 0x5a > 0) goto 0x8ec715b7;
				goto 0x8ec715ba;
				_t113 =  *(0x8ec91410 + (r8b - 0x20 + _t194 * 8) * 2) & 0x000000ff;
				 *(_t192 + 0x24) = _t113;
				if (_t113 - 8 >= 0) goto 0x8ec7183a;
				_t150 = _t113;
				if (_t150 == 0) goto 0x8ec716f4;
				if (_t150 == 0) goto 0x8ec716dd;
				if (_t150 == 0) goto 0x8ec7168e;
				if (_t150 == 0) goto 0x8ec71657;
				if (_t150 == 0) goto 0x8ec7164f;
				if (_t150 == 0) goto 0x8ec71625;
				if (_t150 == 0) goto 0x8ec7161b;
				if (_t113 - 0xfffffffffffffffc != 1) goto 0x8ec71866;
				E00007FF77FF78EC72418(_t139, _t192, _t192, r8b - 0x20 + _t194 * 8, _t209, _t211, _t217);
				goto 0x8ec71681;
				E00007FF77FF78EC71CB4(_t192);
				goto 0x8ec71681;
				if (r8b == 0x2a) goto 0x8ec71639;
				E00007FF77FF78EC7103C(_t192, _t192, _t192 + 0x30, _t211);
				goto 0x8ec71681;
				 *((long long*)(_t192 + 0x18)) =  *((long long*)(_t192 + 0x18)) + 8;
				_t133 =  *( *((intOrPtr*)(_t192 + 0x18)) - 8);
				_t134 =  <  ? _t141 : _t133;
				 *(_t192 + 0x30) =  <  ? _t141 : _t133;
				goto 0x8ec7167f;
				 *(_t192 + 0x30) = 0;
				goto 0x8ec717c7;
				if (r8b == 0x2a) goto 0x8ec71663;
				goto 0x8ec7162f;
				 *((long long*)(_t192 + 0x18)) =  *((long long*)(_t192 + 0x18)) + 8;
				_t135 =  *( *((intOrPtr*)(_t192 + 0x18)) - 8);
				 *(_t192 + 0x2c) = _t135;
				if (_t135 >= 0) goto 0x8ec7167f;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000004;
				 *(_t192 + 0x2c) =  ~_t135;
				if (1 == 0) goto 0x8ec71866;
				goto 0x8ec717c7;
				if (r8b == 0x20) goto 0x8ec716d4;
				if (r8b == 0x23) goto 0x8ec716cb;
				if (r8b == 0x2b) goto 0x8ec716c2;
				if (r8b == 0x2d) goto 0x8ec716b9;
				if (r8b != 0x30) goto 0x8ec717c7;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000008;
				goto 0x8ec717c7;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000004;
				goto 0x8ec717c7;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000001;
				goto 0x8ec717c7;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000020;
				goto 0x8ec717c7;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000002;
				goto 0x8ec717c7;
				 *(_t192 + 0x28) = _t212;
				 *(_t192 + 0x38) = bpl;
				 *(_t192 + 0x30) = _t141;
				 *((intOrPtr*)(_t192 + 0x34)) = 0;
				 *(_t192 + 0x4c) = bpl;
				goto 0x8ec717c7;
				 *(_t192 + 0x4c) = bpl;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t192 + 8)) + 0x28)) != bpl) goto 0x8ec71711;
				_t118 = E00007FF77FF78EC735D0( *((intOrPtr*)(_t192 + 0x18)), _t192,  *((intOrPtr*)(_t192 + 8)), _t211);
				r8b =  *((intOrPtr*)(_t192 + 0x39));
				r9b = r8b;
				_t163 = _t118 - _t141;
				if (_t163 < 0) goto 0x8ec71788;
				if (_t163 == 0) goto 0x8ec71788;
				_t200 =  *((intOrPtr*)(_t192 + 0x460));
				if ( *((intOrPtr*)(_t200 + 0x10)) !=  *((intOrPtr*)(_t200 + 8))) goto 0x8ec7174f;
				if ( *((intOrPtr*)(_t200 + 0x18)) == bpl) goto 0x8ec7174a;
				 *(_t192 + 0x20) =  *(_t192 + 0x20) + 1;
				goto 0x8ec7176d;
				 *(_t192 + 0x20) = _t141;
				goto 0x8ec7176d;
				 *(_t192 + 0x20) =  *(_t192 + 0x20) + 1;
				 *((long long*)(_t200 + 0x10)) =  *((long long*)(_t200 + 0x10)) + 1;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x460)))))) = r8b;
				 *((long long*)( *((intOrPtr*)(_t192 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t192 + 0x460)))) + 1;
				_t184 =  *((intOrPtr*)(_t192 + 0x10));
				r9b =  *_t184;
				 *((long long*)(_t192 + 0x10)) = _t184 + 1;
				 *((intOrPtr*)(_t192 + 0x39)) = r9b;
				if (r9b == 0) goto 0x8ec7180e;
				_t202 =  *((intOrPtr*)(_t192 + 0x460));
				if ( *((intOrPtr*)(_t202 + 0x10)) !=  *((intOrPtr*)(_t202 + 8))) goto 0x8ec717a9;
				if ( *((intOrPtr*)(_t202 + 0x18)) == bpl) goto 0x8ec717a4;
				 *(_t192 + 0x20) =  *(_t192 + 0x20) + 1;
				goto 0x8ec717c7;
				 *(_t192 + 0x20) = _t141;
				goto 0x8ec717c7;
				 *(_t192 + 0x20) =  *(_t192 + 0x20) + 1;
				 *((long long*)(_t202 + 0x10)) =  *((long long*)(_t202 + 0x10)) + 1;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x460)))))) = r9b;
				 *((long long*)( *((intOrPtr*)(_t192 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t192 + 0x460)))) + 1;
				_t189 =  *((intOrPtr*)(_t192 + 0x10));
				r8b =  *_t189;
				 *((long long*)(_t192 + 0x10)) = _t189 + 1;
				r9b = r8b;
				 *((intOrPtr*)(_t192 + 0x39)) = r8b;
				if (r8b != 0) goto 0x8ec71594;
				 *((intOrPtr*)(_t192 + 0x468)) =  *((intOrPtr*)(_t192 + 0x468)) + 1;
				if ( *((intOrPtr*)(_t192 + 0x468)) != 2) goto 0x8ec7156f;
				return  *(_t192 + 0x20);
			}




























                                                                                                                                                              0x7ff78ec714e8
                                                                                                                                                              0x7ff78ec714e8
                                                                                                                                                              0x7ff78ec714e8
                                                                                                                                                              0x7ff78ec714e8
                                                                                                                                                              0x7ff78ec714ed
                                                                                                                                                              0x7ff78ec714fa
                                                                                                                                                              0x7ff78ec714fe
                                                                                                                                                              0x7ff78ec71503
                                                                                                                                                              0x7ff78ec7150d
                                                                                                                                                              0x7ff78ec7150f
                                                                                                                                                              0x7ff78ec71513
                                                                                                                                                              0x7ff78ec7151a
                                                                                                                                                              0x7ff78ec71523
                                                                                                                                                              0x7ff78ec71525
                                                                                                                                                              0x7ff78ec71529
                                                                                                                                                              0x7ff78ec7152c
                                                                                                                                                              0x7ff78ec71533
                                                                                                                                                              0x7ff78ec7153c
                                                                                                                                                              0x7ff78ec71543
                                                                                                                                                              0x7ff78ec71548
                                                                                                                                                              0x7ff78ec71550
                                                                                                                                                              0x7ff78ec71555
                                                                                                                                                              0x7ff78ec71562
                                                                                                                                                              0x7ff78ec7156f
                                                                                                                                                              0x7ff78ec71573
                                                                                                                                                              0x7ff78ec71576
                                                                                                                                                              0x7ff78ec7157a
                                                                                                                                                              0x7ff78ec71580
                                                                                                                                                              0x7ff78ec71584
                                                                                                                                                              0x7ff78ec7158b
                                                                                                                                                              0x7ff78ec71591
                                                                                                                                                              0x7ff78ec71597
                                                                                                                                                              0x7ff78ec7159d
                                                                                                                                                              0x7ff78ec715a3
                                                                                                                                                              0x7ff78ec715b5
                                                                                                                                                              0x7ff78ec715c8
                                                                                                                                                              0x7ff78ec715cd
                                                                                                                                                              0x7ff78ec715d2
                                                                                                                                                              0x7ff78ec715da
                                                                                                                                                              0x7ff78ec715dc
                                                                                                                                                              0x7ff78ec715e5
                                                                                                                                                              0x7ff78ec715ee
                                                                                                                                                              0x7ff78ec715f7
                                                                                                                                                              0x7ff78ec715fc
                                                                                                                                                              0x7ff78ec71601
                                                                                                                                                              0x7ff78ec71606
                                                                                                                                                              0x7ff78ec7160b
                                                                                                                                                              0x7ff78ec71614
                                                                                                                                                              0x7ff78ec71619
                                                                                                                                                              0x7ff78ec7161e
                                                                                                                                                              0x7ff78ec71623
                                                                                                                                                              0x7ff78ec71629
                                                                                                                                                              0x7ff78ec71632
                                                                                                                                                              0x7ff78ec71637
                                                                                                                                                              0x7ff78ec71639
                                                                                                                                                              0x7ff78ec71642
                                                                                                                                                              0x7ff78ec71647
                                                                                                                                                              0x7ff78ec7164a
                                                                                                                                                              0x7ff78ec7164d
                                                                                                                                                              0x7ff78ec7164f
                                                                                                                                                              0x7ff78ec71652
                                                                                                                                                              0x7ff78ec7165b
                                                                                                                                                              0x7ff78ec71661
                                                                                                                                                              0x7ff78ec71663
                                                                                                                                                              0x7ff78ec7166c
                                                                                                                                                              0x7ff78ec7166f
                                                                                                                                                              0x7ff78ec71674
                                                                                                                                                              0x7ff78ec71676
                                                                                                                                                              0x7ff78ec7167c
                                                                                                                                                              0x7ff78ec71683
                                                                                                                                                              0x7ff78ec71689
                                                                                                                                                              0x7ff78ec71692
                                                                                                                                                              0x7ff78ec71698
                                                                                                                                                              0x7ff78ec7169e
                                                                                                                                                              0x7ff78ec716a4
                                                                                                                                                              0x7ff78ec716aa
                                                                                                                                                              0x7ff78ec716b0
                                                                                                                                                              0x7ff78ec716b4
                                                                                                                                                              0x7ff78ec716b9
                                                                                                                                                              0x7ff78ec716bd
                                                                                                                                                              0x7ff78ec716c2
                                                                                                                                                              0x7ff78ec716c6
                                                                                                                                                              0x7ff78ec716cb
                                                                                                                                                              0x7ff78ec716cf
                                                                                                                                                              0x7ff78ec716d4
                                                                                                                                                              0x7ff78ec716d8
                                                                                                                                                              0x7ff78ec716dd
                                                                                                                                                              0x7ff78ec716e1
                                                                                                                                                              0x7ff78ec716e5
                                                                                                                                                              0x7ff78ec716e8
                                                                                                                                                              0x7ff78ec716eb
                                                                                                                                                              0x7ff78ec716ef
                                                                                                                                                              0x7ff78ec716f8
                                                                                                                                                              0x7ff78ec71700
                                                                                                                                                              0x7ff78ec71705
                                                                                                                                                              0x7ff78ec7170a
                                                                                                                                                              0x7ff78ec7170e
                                                                                                                                                              0x7ff78ec71715
                                                                                                                                                              0x7ff78ec71717
                                                                                                                                                              0x7ff78ec7172c
                                                                                                                                                              0x7ff78ec7172e
                                                                                                                                                              0x7ff78ec7173d
                                                                                                                                                              0x7ff78ec71743
                                                                                                                                                              0x7ff78ec71745
                                                                                                                                                              0x7ff78ec71748
                                                                                                                                                              0x7ff78ec7174a
                                                                                                                                                              0x7ff78ec7174d
                                                                                                                                                              0x7ff78ec7174f
                                                                                                                                                              0x7ff78ec71752
                                                                                                                                                              0x7ff78ec71760
                                                                                                                                                              0x7ff78ec7176a
                                                                                                                                                              0x7ff78ec7176d
                                                                                                                                                              0x7ff78ec71771
                                                                                                                                                              0x7ff78ec71777
                                                                                                                                                              0x7ff78ec7177b
                                                                                                                                                              0x7ff78ec71782
                                                                                                                                                              0x7ff78ec71788
                                                                                                                                                              0x7ff78ec71797
                                                                                                                                                              0x7ff78ec7179d
                                                                                                                                                              0x7ff78ec7179f
                                                                                                                                                              0x7ff78ec717a2
                                                                                                                                                              0x7ff78ec717a4
                                                                                                                                                              0x7ff78ec717a7
                                                                                                                                                              0x7ff78ec717a9
                                                                                                                                                              0x7ff78ec717ac
                                                                                                                                                              0x7ff78ec717ba
                                                                                                                                                              0x7ff78ec717c4
                                                                                                                                                              0x7ff78ec717c7
                                                                                                                                                              0x7ff78ec717cb
                                                                                                                                                              0x7ff78ec717d1
                                                                                                                                                              0x7ff78ec717d5
                                                                                                                                                              0x7ff78ec717d8
                                                                                                                                                              0x7ff78ec717df
                                                                                                                                                              0x7ff78ec717e5
                                                                                                                                                              0x7ff78ec717f2
                                                                                                                                                              0x7ff78ec7180d

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: adcc09fd6b79e9e3f02851d2afca0750a49ee1777a1ce42f3f6beceed93d6895
                                                                                                                                                              • Instruction ID: 497b56e0359b9968131164b3ee798112339842102c1a8db908ad7f73abcdc906
                                                                                                                                                              • Opcode Fuzzy Hash: adcc09fd6b79e9e3f02851d2afca0750a49ee1777a1ce42f3f6beceed93d6895
                                                                                                                                                              • Instruction Fuzzy Hash: 84B15972E0878586E769AF6EC85426CBBA4F705F48FB90139CA4E07395CF39D451C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7DC08 Relevance: .2, Instructions: 198COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                              			E00007FF77FF78EC7DC08(void* __rax, long long __rbx, unsigned int* __rcx, void* __rdx, void* __rdi, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16, intOrPtr _a40, intOrPtr _a48, void* _a64, long long _a80) {
				long long _v48;
				signed long long _v56;
				long long _t37;
				long long _t44;
				unsigned int* _t49;
				void* _t51;
				void* _t58;

				_a8 = __rbx;
				_a16 = __rsi;
				_t58 = __r8;
				_t49 = __rcx;
				if (__rdx != 0) goto 0x8ec7dc58;
				_t44 = _a80;
				_v48 = _t44;
				 *((char*)(_t44 + 0x30)) = 1;
				 *((intOrPtr*)(_t44 + 0x2c)) = __rdx + 0x16;
				_v56 = _v56 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF78EC7A180(__rax, __rbx, _t44, __rdx, __rsi, _t51, __r8);
				goto 0x8ec7dec7;
				if (_t58 != 0) goto 0x8ec7dc78;
				_t37 = _a80;
				_v48 = _t37;
				 *((char*)(_t37 + 0x30)) = 1;
				 *((intOrPtr*)(_t37 + 0x2c)) = 0x16;
				goto 0x8ec7dc3c;
				if (__r9 == 0) goto 0x8ec7dc5d;
				if (_a40 == 0) goto 0x8ec7dc5d;
				if (_a48 == 0x41) goto 0x8ec7dca3;
				if (_t44 - 0x45 - 2 <= 0) goto 0x8ec7dca3;
				sil = 0;
				goto 0x8ec7dca6;
				sil = 1;
				if (0 != 0) goto 0x8ec7dd9d;
				if ( *_t49 >> 0x34 != 0x7ff) goto 0x8ec7dd9d;
				r8d = 0xc;
			}










                                                                                                                                                              0x7ff78ec7dc08
                                                                                                                                                              0x7ff78ec7dc0d
                                                                                                                                                              0x7ff78ec7dc17
                                                                                                                                                              0x7ff78ec7dc1d
                                                                                                                                                              0x7ff78ec7dc23
                                                                                                                                                              0x7ff78ec7dc25
                                                                                                                                                              0x7ff78ec7dc30
                                                                                                                                                              0x7ff78ec7dc35
                                                                                                                                                              0x7ff78ec7dc39
                                                                                                                                                              0x7ff78ec7dc3c
                                                                                                                                                              0x7ff78ec7dc42
                                                                                                                                                              0x7ff78ec7dc45
                                                                                                                                                              0x7ff78ec7dc4c
                                                                                                                                                              0x7ff78ec7dc53
                                                                                                                                                              0x7ff78ec7dc5b
                                                                                                                                                              0x7ff78ec7dc5d
                                                                                                                                                              0x7ff78ec7dc6a
                                                                                                                                                              0x7ff78ec7dc6f
                                                                                                                                                              0x7ff78ec7dc73
                                                                                                                                                              0x7ff78ec7dc76
                                                                                                                                                              0x7ff78ec7dc7b
                                                                                                                                                              0x7ff78ec7dc88
                                                                                                                                                              0x7ff78ec7dc94
                                                                                                                                                              0x7ff78ec7dc9c
                                                                                                                                                              0x7ff78ec7dc9e
                                                                                                                                                              0x7ff78ec7dca1
                                                                                                                                                              0x7ff78ec7dca3
                                                                                                                                                              0x7ff78ec7dcb1
                                                                                                                                                              0x7ff78ec7dccc
                                                                                                                                                              0x7ff78ec7dcdf

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4013c44f973f1f1ce609df18204cccaeace5f86398c0733acef99e0fa5c9e84d
                                                                                                                                                              • Instruction ID: c697aff0359e196842986622af3db041af2cd691bf7fb5c0b171654f4136b31a
                                                                                                                                                              • Opcode Fuzzy Hash: 4013c44f973f1f1ce609df18204cccaeace5f86398c0733acef99e0fa5c9e84d
                                                                                                                                                              • Instruction Fuzzy Hash: 1F81C372E0878146E774AB5DE84037AAE90FB967D4FA44235DA9E47B89CF3DD440CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6FDEC Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00007FF77FF78EC6FDEC(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t87;
				signed int _t91;
				void* _t111;
				intOrPtr _t112;
				signed int _t119;
				intOrPtr _t130;
				void* _t134;
				void* _t141;
				void* _t144;
				intOrPtr _t150;
				void* _t157;
				void* _t159;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t134 = __rcx;
				bpl = __edx;
				_t87 =  *((intOrPtr*)(__rcx + 0x34));
				_t111 = _t87 - 5;
				if (_t111 > 0) goto 0x8ec6fed3;
				if (_t111 == 0) goto 0x8ec6fe3c;
				_t112 = _t87;
				if (_t112 == 0) goto 0x8ec6ff27;
				if (_t112 == 0) goto 0x8ec6feab;
				if (_t112 == 0) goto 0x8ec6fe84;
				if (_t112 == 0) goto 0x8ec6ff27;
				if (_t87 - 0xffffffffffffffff != 1) goto 0x8ec6fef3;
				_t91 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t144;
				if ((_t91 >> 0x00000004 & 0x00000001) == 0) goto 0x8ec6fe6e;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8ec6fe6e;
				 *(__rcx + 0x28) = _t91 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8ec6ff52;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8ec6ff69;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8ec6fea5;
				goto 0x8ec6fe57;
				goto 0x8ec6fe57;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t119 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t119 == 0) goto 0x8ec6fecd;
				goto 0x8ec6fe57;
				goto 0x8ec6fe57;
				if (_t119 == 0) goto 0x8ec6fe3c;
				if (_t119 == 0) goto 0x8ec6fe3c;
				if (_t119 == 0) goto 0x8ec6fe3c;
				goto 0x8ec6fe2a;
				_t130 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t130 + 0x30)) = 1;
				 *((intOrPtr*)(_t130 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF78EC7A180( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t141,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t157);
				goto 0x8ec6ffc2;
				 *((long long*)(_t134 + 0x18)) =  *((long long*)(_t134 + 0x18)) + 8;
				if (0 == 0) goto 0x8ec6ff4a;
				_t150 =  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8));
				goto 0x8ec6fe57;
				goto 0x8ec6fe57;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xfffffff7;
				E00007FF77FF78EC6F110(_t134, _t134 + 0x50,  *((intOrPtr*)(_t134 + 0x30)), _t150,  *((intOrPtr*)(_t134 + 8)));
				if (_t150 != 0) goto 0x8ec6ff72;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xffffffdf;
				 *((char*)(_t134 + 0x4c)) = 1;
				r8b = bpl;
				if (_t144 != 8) goto 0x8ec6ff8c;
				E00007FF77FF78EC70B90(0, _t134, _t150, _t159);
				goto 0x8ec6ff93;
				E00007FF77FF78EC707FC( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8)), _t134, _t159);
				if (0 == 0) goto 0x8ec6ffc0;
				if ( *((intOrPtr*)(_t134 + 0x48)) == 0) goto 0x8ec6ffb1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x40)))) == 0x30) goto 0x8ec6ffc0;
				 *((long long*)(_t134 + 0x40)) =  *((long long*)(_t134 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t134 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t134 + 0x48)) =  *((intOrPtr*)(_t134 + 0x48)) + 1;
				return 1;
			}

















                                                                                                                                                              0x7ff78ec6fdec
                                                                                                                                                              0x7ff78ec6fdf1
                                                                                                                                                              0x7ff78ec6fdf6
                                                                                                                                                              0x7ff78ec6fe00
                                                                                                                                                              0x7ff78ec6fe03
                                                                                                                                                              0x7ff78ec6fe06
                                                                                                                                                              0x7ff78ec6fe09
                                                                                                                                                              0x7ff78ec6fe0c
                                                                                                                                                              0x7ff78ec6fe12
                                                                                                                                                              0x7ff78ec6fe14
                                                                                                                                                              0x7ff78ec6fe16
                                                                                                                                                              0x7ff78ec6fe1f
                                                                                                                                                              0x7ff78ec6fe28
                                                                                                                                                              0x7ff78ec6fe2d
                                                                                                                                                              0x7ff78ec6fe36
                                                                                                                                                              0x7ff78ec6fe3c
                                                                                                                                                              0x7ff78ec6fe44
                                                                                                                                                              0x7ff78ec6fe5e
                                                                                                                                                              0x7ff78ec6fe63
                                                                                                                                                              0x7ff78ec6fe6b
                                                                                                                                                              0x7ff78ec6fe72
                                                                                                                                                              0x7ff78ec6fe78
                                                                                                                                                              0x7ff78ec6fe7f
                                                                                                                                                              0x7ff78ec6fe8c
                                                                                                                                                              0x7ff78ec6fe9c
                                                                                                                                                              0x7ff78ec6fea3
                                                                                                                                                              0x7ff78ec6fea9
                                                                                                                                                              0x7ff78ec6feb3
                                                                                                                                                              0x7ff78ec6febd
                                                                                                                                                              0x7ff78ec6fec4
                                                                                                                                                              0x7ff78ec6fecb
                                                                                                                                                              0x7ff78ec6fed1
                                                                                                                                                              0x7ff78ec6fed6
                                                                                                                                                              0x7ff78ec6fedf
                                                                                                                                                              0x7ff78ec6fee8
                                                                                                                                                              0x7ff78ec6feee
                                                                                                                                                              0x7ff78ec6fef3
                                                                                                                                                              0x7ff78ec6fef7
                                                                                                                                                              0x7ff78ec6fefa
                                                                                                                                                              0x7ff78ec6ff01
                                                                                                                                                              0x7ff78ec6ff05
                                                                                                                                                              0x7ff78ec6ff10
                                                                                                                                                              0x7ff78ec6ff15
                                                                                                                                                              0x7ff78ec6ff1b
                                                                                                                                                              0x7ff78ec6ff22
                                                                                                                                                              0x7ff78ec6ff2f
                                                                                                                                                              0x7ff78ec6ff3f
                                                                                                                                                              0x7ff78ec6ff41
                                                                                                                                                              0x7ff78ec6ff45
                                                                                                                                                              0x7ff78ec6ff4d
                                                                                                                                                              0x7ff78ec6ff5d
                                                                                                                                                              0x7ff78ec6ff64
                                                                                                                                                              0x7ff78ec6ff6c
                                                                                                                                                              0x7ff78ec6ff6e
                                                                                                                                                              0x7ff78ec6ff72
                                                                                                                                                              0x7ff78ec6ff76
                                                                                                                                                              0x7ff78ec6ff80
                                                                                                                                                              0x7ff78ec6ff85
                                                                                                                                                              0x7ff78ec6ff8a
                                                                                                                                                              0x7ff78ec6ff8e
                                                                                                                                                              0x7ff78ec6ff9b
                                                                                                                                                              0x7ff78ec6ffa6
                                                                                                                                                              0x7ff78ec6ffaf
                                                                                                                                                              0x7ff78ec6ffb1
                                                                                                                                                              0x7ff78ec6ffba
                                                                                                                                                              0x7ff78ec6ffbd
                                                                                                                                                              0x7ff78ec6ffd6

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cd13913463f2a535fc0c8be1876713af60b9a5b5c2f997033bced444a0d0364e
                                                                                                                                                              • Instruction ID: 22f324b4b8c71c718614cb10c665c9c0418f3c1f3c08e11d417d8784b745050e
                                                                                                                                                              • Opcode Fuzzy Hash: cd13913463f2a535fc0c8be1876713af60b9a5b5c2f997033bced444a0d0364e
                                                                                                                                                              • Instruction Fuzzy Hash: 9651A073E0C69182E728AE68C05423EABA0FB55B68F644139DE4D577E9CB39EC41C790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC74D60 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC74D60(signed int __ecx, signed int __edx, void* __eflags, intOrPtr* __rcx, intOrPtr* __rdx, void* __r8) {
				unsigned int _t13;
				unsigned int _t14;
				char _t15;
				char _t33;
				signed int* _t41;
				void* _t52;

				if (__eflags == 0) goto 0x8ec74e1b;
				if ((__ecx & 0x00000007) == 0) goto 0x8ec74d80;
				_t13 =  *((intOrPtr*)(__rcx));
				if (_t13 == 0) goto 0x8ec74df6;
				_t41 = __rcx + 1;
				if ((__ecx & 0x00000007) != 0) goto 0x8ec74d71;
				if ((0x01010100 & ( *_t41 ^ 0xffffffff ^ 0xfefefeff +  *_t41)) == 0) goto 0x8ec74d80;
				if (_t13 == 0) goto 0x8ec74df6;
				if (_t13 == 0) goto 0x8ec74df6;
				if (_t13 == 0) goto 0x8ec74df6;
				if (_t13 == 0) goto 0x8ec74df6;
				if (_t13 == 0) goto 0x8ec74df6;
				if (_t13 == 0) goto 0x8ec74df6;
				_t14 = _t13 >> 0x10;
				if (_t14 == 0) goto 0x8ec74df6;
				if (_t14 == 0) goto 0x8ec74df6;
				goto 0x8ec74d80;
				_t52 =  &(_t41[2]) - 8 + 8 - __rdx;
				if ((__edx & 0x00000007) == 0) goto 0x8ec74e28;
				_t15 =  *((intOrPtr*)(__rdx));
				 *((char*)(__rdx + _t52)) = _t15;
				_t33 = _t15;
				if (_t33 == 0) goto 0x8ec74e1b;
				if (_t33 == 0) goto 0x8ec74e16;
				if ((__edx & 0x00000007) != 0) goto 0x8ec74dfe;
				goto 0x8ec74e28;
				 *((char*)(__rdx + 1 + _t52)) = 0;
				return 0;
			}









                                                                                                                                                              0x7ff78ec74d66
                                                                                                                                                              0x7ff78ec74d6f
                                                                                                                                                              0x7ff78ec74d71
                                                                                                                                                              0x7ff78ec74d75
                                                                                                                                                              0x7ff78ec74d77
                                                                                                                                                              0x7ff78ec74d7d
                                                                                                                                                              0x7ff78ec74dab
                                                                                                                                                              0x7ff78ec74db3
                                                                                                                                                              0x7ff78ec74dba
                                                                                                                                                              0x7ff78ec74dc5
                                                                                                                                                              0x7ff78ec74dcc
                                                                                                                                                              0x7ff78ec74dd7
                                                                                                                                                              0x7ff78ec74dde
                                                                                                                                                              0x7ff78ec74de3
                                                                                                                                                              0x7ff78ec74de8
                                                                                                                                                              0x7ff78ec74def
                                                                                                                                                              0x7ff78ec74df4
                                                                                                                                                              0x7ff78ec74df6
                                                                                                                                                              0x7ff78ec74dfc
                                                                                                                                                              0x7ff78ec74dfe
                                                                                                                                                              0x7ff78ec74e00
                                                                                                                                                              0x7ff78ec74e03
                                                                                                                                                              0x7ff78ec74e05
                                                                                                                                                              0x7ff78ec74e0d
                                                                                                                                                              0x7ff78ec74e12
                                                                                                                                                              0x7ff78ec74e14
                                                                                                                                                              0x7ff78ec74e18
                                                                                                                                                              0x7ff78ec74e1e

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                              • Instruction ID: ff53b761146881380708b7db1d9ef4e90ae9d975346cb3972b87c16cd3250526
                                                                                                                                                              • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                              • Instruction Fuzzy Hash: 1D41B662C0975A45EAA5D9DCCD106B5D684BF227F0EF852B0DEE913BC7CB2C6987C120
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC70594 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                              			E00007FF77FF78EC70594(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t87;
				signed int _t91;
				void* _t111;
				intOrPtr _t112;
				signed int _t119;
				intOrPtr _t130;
				void* _t134;
				void* _t141;
				void* _t144;
				intOrPtr _t150;
				void* _t157;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t134 = __rcx;
				bpl = __edx;
				_t87 =  *((intOrPtr*)(__rcx + 0x34));
				_t111 = _t87 - 5;
				if (_t111 > 0) goto 0x8ec7067b;
				if (_t111 == 0) goto 0x8ec705e4;
				_t112 = _t87;
				if (_t112 == 0) goto 0x8ec706cf;
				if (_t112 == 0) goto 0x8ec70653;
				if (_t112 == 0) goto 0x8ec7062c;
				if (_t112 == 0) goto 0x8ec706cf;
				if (_t87 - 0xffffffffffffffff != 1) goto 0x8ec7069b;
				_t91 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t144;
				if ((_t91 >> 0x00000004 & 0x00000001) == 0) goto 0x8ec70616;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8ec70616;
				 *(__rcx + 0x28) = _t91 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8ec706fa;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8ec70711;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8ec7064d;
				goto 0x8ec705ff;
				goto 0x8ec705ff;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t119 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t119 == 0) goto 0x8ec70675;
				goto 0x8ec705ff;
				goto 0x8ec705ff;
				if (_t119 == 0) goto 0x8ec705e4;
				if (_t119 == 0) goto 0x8ec705e4;
				if (_t119 == 0) goto 0x8ec705e4;
				goto 0x8ec705d2;
				_t130 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t130 + 0x30)) = 1;
				 *((intOrPtr*)(_t130 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF78EC7A180( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t141,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t157);
				goto 0x8ec7076a;
				 *((long long*)(_t134 + 0x18)) =  *((long long*)(_t134 + 0x18)) + 8;
				if (0 == 0) goto 0x8ec706f2;
				_t150 =  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8));
				goto 0x8ec705ff;
				goto 0x8ec705ff;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xfffffff7;
				E00007FF77FF78EC6F110(_t134, _t134 + 0x50,  *((intOrPtr*)(_t134 + 0x30)), _t150,  *((intOrPtr*)(_t134 + 8)));
				if (_t150 != 0) goto 0x8ec7071a;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xffffffdf;
				 *((char*)(_t134 + 0x4c)) = 1;
				r8b = bpl;
				if (_t144 != 8) goto 0x8ec70734;
				E00007FF77FF78EC70E10(0, _t134, _t150);
				goto 0x8ec7073b;
				E00007FF77FF78EC70A70( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8)), _t134);
				if (0 == 0) goto 0x8ec70768;
				if ( *((intOrPtr*)(_t134 + 0x48)) == 0) goto 0x8ec70759;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x40)))) == 0x30) goto 0x8ec70768;
				 *((long long*)(_t134 + 0x40)) =  *((long long*)(_t134 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t134 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t134 + 0x48)) =  *((intOrPtr*)(_t134 + 0x48)) + 1;
				return 1;
			}
















                                                                                                                                                              0x7ff78ec70594
                                                                                                                                                              0x7ff78ec70599
                                                                                                                                                              0x7ff78ec7059e
                                                                                                                                                              0x7ff78ec705a8
                                                                                                                                                              0x7ff78ec705ab
                                                                                                                                                              0x7ff78ec705ae
                                                                                                                                                              0x7ff78ec705b1
                                                                                                                                                              0x7ff78ec705b4
                                                                                                                                                              0x7ff78ec705ba
                                                                                                                                                              0x7ff78ec705bc
                                                                                                                                                              0x7ff78ec705be
                                                                                                                                                              0x7ff78ec705c7
                                                                                                                                                              0x7ff78ec705d0
                                                                                                                                                              0x7ff78ec705d5
                                                                                                                                                              0x7ff78ec705de
                                                                                                                                                              0x7ff78ec705e4
                                                                                                                                                              0x7ff78ec705ec
                                                                                                                                                              0x7ff78ec70606
                                                                                                                                                              0x7ff78ec7060b
                                                                                                                                                              0x7ff78ec70613
                                                                                                                                                              0x7ff78ec7061a
                                                                                                                                                              0x7ff78ec70620
                                                                                                                                                              0x7ff78ec70627
                                                                                                                                                              0x7ff78ec70634
                                                                                                                                                              0x7ff78ec70644
                                                                                                                                                              0x7ff78ec7064b
                                                                                                                                                              0x7ff78ec70651
                                                                                                                                                              0x7ff78ec7065b
                                                                                                                                                              0x7ff78ec70665
                                                                                                                                                              0x7ff78ec7066c
                                                                                                                                                              0x7ff78ec70673
                                                                                                                                                              0x7ff78ec70679
                                                                                                                                                              0x7ff78ec7067e
                                                                                                                                                              0x7ff78ec70687
                                                                                                                                                              0x7ff78ec70690
                                                                                                                                                              0x7ff78ec70696
                                                                                                                                                              0x7ff78ec7069b
                                                                                                                                                              0x7ff78ec7069f
                                                                                                                                                              0x7ff78ec706a2
                                                                                                                                                              0x7ff78ec706a9
                                                                                                                                                              0x7ff78ec706ad
                                                                                                                                                              0x7ff78ec706b8
                                                                                                                                                              0x7ff78ec706bd
                                                                                                                                                              0x7ff78ec706c3
                                                                                                                                                              0x7ff78ec706ca
                                                                                                                                                              0x7ff78ec706d7
                                                                                                                                                              0x7ff78ec706e7
                                                                                                                                                              0x7ff78ec706e9
                                                                                                                                                              0x7ff78ec706ed
                                                                                                                                                              0x7ff78ec706f5
                                                                                                                                                              0x7ff78ec70705
                                                                                                                                                              0x7ff78ec7070c
                                                                                                                                                              0x7ff78ec70714
                                                                                                                                                              0x7ff78ec70716
                                                                                                                                                              0x7ff78ec7071a
                                                                                                                                                              0x7ff78ec7071e
                                                                                                                                                              0x7ff78ec70728
                                                                                                                                                              0x7ff78ec7072d
                                                                                                                                                              0x7ff78ec70732
                                                                                                                                                              0x7ff78ec70736
                                                                                                                                                              0x7ff78ec70743
                                                                                                                                                              0x7ff78ec7074e
                                                                                                                                                              0x7ff78ec70757
                                                                                                                                                              0x7ff78ec70759
                                                                                                                                                              0x7ff78ec70762
                                                                                                                                                              0x7ff78ec70765
                                                                                                                                                              0x7ff78ec7077e

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d35544f0de4291087a22586488ce75b6eb3c39d1b62f2cbc732685b95b505f20
                                                                                                                                                              • Instruction ID: f794d199d3ecd01d7eb7afc192710a86d7f9fdd9b01b43ab9f6a4c1341fe32a4
                                                                                                                                                              • Opcode Fuzzy Hash: d35544f0de4291087a22586488ce75b6eb3c39d1b62f2cbc732685b95b505f20
                                                                                                                                                              • Instruction Fuzzy Hash: 5D51E132E1865182E768AF6CC95623CA7A0FB52B68FA40135DE4A177D8CF38EC41C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC701C0 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                              			E00007FF77FF78EC701C0(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t87;
				signed int _t91;
				void* _t111;
				intOrPtr _t112;
				signed int _t119;
				intOrPtr _t130;
				void* _t134;
				void* _t141;
				void* _t144;
				intOrPtr _t150;
				void* _t157;
				void* _t159;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t134 = __rcx;
				bpl = __edx;
				_t87 =  *((intOrPtr*)(__rcx + 0x34));
				_t111 = _t87 - 5;
				if (_t111 > 0) goto 0x8ec702a7;
				if (_t111 == 0) goto 0x8ec70210;
				_t112 = _t87;
				if (_t112 == 0) goto 0x8ec702fb;
				if (_t112 == 0) goto 0x8ec7027f;
				if (_t112 == 0) goto 0x8ec70258;
				if (_t112 == 0) goto 0x8ec702fb;
				if (_t87 - 0xffffffffffffffff != 1) goto 0x8ec702c7;
				_t91 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t144;
				if ((_t91 >> 0x00000004 & 0x00000001) == 0) goto 0x8ec70242;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8ec70242;
				 *(__rcx + 0x28) = _t91 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8ec70326;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8ec7033d;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8ec70279;
				goto 0x8ec7022b;
				goto 0x8ec7022b;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t119 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t119 == 0) goto 0x8ec702a1;
				goto 0x8ec7022b;
				goto 0x8ec7022b;
				if (_t119 == 0) goto 0x8ec70210;
				if (_t119 == 0) goto 0x8ec70210;
				if (_t119 == 0) goto 0x8ec70210;
				goto 0x8ec701fe;
				_t130 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t130 + 0x30)) = 1;
				 *((intOrPtr*)(_t130 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF78EC7A180( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t141,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t157);
				goto 0x8ec70396;
				 *((long long*)(_t134 + 0x18)) =  *((long long*)(_t134 + 0x18)) + 8;
				if (0 == 0) goto 0x8ec7031e;
				_t150 =  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8));
				goto 0x8ec7022b;
				goto 0x8ec7022b;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xfffffff7;
				E00007FF77FF78EC6F110(_t134, _t134 + 0x50,  *((intOrPtr*)(_t134 + 0x30)), _t150,  *((intOrPtr*)(_t134 + 8)));
				if (_t150 != 0) goto 0x8ec70346;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xffffffdf;
				 *((char*)(_t134 + 0x4c)) = 1;
				r8b = bpl;
				if (_t144 != 8) goto 0x8ec70360;
				E00007FF77FF78EC70CC4(_t134, _t150);
				goto 0x8ec70367;
				E00007FF77FF78EC7092C( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8)), _t134, _t150, _t159);
				if (0 == 0) goto 0x8ec70394;
				if ( *((intOrPtr*)(_t134 + 0x48)) == 0) goto 0x8ec70385;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x40)))) == 0x30) goto 0x8ec70394;
				 *((long long*)(_t134 + 0x40)) =  *((long long*)(_t134 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t134 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t134 + 0x48)) =  *((intOrPtr*)(_t134 + 0x48)) + 1;
				return 1;
			}

















                                                                                                                                                              0x7ff78ec701c0
                                                                                                                                                              0x7ff78ec701c5
                                                                                                                                                              0x7ff78ec701ca
                                                                                                                                                              0x7ff78ec701d4
                                                                                                                                                              0x7ff78ec701d7
                                                                                                                                                              0x7ff78ec701da
                                                                                                                                                              0x7ff78ec701dd
                                                                                                                                                              0x7ff78ec701e0
                                                                                                                                                              0x7ff78ec701e6
                                                                                                                                                              0x7ff78ec701e8
                                                                                                                                                              0x7ff78ec701ea
                                                                                                                                                              0x7ff78ec701f3
                                                                                                                                                              0x7ff78ec701fc
                                                                                                                                                              0x7ff78ec70201
                                                                                                                                                              0x7ff78ec7020a
                                                                                                                                                              0x7ff78ec70210
                                                                                                                                                              0x7ff78ec70218
                                                                                                                                                              0x7ff78ec70232
                                                                                                                                                              0x7ff78ec70237
                                                                                                                                                              0x7ff78ec7023f
                                                                                                                                                              0x7ff78ec70246
                                                                                                                                                              0x7ff78ec7024c
                                                                                                                                                              0x7ff78ec70253
                                                                                                                                                              0x7ff78ec70260
                                                                                                                                                              0x7ff78ec70270
                                                                                                                                                              0x7ff78ec70277
                                                                                                                                                              0x7ff78ec7027d
                                                                                                                                                              0x7ff78ec70287
                                                                                                                                                              0x7ff78ec70291
                                                                                                                                                              0x7ff78ec70298
                                                                                                                                                              0x7ff78ec7029f
                                                                                                                                                              0x7ff78ec702a5
                                                                                                                                                              0x7ff78ec702aa
                                                                                                                                                              0x7ff78ec702b3
                                                                                                                                                              0x7ff78ec702bc
                                                                                                                                                              0x7ff78ec702c2
                                                                                                                                                              0x7ff78ec702c7
                                                                                                                                                              0x7ff78ec702cb
                                                                                                                                                              0x7ff78ec702ce
                                                                                                                                                              0x7ff78ec702d5
                                                                                                                                                              0x7ff78ec702d9
                                                                                                                                                              0x7ff78ec702e4
                                                                                                                                                              0x7ff78ec702e9
                                                                                                                                                              0x7ff78ec702ef
                                                                                                                                                              0x7ff78ec702f6
                                                                                                                                                              0x7ff78ec70303
                                                                                                                                                              0x7ff78ec70313
                                                                                                                                                              0x7ff78ec70315
                                                                                                                                                              0x7ff78ec70319
                                                                                                                                                              0x7ff78ec70321
                                                                                                                                                              0x7ff78ec70331
                                                                                                                                                              0x7ff78ec70338
                                                                                                                                                              0x7ff78ec70340
                                                                                                                                                              0x7ff78ec70342
                                                                                                                                                              0x7ff78ec70346
                                                                                                                                                              0x7ff78ec7034a
                                                                                                                                                              0x7ff78ec70354
                                                                                                                                                              0x7ff78ec70359
                                                                                                                                                              0x7ff78ec7035e
                                                                                                                                                              0x7ff78ec70362
                                                                                                                                                              0x7ff78ec7036f
                                                                                                                                                              0x7ff78ec7037a
                                                                                                                                                              0x7ff78ec70383
                                                                                                                                                              0x7ff78ec70385
                                                                                                                                                              0x7ff78ec7038e
                                                                                                                                                              0x7ff78ec70391
                                                                                                                                                              0x7ff78ec703aa

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 91676e2c6819f2125a1fdcdf1d499c76ba6867f36b41da1b0312bc2d09b032fe
                                                                                                                                                              • Instruction ID: 255a02b8ac831a4b768c83ea5390cd73b5d59d2d6f6cc629c50128835474c76a
                                                                                                                                                              • Opcode Fuzzy Hash: 91676e2c6819f2125a1fdcdf1d499c76ba6867f36b41da1b0312bc2d09b032fe
                                                                                                                                                              • Instruction Fuzzy Hash: 3751AF73E0861183E768AEACD84623CA7A0FB56B68FA54135DF49177D9CB39EC41C350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6FFD8 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                              			E00007FF77FF78EC6FFD8(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t140;
				void* _t143;
				intOrPtr _t149;
				void* _t156;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0x8ec700bf;
				if (_t110 == 0) goto 0x8ec70028;
				_t111 = _t86;
				if (_t111 == 0) goto 0x8ec70113;
				if (_t111 == 0) goto 0x8ec70097;
				if (_t111 == 0) goto 0x8ec70070;
				if (_t111 == 0) goto 0x8ec70113;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x8ec700df;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t143;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0x8ec7005a;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8ec7005a;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8ec7013e;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8ec70155;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8ec70091;
				goto 0x8ec70043;
				goto 0x8ec70043;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0x8ec700b9;
				goto 0x8ec70043;
				goto 0x8ec70043;
				if (_t118 == 0) goto 0x8ec70028;
				if (_t118 == 0) goto 0x8ec70028;
				if (_t118 == 0) goto 0x8ec70028;
				goto 0x8ec70016;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF78EC7A180( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t140,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t156);
				goto 0x8ec701a8;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 8;
				if (0 == 0) goto 0x8ec70136;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8));
				goto 0x8ec70043;
				goto 0x8ec70043;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xfffffff7;
				E00007FF77FF78EC6F068(_t133, _t133 + 0x50,  *((intOrPtr*)(_t133 + 0x30)), _t149,  *((intOrPtr*)(_t133 + 8)));
				if (_t149 != 0) goto 0x8ec7015e;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 0;
				r8b = bpl;
				if (_t143 != 8) goto 0x8ec70178;
				E00007FF77FF78EC70C18(_t133, _t149);
				goto 0x8ec7017f;
				E00007FF77FF78EC70884( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8)), _t133, _t149);
				if (0 == 0) goto 0x8ec701a6;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0x8ec70198;
				if ( *((char*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0x8ec701a6;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}
















                                                                                                                                                              0x7ff78ec6ffd8
                                                                                                                                                              0x7ff78ec6ffdd
                                                                                                                                                              0x7ff78ec6ffe2
                                                                                                                                                              0x7ff78ec6ffec
                                                                                                                                                              0x7ff78ec6ffef
                                                                                                                                                              0x7ff78ec6fff2
                                                                                                                                                              0x7ff78ec6fff5
                                                                                                                                                              0x7ff78ec6fff8
                                                                                                                                                              0x7ff78ec6fffe
                                                                                                                                                              0x7ff78ec70000
                                                                                                                                                              0x7ff78ec70002
                                                                                                                                                              0x7ff78ec7000b
                                                                                                                                                              0x7ff78ec70014
                                                                                                                                                              0x7ff78ec70019
                                                                                                                                                              0x7ff78ec70022
                                                                                                                                                              0x7ff78ec70028
                                                                                                                                                              0x7ff78ec70030
                                                                                                                                                              0x7ff78ec7004a
                                                                                                                                                              0x7ff78ec7004f
                                                                                                                                                              0x7ff78ec70057
                                                                                                                                                              0x7ff78ec7005e
                                                                                                                                                              0x7ff78ec70064
                                                                                                                                                              0x7ff78ec7006b
                                                                                                                                                              0x7ff78ec70078
                                                                                                                                                              0x7ff78ec70088
                                                                                                                                                              0x7ff78ec7008f
                                                                                                                                                              0x7ff78ec70095
                                                                                                                                                              0x7ff78ec7009f
                                                                                                                                                              0x7ff78ec700a9
                                                                                                                                                              0x7ff78ec700b0
                                                                                                                                                              0x7ff78ec700b7
                                                                                                                                                              0x7ff78ec700bd
                                                                                                                                                              0x7ff78ec700c2
                                                                                                                                                              0x7ff78ec700cb
                                                                                                                                                              0x7ff78ec700d4
                                                                                                                                                              0x7ff78ec700da
                                                                                                                                                              0x7ff78ec700df
                                                                                                                                                              0x7ff78ec700e3
                                                                                                                                                              0x7ff78ec700e6
                                                                                                                                                              0x7ff78ec700ed
                                                                                                                                                              0x7ff78ec700f1
                                                                                                                                                              0x7ff78ec700fc
                                                                                                                                                              0x7ff78ec70101
                                                                                                                                                              0x7ff78ec70107
                                                                                                                                                              0x7ff78ec7010e
                                                                                                                                                              0x7ff78ec7011b
                                                                                                                                                              0x7ff78ec7012b
                                                                                                                                                              0x7ff78ec7012d
                                                                                                                                                              0x7ff78ec70131
                                                                                                                                                              0x7ff78ec70139
                                                                                                                                                              0x7ff78ec70149
                                                                                                                                                              0x7ff78ec70150
                                                                                                                                                              0x7ff78ec70158
                                                                                                                                                              0x7ff78ec7015a
                                                                                                                                                              0x7ff78ec7015e
                                                                                                                                                              0x7ff78ec70162
                                                                                                                                                              0x7ff78ec7016c
                                                                                                                                                              0x7ff78ec70171
                                                                                                                                                              0x7ff78ec70176
                                                                                                                                                              0x7ff78ec7017a
                                                                                                                                                              0x7ff78ec70187
                                                                                                                                                              0x7ff78ec7018d
                                                                                                                                                              0x7ff78ec70196
                                                                                                                                                              0x7ff78ec70198
                                                                                                                                                              0x7ff78ec701a0
                                                                                                                                                              0x7ff78ec701a3
                                                                                                                                                              0x7ff78ec701bc

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0d206cf78a1e1fdd7179b185d329a52e3742a16a0b21815c9c7ebae968ae7add
                                                                                                                                                              • Instruction ID: 62831d5a5867faaf59db701153960b2d58a229b82d76b959e371badd4e4f7a30
                                                                                                                                                              • Opcode Fuzzy Hash: 0d206cf78a1e1fdd7179b185d329a52e3742a16a0b21815c9c7ebae968ae7add
                                                                                                                                                              • Instruction Fuzzy Hash: 1651B073E0860182E7289F6CC85623CA7A1FB42B68FA44134DE5D17799CB39EC81C7A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6FC04 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                              			E00007FF77FF78EC6FC04(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t140;
				void* _t143;
				intOrPtr _t149;
				void* _t156;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0x8ec6fceb;
				if (_t110 == 0) goto 0x8ec6fc54;
				_t111 = _t86;
				if (_t111 == 0) goto 0x8ec6fd3f;
				if (_t111 == 0) goto 0x8ec6fcc3;
				if (_t111 == 0) goto 0x8ec6fc9c;
				if (_t111 == 0) goto 0x8ec6fd3f;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x8ec6fd0b;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t143;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0x8ec6fc86;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8ec6fc86;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8ec6fd6a;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8ec6fd81;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8ec6fcbd;
				goto 0x8ec6fc6f;
				goto 0x8ec6fc6f;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0x8ec6fce5;
				goto 0x8ec6fc6f;
				goto 0x8ec6fc6f;
				if (_t118 == 0) goto 0x8ec6fc54;
				if (_t118 == 0) goto 0x8ec6fc54;
				if (_t118 == 0) goto 0x8ec6fc54;
				goto 0x8ec6fc42;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF78EC7A180( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t140,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t156);
				goto 0x8ec6fdd4;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 8;
				if (0 == 0) goto 0x8ec6fd62;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8));
				goto 0x8ec6fc6f;
				goto 0x8ec6fc6f;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xfffffff7;
				_t51 = _t133 + 0x50; // 0xc8
				E00007FF77FF78EC6F068(_t133, _t51,  *((intOrPtr*)(_t133 + 0x30)), _t149,  *((intOrPtr*)(_t133 + 8)));
				if (_t149 != 0) goto 0x8ec6fd8a;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 0;
				r8b = bpl;
				if (_t143 != 8) goto 0x8ec6fda4;
				E00007FF77FF78EC70B14(0, _t133, _t149);
				goto 0x8ec6fdab;
				E00007FF77FF78EC70780( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8)), _t133);
				if (0 == 0) goto 0x8ec6fdd2;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0x8ec6fdc4;
				if ( *((char*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0x8ec6fdd2;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}
















                                                                                                                                                              0x7ff78ec6fc04
                                                                                                                                                              0x7ff78ec6fc09
                                                                                                                                                              0x7ff78ec6fc0e
                                                                                                                                                              0x7ff78ec6fc18
                                                                                                                                                              0x7ff78ec6fc1b
                                                                                                                                                              0x7ff78ec6fc1e
                                                                                                                                                              0x7ff78ec6fc21
                                                                                                                                                              0x7ff78ec6fc24
                                                                                                                                                              0x7ff78ec6fc2a
                                                                                                                                                              0x7ff78ec6fc2c
                                                                                                                                                              0x7ff78ec6fc2e
                                                                                                                                                              0x7ff78ec6fc37
                                                                                                                                                              0x7ff78ec6fc40
                                                                                                                                                              0x7ff78ec6fc45
                                                                                                                                                              0x7ff78ec6fc4e
                                                                                                                                                              0x7ff78ec6fc54
                                                                                                                                                              0x7ff78ec6fc5c
                                                                                                                                                              0x7ff78ec6fc76
                                                                                                                                                              0x7ff78ec6fc7b
                                                                                                                                                              0x7ff78ec6fc83
                                                                                                                                                              0x7ff78ec6fc8a
                                                                                                                                                              0x7ff78ec6fc90
                                                                                                                                                              0x7ff78ec6fc97
                                                                                                                                                              0x7ff78ec6fca4
                                                                                                                                                              0x7ff78ec6fcb4
                                                                                                                                                              0x7ff78ec6fcbb
                                                                                                                                                              0x7ff78ec6fcc1
                                                                                                                                                              0x7ff78ec6fccb
                                                                                                                                                              0x7ff78ec6fcd5
                                                                                                                                                              0x7ff78ec6fcdc
                                                                                                                                                              0x7ff78ec6fce3
                                                                                                                                                              0x7ff78ec6fce9
                                                                                                                                                              0x7ff78ec6fcee
                                                                                                                                                              0x7ff78ec6fcf7
                                                                                                                                                              0x7ff78ec6fd00
                                                                                                                                                              0x7ff78ec6fd06
                                                                                                                                                              0x7ff78ec6fd0b
                                                                                                                                                              0x7ff78ec6fd0f
                                                                                                                                                              0x7ff78ec6fd12
                                                                                                                                                              0x7ff78ec6fd19
                                                                                                                                                              0x7ff78ec6fd1d
                                                                                                                                                              0x7ff78ec6fd28
                                                                                                                                                              0x7ff78ec6fd2d
                                                                                                                                                              0x7ff78ec6fd33
                                                                                                                                                              0x7ff78ec6fd3a
                                                                                                                                                              0x7ff78ec6fd47
                                                                                                                                                              0x7ff78ec6fd57
                                                                                                                                                              0x7ff78ec6fd59
                                                                                                                                                              0x7ff78ec6fd5d
                                                                                                                                                              0x7ff78ec6fd65
                                                                                                                                                              0x7ff78ec6fd75
                                                                                                                                                              0x7ff78ec6fd78
                                                                                                                                                              0x7ff78ec6fd7c
                                                                                                                                                              0x7ff78ec6fd84
                                                                                                                                                              0x7ff78ec6fd86
                                                                                                                                                              0x7ff78ec6fd8a
                                                                                                                                                              0x7ff78ec6fd8e
                                                                                                                                                              0x7ff78ec6fd98
                                                                                                                                                              0x7ff78ec6fd9d
                                                                                                                                                              0x7ff78ec6fda2
                                                                                                                                                              0x7ff78ec6fda6
                                                                                                                                                              0x7ff78ec6fdb3
                                                                                                                                                              0x7ff78ec6fdb9
                                                                                                                                                              0x7ff78ec6fdc2
                                                                                                                                                              0x7ff78ec6fdc4
                                                                                                                                                              0x7ff78ec6fdcc
                                                                                                                                                              0x7ff78ec6fdcf
                                                                                                                                                              0x7ff78ec6fde8

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: eaa0e8279f47b3a442918b0d2efffb71c4d8b95321069e11353736f5b085a131
                                                                                                                                                              • Instruction ID: ba69a3a191bae0d7e8fa7405df8b8dba38ad7a0d0c197dc78dd2146955de55ca
                                                                                                                                                              • Opcode Fuzzy Hash: eaa0e8279f47b3a442918b0d2efffb71c4d8b95321069e11353736f5b085a131
                                                                                                                                                              • Instruction Fuzzy Hash: 2951BF73E0C69182E728AF68C05427EA7A0FB55B58FA40139CF49177A8CF38EC41C7A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC703AC Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                              			E00007FF77FF78EC703AC(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t140;
				void* _t143;
				intOrPtr _t149;
				void* _t156;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0x8ec70493;
				if (_t110 == 0) goto 0x8ec703fc;
				_t111 = _t86;
				if (_t111 == 0) goto 0x8ec704e7;
				if (_t111 == 0) goto 0x8ec7046b;
				if (_t111 == 0) goto 0x8ec70444;
				if (_t111 == 0) goto 0x8ec704e7;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x8ec704b3;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t143;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0x8ec7042e;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8ec7042e;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8ec70512;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8ec70529;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8ec70465;
				goto 0x8ec70417;
				goto 0x8ec70417;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0x8ec7048d;
				goto 0x8ec70417;
				goto 0x8ec70417;
				if (_t118 == 0) goto 0x8ec703fc;
				if (_t118 == 0) goto 0x8ec703fc;
				if (_t118 == 0) goto 0x8ec703fc;
				goto 0x8ec703ea;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF78EC7A180( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t140,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t156);
				goto 0x8ec7057c;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 8;
				if (0 == 0) goto 0x8ec7050a;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8));
				goto 0x8ec70417;
				goto 0x8ec70417;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xfffffff7;
				E00007FF77FF78EC6F068(_t133, _t133 + 0x50,  *((intOrPtr*)(_t133 + 0x30)), _t149,  *((intOrPtr*)(_t133 + 8)));
				if (_t149 != 0) goto 0x8ec70532;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 0;
				r8b = bpl;
				if (_t143 != 8) goto 0x8ec7054c;
				E00007FF77FF78EC70D84(_t133, _t149);
				goto 0x8ec70553;
				E00007FF77FF78EC709E4( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8)), _t133, _t149);
				if (0 == 0) goto 0x8ec7057a;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0x8ec7056c;
				if ( *((char*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0x8ec7057a;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}
















                                                                                                                                                              0x7ff78ec703ac
                                                                                                                                                              0x7ff78ec703b1
                                                                                                                                                              0x7ff78ec703b6
                                                                                                                                                              0x7ff78ec703c0
                                                                                                                                                              0x7ff78ec703c3
                                                                                                                                                              0x7ff78ec703c6
                                                                                                                                                              0x7ff78ec703c9
                                                                                                                                                              0x7ff78ec703cc
                                                                                                                                                              0x7ff78ec703d2
                                                                                                                                                              0x7ff78ec703d4
                                                                                                                                                              0x7ff78ec703d6
                                                                                                                                                              0x7ff78ec703df
                                                                                                                                                              0x7ff78ec703e8
                                                                                                                                                              0x7ff78ec703ed
                                                                                                                                                              0x7ff78ec703f6
                                                                                                                                                              0x7ff78ec703fc
                                                                                                                                                              0x7ff78ec70404
                                                                                                                                                              0x7ff78ec7041e
                                                                                                                                                              0x7ff78ec70423
                                                                                                                                                              0x7ff78ec7042b
                                                                                                                                                              0x7ff78ec70432
                                                                                                                                                              0x7ff78ec70438
                                                                                                                                                              0x7ff78ec7043f
                                                                                                                                                              0x7ff78ec7044c
                                                                                                                                                              0x7ff78ec7045c
                                                                                                                                                              0x7ff78ec70463
                                                                                                                                                              0x7ff78ec70469
                                                                                                                                                              0x7ff78ec70473
                                                                                                                                                              0x7ff78ec7047d
                                                                                                                                                              0x7ff78ec70484
                                                                                                                                                              0x7ff78ec7048b
                                                                                                                                                              0x7ff78ec70491
                                                                                                                                                              0x7ff78ec70496
                                                                                                                                                              0x7ff78ec7049f
                                                                                                                                                              0x7ff78ec704a8
                                                                                                                                                              0x7ff78ec704ae
                                                                                                                                                              0x7ff78ec704b3
                                                                                                                                                              0x7ff78ec704b7
                                                                                                                                                              0x7ff78ec704ba
                                                                                                                                                              0x7ff78ec704c1
                                                                                                                                                              0x7ff78ec704c5
                                                                                                                                                              0x7ff78ec704d0
                                                                                                                                                              0x7ff78ec704d5
                                                                                                                                                              0x7ff78ec704db
                                                                                                                                                              0x7ff78ec704e2
                                                                                                                                                              0x7ff78ec704ef
                                                                                                                                                              0x7ff78ec704ff
                                                                                                                                                              0x7ff78ec70501
                                                                                                                                                              0x7ff78ec70505
                                                                                                                                                              0x7ff78ec7050d
                                                                                                                                                              0x7ff78ec7051d
                                                                                                                                                              0x7ff78ec70524
                                                                                                                                                              0x7ff78ec7052c
                                                                                                                                                              0x7ff78ec7052e
                                                                                                                                                              0x7ff78ec70532
                                                                                                                                                              0x7ff78ec70536
                                                                                                                                                              0x7ff78ec70540
                                                                                                                                                              0x7ff78ec70545
                                                                                                                                                              0x7ff78ec7054a
                                                                                                                                                              0x7ff78ec7054e
                                                                                                                                                              0x7ff78ec7055b
                                                                                                                                                              0x7ff78ec70561
                                                                                                                                                              0x7ff78ec7056a
                                                                                                                                                              0x7ff78ec7056c
                                                                                                                                                              0x7ff78ec70574
                                                                                                                                                              0x7ff78ec70577
                                                                                                                                                              0x7ff78ec70590

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fd8ebc248ced660718111c5b2368b9a6156698bebe51c5a3ea58e993a1de5436
                                                                                                                                                              • Instruction ID: 6fbc2e20094cbbdf92c1564756e2871ac1be486c2770c72515d199c5a3eb69ed
                                                                                                                                                              • Opcode Fuzzy Hash: fd8ebc248ced660718111c5b2368b9a6156698bebe51c5a3ea58e993a1de5436
                                                                                                                                                              • Instruction Fuzzy Hash: 5551CE32E1864182E7689FACC95633CA7A0FB46B58FA44134DE4D17799CB38EC81C7A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC79050 Relevance: .1, Instructions: 126COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                              			E00007FF77FF78EC79050(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t24;
				int _t26;
				signed int _t51;
				void* _t52;
				signed long long _t66;
				signed int* _t73;
				signed long long _t75;
				signed long long _t77;
				signed long long _t78;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;
				signed long long _t104;
				long long _t115;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long*** _t132;

				_t52 = __edi;
				_t51 = __edx;
				 *((long long*)(_t117 + 0x10)) = __rbx;
				 *((long long*)(_t117 + 0x18)) = _t115;
				 *((long long*)(_t117 + 0x20)) = __rsi;
				_t66 =  *((intOrPtr*)(__rcx));
				_t132 = __rcx;
				_t73 =  *_t66;
				if (_t73 == 0) goto 0x8ec791e4;
				_t124 =  *0x8ec9d000; // 0xa1f108556e84
				_t111 =  *_t73 ^ _t124;
				asm("dec eax");
				_t75 = _t73[4] ^ _t124;
				asm("dec ecx");
				asm("dec eax");
				if ((_t73[2] ^ _t124) != _t75) goto 0x8ec79156;
				_t77 = _t75 - ( *_t73 ^ _t124) >> 3;
				_t101 =  >  ? _t66 : _t77;
				_t6 = _t115 + 0x20; // 0x20
				_t102 = ( >  ? _t66 : _t77) + _t77;
				_t103 =  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77;
				if (( ==  ? _t66 : ( >  ? _t66 : _t77) + _t77) - _t77 < 0) goto 0x8ec790f2;
				_t7 = _t115 + 8; // 0x8
				r8d = _t7;
				E00007FF77FF78EC82890(_t6, _t77, _t111,  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77, _t111, _t115, _t120);
				_t24 = E00007FF77FF78EC7A2B8(_t66, _t111);
				if (_t66 != 0) goto 0x8ec7911a;
				_t104 = _t77 + 4;
				r8d = 8;
				E00007FF77FF78EC82890(_t24, _t77, _t111, _t104, _t111, _t115, _t120);
				_t129 = _t66;
				_t26 = E00007FF77FF78EC7A2B8(_t66, _t111);
				if (_t129 == 0) goto 0x8ec791e4;
				_t123 = _t129 + _t77 * 8;
				_t78 = _t129 + _t104 * 8;
				_t88 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				_t64 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				if (( >  ? _t115 : _t78 - _t123 + 7 >> 3) == 0) goto 0x8ec79156;
				memset(_t52, _t26, 0 << 0);
				_t126 =  *0x8ec9d000; // 0xa1f108556e84
				r8d = 0x40;
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t95 =  *0x8ec9d000; // 0xa1f108556e84
				asm("dec eax");
				 *( *( *_t132)) = _t129 ^ _t95;
				_t96 =  *0x8ec9d000; // 0xa1f108556e84
				asm("dec eax");
				( *( *_t132))[1] =  &(_t123[1]) ^ _t96;
				_t98 =  *0x8ec9d000; // 0xa1f108556e84
				r8d = r8d - (_t51 & 0x0000003f);
				asm("dec eax");
				( *( *_t132))[2] = _t78 ^ _t98;
				goto 0x8ec791e7;
				return 0xffffffff;
			}
























                                                                                                                                                              0x7ff78ec79050
                                                                                                                                                              0x7ff78ec79050
                                                                                                                                                              0x7ff78ec79050
                                                                                                                                                              0x7ff78ec79055
                                                                                                                                                              0x7ff78ec7905a
                                                                                                                                                              0x7ff78ec79068
                                                                                                                                                              0x7ff78ec7906d
                                                                                                                                                              0x7ff78ec79070
                                                                                                                                                              0x7ff78ec79076
                                                                                                                                                              0x7ff78ec7907c
                                                                                                                                                              0x7ff78ec79094
                                                                                                                                                              0x7ff78ec7909a
                                                                                                                                                              0x7ff78ec7909d
                                                                                                                                                              0x7ff78ec790a0
                                                                                                                                                              0x7ff78ec790a3
                                                                                                                                                              0x7ff78ec790a9
                                                                                                                                                              0x7ff78ec790b7
                                                                                                                                                              0x7ff78ec790c1
                                                                                                                                                              0x7ff78ec790c5
                                                                                                                                                              0x7ff78ec790c8
                                                                                                                                                              0x7ff78ec790cb
                                                                                                                                                              0x7ff78ec790d2
                                                                                                                                                              0x7ff78ec790d4
                                                                                                                                                              0x7ff78ec790d4
                                                                                                                                                              0x7ff78ec790de
                                                                                                                                                              0x7ff78ec790e8
                                                                                                                                                              0x7ff78ec790f0
                                                                                                                                                              0x7ff78ec790f2
                                                                                                                                                              0x7ff78ec790f6
                                                                                                                                                              0x7ff78ec79102
                                                                                                                                                              0x7ff78ec79109
                                                                                                                                                              0x7ff78ec7910c
                                                                                                                                                              0x7ff78ec79114
                                                                                                                                                              0x7ff78ec79121
                                                                                                                                                              0x7ff78ec79125
                                                                                                                                                              0x7ff78ec7913d
                                                                                                                                                              0x7ff78ec79141
                                                                                                                                                              0x7ff78ec79144
                                                                                                                                                              0x7ff78ec7914c
                                                                                                                                                              0x7ff78ec7914f
                                                                                                                                                              0x7ff78ec79156
                                                                                                                                                              0x7ff78ec79175
                                                                                                                                                              0x7ff78ec7917b
                                                                                                                                                              0x7ff78ec7917e
                                                                                                                                                              0x7ff78ec79191
                                                                                                                                                              0x7ff78ec7919a
                                                                                                                                                              0x7ff78ec791a0
                                                                                                                                                              0x7ff78ec791b1
                                                                                                                                                              0x7ff78ec791ba
                                                                                                                                                              0x7ff78ec791be
                                                                                                                                                              0x7ff78ec791ca
                                                                                                                                                              0x7ff78ec791d3
                                                                                                                                                              0x7ff78ec791de
                                                                                                                                                              0x7ff78ec791e2
                                                                                                                                                              0x7ff78ec791ff

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastPrivilegeRelease
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1334314998-0
                                                                                                                                                              • Opcode ID: 43b99864422a8676007e5736afaec170887928904427b2342eae56f92314234e
                                                                                                                                                              • Instruction ID: 56debbe2aa40a8734df920f431a0391d850867f527e902091c0e8c1486fdec16
                                                                                                                                                              • Opcode Fuzzy Hash: 43b99864422a8676007e5736afaec170887928904427b2342eae56f92314234e
                                                                                                                                                              • Instruction Fuzzy Hash: 9E41F822B14A5582EF44DFAAD914169B7A1FB48FC4B99A036EE0D97B58EF3CD152C300
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC76444 Relevance: .1, Instructions: 98COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 16%
                                                                                                                                                              			E00007FF77FF78EC76444(intOrPtr __edi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				long long _v16;
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				void* _t29;
				void* _t30;
				void* _t34;
				intOrPtr* _t61;
				intOrPtr* _t62;
				long long _t64;
				intOrPtr* _t84;
				long long _t91;

				_t61 = _t84;
				 *((long long*)(_t61 + 8)) = __rbx;
				 *((long long*)(_t61 + 0x10)) = __rbp;
				 *((long long*)(_t61 + 0x18)) = __rsi;
				 *((long long*)(_t61 + 0x20)) = __rdi;
				r14d = 0;
				 *((long long*)(_t61 - 0x10)) = _t91;
				 *((long long*)(_t61 - 0x18)) = _t91;
				 *((intOrPtr*)(_t61 - 0x20)) = r14d;
				r9d = r9d | 0xffffffff;
				 *((long long*)(_t61 - 0x28)) = _t91;
				E00007FF77FF78EC7F4A4();
				if (_t29 != 0) goto 0x8ec7649d;
				_t30 = E00007FF77FF78EC75E08(_t61);
				 *_t61 = 0x2a;
				goto 0x8ec764d0;
				if (__rdx == 0) goto 0x8ec764d0;
				_v16 = _t91;
				r9d = r9d | 0xffffffff;
				_v24 = _t91;
				_v32 = r14d;
				_v40 = _t91;
				E00007FF77FF78EC7F4A4();
				if (_t30 == 0) goto 0x8ec7648d;
				E00007FF77FF78EC7E248(_t30, _t91 + _t30, __rdx);
				_t64 = _t61;
				if (_t61 != 0) goto 0x8ec764f3;
				E00007FF77FF78EC7A2B8(_t61, _t91 + _t30);
				goto 0x8ec7657b;
				_v16 = _t91;
				r9d = r9d | 0xffffffff;
				_v24 = _t91;
				_v32 = __edi;
				_v40 = _t64;
				E00007FF77FF78EC7F4A4();
				if (0 != 0) goto 0x8ec7652d;
				_t34 = E00007FF77FF78EC75E08(_t61);
				 *_t61 = 0x2a;
				goto 0x8ec764e7;
				if (__rdx == 0) goto 0x8ec76563;
				_t62 = _t64 + _t64;
				_v16 = _t91;
				_v24 = _t91;
				_v32 = __edi;
				r9d = r9d | 0xffffffff;
				_v40 = _t62;
				 *((char*)(_t62 - 1)) = 0x3d;
				E00007FF77FF78EC7F4A4();
				if (_t34 == 0) goto 0x8ec7651d;
				0x8ec8065c(_t91);
				return E00007FF77FF78EC7A2B8(_t62, _t64) & 0xffffff00 | _t34 == 0x00000000;
			}















                                                                                                                                                              0x7ff78ec76444
                                                                                                                                                              0x7ff78ec76447
                                                                                                                                                              0x7ff78ec7644b
                                                                                                                                                              0x7ff78ec7644f
                                                                                                                                                              0x7ff78ec76453
                                                                                                                                                              0x7ff78ec7645d
                                                                                                                                                              0x7ff78ec76463
                                                                                                                                                              0x7ff78ec7646a
                                                                                                                                                              0x7ff78ec76471
                                                                                                                                                              0x7ff78ec76475
                                                                                                                                                              0x7ff78ec7647b
                                                                                                                                                              0x7ff78ec76481
                                                                                                                                                              0x7ff78ec7648b
                                                                                                                                                              0x7ff78ec7648d
                                                                                                                                                              0x7ff78ec76495
                                                                                                                                                              0x7ff78ec7649b
                                                                                                                                                              0x7ff78ec764a0
                                                                                                                                                              0x7ff78ec764a2
                                                                                                                                                              0x7ff78ec764a7
                                                                                                                                                              0x7ff78ec764ab
                                                                                                                                                              0x7ff78ec764b3
                                                                                                                                                              0x7ff78ec764bc
                                                                                                                                                              0x7ff78ec764c1
                                                                                                                                                              0x7ff78ec764cb
                                                                                                                                                              0x7ff78ec764d8
                                                                                                                                                              0x7ff78ec764dd
                                                                                                                                                              0x7ff78ec764e3
                                                                                                                                                              0x7ff78ec764e7
                                                                                                                                                              0x7ff78ec764ee
                                                                                                                                                              0x7ff78ec764f3
                                                                                                                                                              0x7ff78ec764f8
                                                                                                                                                              0x7ff78ec764fc
                                                                                                                                                              0x7ff78ec76504
                                                                                                                                                              0x7ff78ec7650c
                                                                                                                                                              0x7ff78ec76511
                                                                                                                                                              0x7ff78ec7651b
                                                                                                                                                              0x7ff78ec7651d
                                                                                                                                                              0x7ff78ec76525
                                                                                                                                                              0x7ff78ec7652b
                                                                                                                                                              0x7ff78ec76530
                                                                                                                                                              0x7ff78ec76532
                                                                                                                                                              0x7ff78ec76536
                                                                                                                                                              0x7ff78ec7653d
                                                                                                                                                              0x7ff78ec76542
                                                                                                                                                              0x7ff78ec76546
                                                                                                                                                              0x7ff78ec7654d
                                                                                                                                                              0x7ff78ec76554
                                                                                                                                                              0x7ff78ec7655a
                                                                                                                                                              0x7ff78ec76561
                                                                                                                                                              0x7ff78ec76568
                                                                                                                                                              0x7ff78ec76595

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 721ef34c1cb2f1d2d2f57db3ab94124e790f877d992efb5528ea47905badfff5
                                                                                                                                                              • Instruction ID: 0a3680220bb176631f2bdbfb4ba401072e7627b38c3ac77efa214c3388b1e9b7
                                                                                                                                                              • Opcode Fuzzy Hash: 721ef34c1cb2f1d2d2f57db3ab94124e790f877d992efb5528ea47905badfff5
                                                                                                                                                              • Instruction Fuzzy Hash: 53319432F1CB4242E764EF69E84112DA695BF84BA0FA44238EE5D53BA6DF3CD041C614
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC88950 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00007FF77FF78EC88950(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0x8ecad3bc = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0x8ec889b1;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0x8ecad3bc; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0x8ecad3bc = r8d;
				 *0x8ecad3c0 = r8d;
				return 0;
			}







                                                                                                                                                              0x7ff78ec88950
                                                                                                                                                              0x7ff78ec88956
                                                                                                                                                              0x7ff78ec8895b
                                                                                                                                                              0x7ff78ec88962
                                                                                                                                                              0x7ff78ec88962
                                                                                                                                                              0x7ff78ec88969
                                                                                                                                                              0x7ff78ec8896b
                                                                                                                                                              0x7ff78ec88973
                                                                                                                                                              0x7ff78ec88979
                                                                                                                                                              0x7ff78ec8897d
                                                                                                                                                              0x7ff78ec88983
                                                                                                                                                              0x7ff78ec88987
                                                                                                                                                              0x7ff78ec88991
                                                                                                                                                              0x7ff78ec8899b
                                                                                                                                                              0x7ff78ec889a6
                                                                                                                                                              0x7ff78ec889aa
                                                                                                                                                              0x7ff78ec889b1
                                                                                                                                                              0x7ff78ec889bf

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 685721b868abd79bb6039a7cb0fed6cfa8a4d2ca7c489b0716d2b85c066e7ea4
                                                                                                                                                              • Instruction ID: 197808445cfb6043f9176217988fa7a2686ead3f23c3d7c0c156f584e725ff6d
                                                                                                                                                              • Opcode Fuzzy Hash: 685721b868abd79bb6039a7cb0fed6cfa8a4d2ca7c489b0716d2b85c066e7ea4
                                                                                                                                                              • Instruction Fuzzy Hash: 79F068B2B192958ADBA49F69E402629BBE0F708384FD0843DD58D83B44D73C9050CF14
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6AB04 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 39a1a216b36ec4f1213f8b1959555be0810dbfbd84f05320a3a61314d1c7cd00
                                                                                                                                                              • Instruction ID: 03e6bb00f6d44a81a1771e1a0db9ee2bc0967b0363b10b1778eedb3fb73aa8f2
                                                                                                                                                              • Opcode Fuzzy Hash: 39a1a216b36ec4f1213f8b1959555be0810dbfbd84f05320a3a61314d1c7cd00
                                                                                                                                                              • Instruction Fuzzy Hash: EEA00235D0CC12D0E684AB80E971032A331FB94340BE05436E40D510B0DF3CE840C360
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC62F00 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 44%
                                                                                                                                                              			E00007FF77FF78EC62F00(void* __edx, long long __rax, struct HINSTANCE__* __rbx, void* __rcx, void* _a8) {
				void* _t20;
				void* _t21;

				GetProcAddress(__rbx);
				 *0x8ec9dca8 = __rax;
				if (__rax != 0) goto 0x8ec62f4b;
				E00007FF77FF78EC61CB0("GetProcAddress", "Failed to get address for Py_DontWriteBytecodeFlag\n", _t20, _t21);
				return 0xffffffff;
			}





                                                                                                                                                              0x7ff78ec62f16
                                                                                                                                                              0x7ff78ec62f1c
                                                                                                                                                              0x7ff78ec62f26
                                                                                                                                                              0x7ff78ec62f36
                                                                                                                                                              0x7ff78ec62f4a

                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62F16
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62F55
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62F7A
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62F9F
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62FC7
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62FEF
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC63017
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC6303F
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC63067
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                              • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                              • API String ID: 190572456-3109299426
                                                                                                                                                              • Opcode ID: 6dac1c92e6f7fbc275b6c3ad7bc64d4d5fe1c3f7fabe1334cf705fcdd83ef4fe
                                                                                                                                                              • Instruction ID: d4fadd5457441769856bb77ccc97dc0262a33a176bb1dec9532fd24c45baa731
                                                                                                                                                              • Opcode Fuzzy Hash: 6dac1c92e6f7fbc275b6c3ad7bc64d4d5fe1c3f7fabe1334cf705fcdd83ef4fe
                                                                                                                                                              • Instruction Fuzzy Hash: 6442B164E0EB2791EA99BB88FA501B5E7A1BF45781FF45139C80E06369FF7CE504D220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66B50 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • MultiByteToWideChar.KERNEL32 ref: 00007FF78EC66B8C
                                                                                                                                                                • Part of subcall function 00007FF78EC61CB0: GetLastError.KERNEL32(?,?,00000000,00007FF78EC66864,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC61CD7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                                                                                                              • API String ID: 203985260-1562484376
                                                                                                                                                              • Opcode ID: d3752e6c6da69cae8543d0e88b7e3fb0dc0c42f63ccae895a26a5b2108bb0f55
                                                                                                                                                              • Instruction ID: 18df2c53439f9cded65a6741361074609534c9d1b5916798ddef9552dc0580c9
                                                                                                                                                              • Opcode Fuzzy Hash: d3752e6c6da69cae8543d0e88b7e3fb0dc0c42f63ccae895a26a5b2108bb0f55
                                                                                                                                                              • Instruction Fuzzy Hash: CF417E31F0CA52A1E610BBA5ED5047AE6A2FB947C0FB44539D96E47AA5EF3CE501C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC612B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                              			E00007FF77FF78EC612B0(long long* __rcx, void* __rdx) {
				void* _t2;
				long long _t8;
				void* _t15;
				void* _t16;
				void* _t17;

				_t8 =  *((intOrPtr*)(__rcx));
				_t15 = __rdx;
				if (_t8 != 0) goto 0x8ec612f8;
				_t2 = E00007FF77FF78EC62DC0(_t8, __rcx + 0x78, "rb");
				 *__rcx = _t8;
				if (_t8 != 0) goto 0x8ec612f8;
				E00007FF77FF78EC61C50(_t2, _t8, "Failed to extract %s: failed to open archive file!\n", _t15 + 0x12, _t16, _t17);
				return 0;
			}








                                                                                                                                                              0x7ff78ec612b8
                                                                                                                                                              0x7ff78ec612bb
                                                                                                                                                              0x7ff78ec612c4
                                                                                                                                                              0x7ff78ec612d1
                                                                                                                                                              0x7ff78ec612d6
                                                                                                                                                              0x7ff78ec612dc
                                                                                                                                                              0x7ff78ec612e9
                                                                                                                                                              0x7ff78ec612f7

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                              • API String ID: 0-3659356012
                                                                                                                                                              • Opcode ID: a426df136810257ac94b105543e8abcd0de4423a6d90d61bf1243f5ca4c144eb
                                                                                                                                                              • Instruction ID: cf4dba1e9c3b9a394d00342bb5df9421f58c057ebb3c81cef11e89181c95f360
                                                                                                                                                              • Opcode Fuzzy Hash: a426df136810257ac94b105543e8abcd0de4423a6d90d61bf1243f5ca4c144eb
                                                                                                                                                              • Instruction Fuzzy Hash: B8416D22E0865285EE14FB96E5012BAE3A0FB447D5FE44436DE4D47B65EF3CE582C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC79714 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                              			E00007FF77FF78EC79714(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, void* __r9, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				void* _t156;
				void* _t186;
				signed short _t200;
				signed short _t201;
				signed int _t202;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				signed short* _t381;
				signed short* _t382;
				signed short* _t383;
				signed short* _t385;
				signed short** _t386;
				long long _t387;
				long long* _t390;
				signed short* _t391;
				long long* _t395;
				long long* _t396;
				long long* _t397;
				signed short** _t398;
				void* _t399;
				void* _t400;
				signed short* _t405;
				signed short* _t406;
				long long _t408;
				signed short* _t409;
				long long _t410;
				intOrPtr _t411;

				_t404 = __r8;
				_t395 = __rdx;
				_t387 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t408 =  *((intOrPtr*)(__rdx));
				r13d = 0;
				_t256 = r9b & 0xffffffff;
				r14d = r8d;
				_v64 = _t408;
				_t398 = __rdx;
				if (_t408 != 0) goto 0x8ec7975f;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec79791;
				if (r14d == 0) goto 0x8ec797a9;
				_t4 = _t404 - 2; // -2
				if (_t4 - 0x22 <= 0) goto 0x8ec797a9;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t410;
				E00007FF77FF78EC7A180(__rax, __rbx, __rcx, __rdx, _t399, _t400, __r8);
				_t390 = _t398[1];
				if (_t390 == 0) goto 0x8ec79df5;
				 *_t390 =  *_t398;
				goto 0x8ec79df5;
				_t10 = _t408 + 2; // 0x2
				 *_t395 = _t10;
				_t261 = r13d;
				if ( *((intOrPtr*)(_t390 + 0x28)) != r13b) goto 0x8ec797d3;
				E00007FF77FF78EC735D0(_t10, _t387, _t390, _t399);
				goto 0x8ec797d3;
				_t379 =  *_t398;
				 *_t398 =  &(( *_t398)[1]);
				if (E00007FF77FF78EC77E88( *_t379 & 0xffff, 8, _t387, _t390) != 0) goto 0x8ec797c6;
				_t258 =  !=  ? _t256 : _t256 | 0x00000002;
				_t12 = _t387 - 0x2b; // -43
				if ((0x0000fffd & _t12) != 0) goto 0x8ec7980a;
				_t381 =  *_t398;
				_t200 =  *_t381 & 0x0000ffff;
				_t382 =  &(_t381[1]);
				 *_t398 = _t382;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t382 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0x8ec79b78;
				if (_t200 - 0x30 < 0) goto 0x8ec79ac7;
				if (_t200 - 0x3a >= 0) goto 0x8ec79916;
				goto 0x8ec79ac2;
				if (_t200 - 0xff10 >= 0) goto 0x8ec79ab3;
				if (_t200 - r8w < 0) goto 0x8ec79ac7;
				if (_t200 - 0x66a >= 0) goto 0x8ec7993e;
				goto 0x8ec79ac2;
				if (_t200 - r10w < 0) goto 0x8ec79ac7;
				if (_t200 - 0x6fa >= 0) goto 0x8ec7995d;
				goto 0x8ec79ac2;
				if (_t200 - r11w < 0) goto 0x8ec79ac7;
				if (_t200 - 0x970 >= 0) goto 0x8ec7997c;
				goto 0x8ec79ac2;
				if (_t200 - r9w < 0) goto 0x8ec79ac7;
				if (_t200 - 0x9f0 >= 0) goto 0x8ec7999b;
				goto 0x8ec79ac2;
				if (_t200 - (_t200 & 0x0000ffff) - r9d < 0) goto 0x8ec79ac7;
				if (_t200 - _a16 >= 0) goto 0x8ec799bb;
				goto 0x8ec79ac2;
				if (_t200 - _v152 < 0) goto 0x8ec79ac7;
				if (_t200 - _v148 < 0) goto 0x8ec7990c;
				if (_t200 - _v144 < 0) goto 0x8ec79ac7;
				if (_t200 - _v140 < 0) goto 0x8ec7990c;
				if (_t200 - _v136 < 0) goto 0x8ec79ac7;
				if (_t200 - _v132 < 0) goto 0x8ec7990c;
				if (_t200 - _v128 < 0) goto 0x8ec79ac7;
				if (_t200 - _v124 < 0) goto 0x8ec7990c;
				if (_t200 - _v120 < 0) goto 0x8ec79ac7;
				if (_t200 - _v116 < 0) goto 0x8ec7990c;
				if (_t200 - _v112 < 0) goto 0x8ec79ac7;
				if (_t200 - _v108 < 0) goto 0x8ec7990c;
				if (_t200 - _v104 < 0) goto 0x8ec79ac7;
				if (_t200 - _v100 < 0) goto 0x8ec7990c;
				if (_t200 - _v96 < 0) goto 0x8ec79ac7;
				if (_t200 - _v92 < 0) goto 0x8ec7990c;
				if (_t200 - _v88 < 0) goto 0x8ec79ac7;
				if (_t200 - _v84 < 0) goto 0x8ec7990c;
				if (_t200 - _v80 < 0) goto 0x8ec79ac7;
				if (_t200 - _v76 < 0) goto 0x8ec7990c;
				if ((_t200 & 0x0000ffff) - _v72 - 9 > 0) goto 0x8ec79ac7;
				goto 0x8ec7990c;
				if (_t200 - _v68 >= 0) goto 0x8ec79ac7;
				if ((_t200 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0x8ec79ae9;
				_t64 = _t390 - 0x41; // -17
				_t65 = _t390 - 0x61; // -49
				_t156 = _t65;
				if (_t64 - 0x19 <= 0) goto 0x8ec79ade;
				if (_t156 - 0x19 > 0) goto 0x8ec79b69;
				if (_t156 - 0x19 > 0) goto 0x8ec79ae6;
				_t66 = _t390 - 0x37; // -231
				if (_t66 != 0) goto 0x8ec79b69;
				_t391 =  *_t398;
				r9d = 0xffdf;
				_t251 =  *_t391 & 0x0000ffff;
				_t67 =  &(_t391[1]); // 0xffe1
				_t405 = _t67;
				 *_t398 = _t405;
				_t68 = _t395 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0x8ec79b51;
				 *_t398 = _t391;
				_t160 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t251 == 0) goto 0x8ec79b49;
				if ( *_t391 == _t251) goto 0x8ec79b49;
				E00007FF77FF78EC75E08(_t382);
				 *_t382 = 0x16;
				E00007FF77FF78EC7A250();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0x8ec79b78;
				r8d = 0x660;
				goto 0x8ec79b78;
				_t201 =  *_t405 & 0x0000ffff;
				_t71 =  &(_t405[1]); // 0xffe3
				_t383 = _t71;
				 *_t398 = _t383;
				r8d = 0x660;
				goto 0x8ec79b6e;
				_t165 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t166 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t253 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r12d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t201 - r12w < 0) goto 0x8ec79d48;
				if (_t201 - 0x3a >= 0) goto 0x8ec79baa;
				goto 0x8ec79d43;
				if (_t201 - r15w >= 0) goto 0x8ec79d33;
				if (_t201 - r8w < 0) goto 0x8ec79d48;
				if (_t201 - 0x66a >= 0) goto 0x8ec79bd3;
				goto 0x8ec79d43;
				if (_t201 - r10w < 0) goto 0x8ec79d48;
				if (_t201 - 0x6fa >= 0) goto 0x8ec79bf2;
				goto 0x8ec79d43;
				if (_t201 - r11w < 0) goto 0x8ec79d48;
				if (_t201 - 0x970 >= 0) goto 0x8ec79c11;
				goto 0x8ec79d43;
				if (_t201 - 0x9e6 < 0) goto 0x8ec79d48;
				_t76 =  &(_t383[5]); // 0x9f0
				if (_t201 - _t76 >= 0) goto 0x8ec79c31;
				goto 0x8ec79d43;
				if (_t201 - 0xa66 < 0) goto 0x8ec79d48;
				if (_t201 - _a16 < 0) goto 0x8ec79c27;
				if (_t201 - _v152 < 0) goto 0x8ec79d48;
				if (_t201 - _v148 < 0) goto 0x8ec79c27;
				if (_t201 - _v144 < 0) goto 0x8ec79d48;
				if (_t201 - _v140 < 0) goto 0x8ec79c27;
				if (_t201 - _v136 < 0) goto 0x8ec79d48;
				if (_t201 - _v132 < 0) goto 0x8ec79c27;
				if (_t201 - _v128 < 0) goto 0x8ec79d48;
				if (_t201 - _v124 < 0) goto 0x8ec79c27;
				if (_t201 - _v120 < 0) goto 0x8ec79d48;
				if (_t201 - _v116 < 0) goto 0x8ec79c27;
				if (_t201 - _v112 < 0) goto 0x8ec79d48;
				if (_t201 - _v108 < 0) goto 0x8ec79c27;
				if (_t201 - _v104 < 0) goto 0x8ec79d48;
				if (_t201 - _v100 < 0) goto 0x8ec79c27;
				if (_t201 - _v96 < 0) goto 0x8ec79d48;
				if (_t201 - _v92 < 0) goto 0x8ec79c27;
				if (_t201 - _v88 < 0) goto 0x8ec79d48;
				if (_t201 - _v84 < 0) goto 0x8ec79c27;
				if (_t201 - _v80 < 0) goto 0x8ec79d48;
				if (_t201 - _v76 < 0) goto 0x8ec79c27;
				if ((_t201 & 0x0000ffff) - _v72 - 9 > 0) goto 0x8ec79d48;
				goto 0x8ec79d43;
				if (_t201 - _v68 >= 0) goto 0x8ec79d48;
				if ((_t201 & 0x0000ffff) - r15d != 0xffffffff) goto 0x8ec79d6b;
				_t100 = _t391 - 0x41; // -65
				_t101 = _t391 - 0x61; // -97
				_t186 = _t101;
				if (_t100 - 0x19 <= 0) goto 0x8ec79d5b;
				if (_t186 - 0x19 > 0) goto 0x8ec79d68;
				if (_t186 - 0x19 > 0) goto 0x8ec79d63;
				goto 0x8ec79d6b;
				_t406 =  *_t398;
				if (((_t201 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0x8ec79daf;
				_t202 =  *_t406 & 0x0000ffff;
				_t255 = _t383 + _t391;
				_t262 = _t255;
				_t107 =  &(_t406[1]); // 0x2
				r8d = 0x660;
				 *_t398 = _t107;
				_t259 = ( !=  ? _t256 : _t256 | 0x00000002) | (r13d & 0xffffff00 | _t255 - r13d * r14d > 0x00000000 | r13d & 0xffffff00 | _t261 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0x8ec79b8f;
				_t411 = _a8;
				_t109 = _t406 - 2; // -2
				_t385 = _t109;
				_t409 = _v64;
				 *_t398 = _t385;
				if (_t202 == 0) goto 0x8ec79de0;
				if ( *_t385 == _t202) goto 0x8ec79de0;
				E00007FF77FF78EC75E08(_t385);
				 *_t385 = 0x16;
				E00007FF77FF78EC7A250();
				if ((sil & 0x00000008) != 0) goto 0x8ec79dfc;
				_t386 = _t398[1];
				 *_t398 = _t409;
				if (_t386 == 0) goto 0x8ec79df5;
				 *_t386 = _t409;
				goto 0x8ec79e80;
				r8d = 0x80000000;
				_t114 = _t406 - 1; // -1
				r9d = _t114;
				if ((sil & 0x00000004) != 0) goto 0x8ec79e24;
				if ((sil & 0x00000001) == 0) goto 0x8ec79e67;
				if ((sil & 0x00000002) == 0) goto 0x8ec79e1f;
				if (_t262 - r8d <= 0) goto 0x8ec79e6d;
				goto 0x8ec79e24;
				if (_t262 - r9d <= 0) goto 0x8ec79e6f;
				 *((char*)(_t411 + 0x30)) = 1;
				 *((intOrPtr*)(_t411 + 0x2c)) = 0x22;
				if ((_t259 & 0x00000001) != 0) goto 0x8ec79e3f;
				goto 0x8ec79e6f;
				_t396 = _t398[1];
				if ((_t259 & 0x00000002) == 0) goto 0x8ec79e57;
				if (_t396 == 0) goto 0x8ec79e52;
				 *_t396 =  *_t398;
				goto 0x8ec79e80;
				if (_t396 == 0) goto 0x8ec79e62;
				 *_t396 =  *_t398;
				goto 0x8ec79e80;
				if ((sil & 0x00000002) == 0) goto 0x8ec79e6f;
				_t397 = _t398[1];
				if (_t397 == 0) goto 0x8ec79e7e;
				 *_t397 =  *_t398;
				return  ~(_t262 | 0xffffffff);
			}





























































                                                                                                                                                              0x7ff78ec79714
                                                                                                                                                              0x7ff78ec79714
                                                                                                                                                              0x7ff78ec79714
                                                                                                                                                              0x7ff78ec79714
                                                                                                                                                              0x7ff78ec79719
                                                                                                                                                              0x7ff78ec79730
                                                                                                                                                              0x7ff78ec79733
                                                                                                                                                              0x7ff78ec79736
                                                                                                                                                              0x7ff78ec7973a
                                                                                                                                                              0x7ff78ec7973d
                                                                                                                                                              0x7ff78ec79745
                                                                                                                                                              0x7ff78ec7974b
                                                                                                                                                              0x7ff78ec7974d
                                                                                                                                                              0x7ff78ec79752
                                                                                                                                                              0x7ff78ec79758
                                                                                                                                                              0x7ff78ec7975d
                                                                                                                                                              0x7ff78ec79762
                                                                                                                                                              0x7ff78ec79764
                                                                                                                                                              0x7ff78ec7976b
                                                                                                                                                              0x7ff78ec7976d
                                                                                                                                                              0x7ff78ec79772
                                                                                                                                                              0x7ff78ec79775
                                                                                                                                                              0x7ff78ec79779
                                                                                                                                                              0x7ff78ec7977c
                                                                                                                                                              0x7ff78ec79787
                                                                                                                                                              0x7ff78ec7978c
                                                                                                                                                              0x7ff78ec79791
                                                                                                                                                              0x7ff78ec79798
                                                                                                                                                              0x7ff78ec797a1
                                                                                                                                                              0x7ff78ec797a4
                                                                                                                                                              0x7ff78ec797ae
                                                                                                                                                              0x7ff78ec797b3
                                                                                                                                                              0x7ff78ec797b6
                                                                                                                                                              0x7ff78ec797bd
                                                                                                                                                              0x7ff78ec797bf
                                                                                                                                                              0x7ff78ec797c4
                                                                                                                                                              0x7ff78ec797c6
                                                                                                                                                              0x7ff78ec797d0
                                                                                                                                                              0x7ff78ec797e2
                                                                                                                                                              0x7ff78ec797f2
                                                                                                                                                              0x7ff78ec797f5
                                                                                                                                                              0x7ff78ec797fb
                                                                                                                                                              0x7ff78ec797fd
                                                                                                                                                              0x7ff78ec79800
                                                                                                                                                              0x7ff78ec79803
                                                                                                                                                              0x7ff78ec79807
                                                                                                                                                              0x7ff78ec7980a
                                                                                                                                                              0x7ff78ec7981a
                                                                                                                                                              0x7ff78ec79827
                                                                                                                                                              0x7ff78ec79834
                                                                                                                                                              0x7ff78ec7983c
                                                                                                                                                              0x7ff78ec79842
                                                                                                                                                              0x7ff78ec7984a
                                                                                                                                                              0x7ff78ec7984a
                                                                                                                                                              0x7ff78ec7984e
                                                                                                                                                              0x7ff78ec79856
                                                                                                                                                              0x7ff78ec7985c
                                                                                                                                                              0x7ff78ec79864
                                                                                                                                                              0x7ff78ec7986a
                                                                                                                                                              0x7ff78ec79872
                                                                                                                                                              0x7ff78ec7987a
                                                                                                                                                              0x7ff78ec79882
                                                                                                                                                              0x7ff78ec7988a
                                                                                                                                                              0x7ff78ec79892
                                                                                                                                                              0x7ff78ec7989a
                                                                                                                                                              0x7ff78ec798a2
                                                                                                                                                              0x7ff78ec798aa
                                                                                                                                                              0x7ff78ec798b2
                                                                                                                                                              0x7ff78ec798ba
                                                                                                                                                              0x7ff78ec798c2
                                                                                                                                                              0x7ff78ec798ca
                                                                                                                                                              0x7ff78ec798d2
                                                                                                                                                              0x7ff78ec798da
                                                                                                                                                              0x7ff78ec798e5
                                                                                                                                                              0x7ff78ec798f7
                                                                                                                                                              0x7ff78ec79900
                                                                                                                                                              0x7ff78ec7990a
                                                                                                                                                              0x7ff78ec79911
                                                                                                                                                              0x7ff78ec79919
                                                                                                                                                              0x7ff78ec79923
                                                                                                                                                              0x7ff78ec79931
                                                                                                                                                              0x7ff78ec79939
                                                                                                                                                              0x7ff78ec79942
                                                                                                                                                              0x7ff78ec79950
                                                                                                                                                              0x7ff78ec79958
                                                                                                                                                              0x7ff78ec79961
                                                                                                                                                              0x7ff78ec7996f
                                                                                                                                                              0x7ff78ec79977
                                                                                                                                                              0x7ff78ec79980
                                                                                                                                                              0x7ff78ec7998e
                                                                                                                                                              0x7ff78ec79996
                                                                                                                                                              0x7ff78ec7999e
                                                                                                                                                              0x7ff78ec799ac
                                                                                                                                                              0x7ff78ec799b6
                                                                                                                                                              0x7ff78ec799c2
                                                                                                                                                              0x7ff78ec799cd
                                                                                                                                                              0x7ff78ec799da
                                                                                                                                                              0x7ff78ec799e5
                                                                                                                                                              0x7ff78ec799f2
                                                                                                                                                              0x7ff78ec799fd
                                                                                                                                                              0x7ff78ec79a0a
                                                                                                                                                              0x7ff78ec79a15
                                                                                                                                                              0x7ff78ec79a22
                                                                                                                                                              0x7ff78ec79a2d
                                                                                                                                                              0x7ff78ec79a3a
                                                                                                                                                              0x7ff78ec79a45
                                                                                                                                                              0x7ff78ec79a52
                                                                                                                                                              0x7ff78ec79a59
                                                                                                                                                              0x7ff78ec79a66
                                                                                                                                                              0x7ff78ec79a6d
                                                                                                                                                              0x7ff78ec79a7a
                                                                                                                                                              0x7ff78ec79a81
                                                                                                                                                              0x7ff78ec79a8e
                                                                                                                                                              0x7ff78ec79a95
                                                                                                                                                              0x7ff78ec79aac
                                                                                                                                                              0x7ff78ec79aae
                                                                                                                                                              0x7ff78ec79abb
                                                                                                                                                              0x7ff78ec79ac5
                                                                                                                                                              0x7ff78ec79aca
                                                                                                                                                              0x7ff78ec79ad0
                                                                                                                                                              0x7ff78ec79ad0
                                                                                                                                                              0x7ff78ec79ad3
                                                                                                                                                              0x7ff78ec79ad8
                                                                                                                                                              0x7ff78ec79ae1
                                                                                                                                                              0x7ff78ec79ae6
                                                                                                                                                              0x7ff78ec79aeb
                                                                                                                                                              0x7ff78ec79aed
                                                                                                                                                              0x7ff78ec79af0
                                                                                                                                                              0x7ff78ec79af6
                                                                                                                                                              0x7ff78ec79af9
                                                                                                                                                              0x7ff78ec79af9
                                                                                                                                                              0x7ff78ec79afd
                                                                                                                                                              0x7ff78ec79b00
                                                                                                                                                              0x7ff78ec79b07
                                                                                                                                                              0x7ff78ec79b0c
                                                                                                                                                              0x7ff78ec79b14
                                                                                                                                                              0x7ff78ec79b18
                                                                                                                                                              0x7ff78ec79b1e
                                                                                                                                                              0x7ff78ec79b23
                                                                                                                                                              0x7ff78ec79b25
                                                                                                                                                              0x7ff78ec79b2a
                                                                                                                                                              0x7ff78ec79b30
                                                                                                                                                              0x7ff78ec79b35
                                                                                                                                                              0x7ff78ec79b3b
                                                                                                                                                              0x7ff78ec79b41
                                                                                                                                                              0x7ff78ec79b47
                                                                                                                                                              0x7ff78ec79b49
                                                                                                                                                              0x7ff78ec79b4f
                                                                                                                                                              0x7ff78ec79b51
                                                                                                                                                              0x7ff78ec79b55
                                                                                                                                                              0x7ff78ec79b55
                                                                                                                                                              0x7ff78ec79b59
                                                                                                                                                              0x7ff78ec79b5c
                                                                                                                                                              0x7ff78ec79b67
                                                                                                                                                              0x7ff78ec79b71
                                                                                                                                                              0x7ff78ec79b75
                                                                                                                                                              0x7ff78ec79b7a
                                                                                                                                                              0x7ff78ec79b7d
                                                                                                                                                              0x7ff78ec79b7d
                                                                                                                                                              0x7ff78ec79b80
                                                                                                                                                              0x7ff78ec79b86
                                                                                                                                                              0x7ff78ec79b8c
                                                                                                                                                              0x7ff78ec79b93
                                                                                                                                                              0x7ff78ec79b9d
                                                                                                                                                              0x7ff78ec79ba5
                                                                                                                                                              0x7ff78ec79bae
                                                                                                                                                              0x7ff78ec79bb8
                                                                                                                                                              0x7ff78ec79bc6
                                                                                                                                                              0x7ff78ec79bce
                                                                                                                                                              0x7ff78ec79bd7
                                                                                                                                                              0x7ff78ec79be5
                                                                                                                                                              0x7ff78ec79bed
                                                                                                                                                              0x7ff78ec79bf6
                                                                                                                                                              0x7ff78ec79c04
                                                                                                                                                              0x7ff78ec79c0c
                                                                                                                                                              0x7ff78ec79c19
                                                                                                                                                              0x7ff78ec79c1f
                                                                                                                                                              0x7ff78ec79c25
                                                                                                                                                              0x7ff78ec79c2c
                                                                                                                                                              0x7ff78ec79c39
                                                                                                                                                              0x7ff78ec79c47
                                                                                                                                                              0x7ff78ec79c50
                                                                                                                                                              0x7ff78ec79c5b
                                                                                                                                                              0x7ff78ec79c64
                                                                                                                                                              0x7ff78ec79c6f
                                                                                                                                                              0x7ff78ec79c78
                                                                                                                                                              0x7ff78ec79c83
                                                                                                                                                              0x7ff78ec79c8c
                                                                                                                                                              0x7ff78ec79c97
                                                                                                                                                              0x7ff78ec79ca0
                                                                                                                                                              0x7ff78ec79cab
                                                                                                                                                              0x7ff78ec79cb8
                                                                                                                                                              0x7ff78ec79cc3
                                                                                                                                                              0x7ff78ec79cd0
                                                                                                                                                              0x7ff78ec79cd7
                                                                                                                                                              0x7ff78ec79ce4
                                                                                                                                                              0x7ff78ec79ceb
                                                                                                                                                              0x7ff78ec79cf8
                                                                                                                                                              0x7ff78ec79cff
                                                                                                                                                              0x7ff78ec79d0c
                                                                                                                                                              0x7ff78ec79d13
                                                                                                                                                              0x7ff78ec79d2a
                                                                                                                                                              0x7ff78ec79d31
                                                                                                                                                              0x7ff78ec79d3b
                                                                                                                                                              0x7ff78ec79d46
                                                                                                                                                              0x7ff78ec79d4b
                                                                                                                                                              0x7ff78ec79d51
                                                                                                                                                              0x7ff78ec79d51
                                                                                                                                                              0x7ff78ec79d54
                                                                                                                                                              0x7ff78ec79d59
                                                                                                                                                              0x7ff78ec79d5e
                                                                                                                                                              0x7ff78ec79d66
                                                                                                                                                              0x7ff78ec79d6b
                                                                                                                                                              0x7ff78ec79d71
                                                                                                                                                              0x7ff78ec79d73
                                                                                                                                                              0x7ff78ec79d7d
                                                                                                                                                              0x7ff78ec79d8e
                                                                                                                                                              0x7ff78ec79d95
                                                                                                                                                              0x7ff78ec79d9c
                                                                                                                                                              0x7ff78ec79da5
                                                                                                                                                              0x7ff78ec79da8
                                                                                                                                                              0x7ff78ec79daa
                                                                                                                                                              0x7ff78ec79daf
                                                                                                                                                              0x7ff78ec79db7
                                                                                                                                                              0x7ff78ec79db7
                                                                                                                                                              0x7ff78ec79dbb
                                                                                                                                                              0x7ff78ec79dc3
                                                                                                                                                              0x7ff78ec79dc9
                                                                                                                                                              0x7ff78ec79dce
                                                                                                                                                              0x7ff78ec79dd0
                                                                                                                                                              0x7ff78ec79dd5
                                                                                                                                                              0x7ff78ec79ddb
                                                                                                                                                              0x7ff78ec79de4
                                                                                                                                                              0x7ff78ec79de6
                                                                                                                                                              0x7ff78ec79dea
                                                                                                                                                              0x7ff78ec79df0
                                                                                                                                                              0x7ff78ec79df2
                                                                                                                                                              0x7ff78ec79df7
                                                                                                                                                              0x7ff78ec79dfc
                                                                                                                                                              0x7ff78ec79e02
                                                                                                                                                              0x7ff78ec79e02
                                                                                                                                                              0x7ff78ec79e0a
                                                                                                                                                              0x7ff78ec79e10
                                                                                                                                                              0x7ff78ec79e16
                                                                                                                                                              0x7ff78ec79e1b
                                                                                                                                                              0x7ff78ec79e1d
                                                                                                                                                              0x7ff78ec79e22
                                                                                                                                                              0x7ff78ec79e26
                                                                                                                                                              0x7ff78ec79e2e
                                                                                                                                                              0x7ff78ec79e38
                                                                                                                                                              0x7ff78ec79e3d
                                                                                                                                                              0x7ff78ec79e3f
                                                                                                                                                              0x7ff78ec79e45
                                                                                                                                                              0x7ff78ec79e4a
                                                                                                                                                              0x7ff78ec79e4f
                                                                                                                                                              0x7ff78ec79e55
                                                                                                                                                              0x7ff78ec79e5a
                                                                                                                                                              0x7ff78ec79e5f
                                                                                                                                                              0x7ff78ec79e65
                                                                                                                                                              0x7ff78ec79e6b
                                                                                                                                                              0x7ff78ec79e6f
                                                                                                                                                              0x7ff78ec79e76
                                                                                                                                                              0x7ff78ec79e7b
                                                                                                                                                              0x7ff78ec79e9a

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: 0$f$p$p
                                                                                                                                                              • API String ID: 3215553584-1202675169
                                                                                                                                                              • Opcode ID: be5fa115a8b52a4824b37adbae4d10183e050eaabf8b896c07a19f058a599ef8
                                                                                                                                                              • Instruction ID: 5181efecd6302c03c9b5ccf0879e85ceb472aef5fa44b37db31e244985936d18
                                                                                                                                                              • Opcode Fuzzy Hash: be5fa115a8b52a4824b37adbae4d10183e050eaabf8b896c07a19f058a599ef8
                                                                                                                                                              • Instruction Fuzzy Hash: BF12A331E0D14386FBA07A9DD8446BAF691FB90B94FE94131E6994B6C4DF3CE990C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6CEC0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 66%
                                                                                                                                                              			E00007FF77FF78EC6CEC0(intOrPtr __ecx, void* __edx, void* __esi, intOrPtr* __rcx, long long __rdx, long long __r8, long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int* _t128;
				void* _t145;
				intOrPtr _t146;
				intOrPtr _t154;
				void* _t173;
				intOrPtr _t176;
				signed int _t177;
				signed int _t178;
				void* _t209;
				signed long long _t219;
				signed long long _t220;
				signed long long _t226;
				long long _t228;
				signed int _t235;
				intOrPtr* _t236;
				intOrPtr* _t237;
				signed long long _t246;
				long long _t267;
				signed int* _t280;
				long long _t281;
				void* _t282;
				void* _t283;
				signed long long _t284;
				long long _t296;
				signed int _t307;
				unsigned long long _t313;

				_t180 = __esi;
				_t282 = _t283 - 0x28;
				_t284 = _t283 - 0x128;
				_t219 =  *0x8ec9d000; // 0xa1f108556e84
				_t220 = _t219 ^ _t284;
				 *(_t282 + 0x10) = _t220;
				_t280 =  *((intOrPtr*)(_t282 + 0x90));
				_t307 =  *((intOrPtr*)(_t282 + 0xa8));
				 *((long long*)(_t284 + 0x68)) = __r8;
				_t236 = __rcx;
				 *((long long*)(_t284 + 0x78)) = __rdx;
				 *(_t282 - 0x68) = _t307;
				 *((char*)(_t284 + 0x60)) = 0;
				_t281 = __r9;
				_t128 = E00007FF77FF78EC6DE20(__ecx, __esi, __rcx, __rdx, __r9, __r9, _t282, _t280, __r9);
				r14d = _t128;
				if (_t128 - 0xffffffff < 0) goto 0x8ec6d38f;
				if (_t128 - _t280[1] >= 0) goto 0x8ec6d38f;
				if ( *_t236 != 0xe06d7363) goto 0x8ec6d00c;
				if ( *((intOrPtr*)(_t236 + 0x18)) != 4) goto 0x8ec6d00c;
				if ( *((intOrPtr*)(_t236 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8ec6d00c;
				if ( *((long long*)(_t236 + 0x30)) != 0) goto 0x8ec6d00c;
				E00007FF77FF78EC6BFB0(_t220);
				if ( *((long long*)(_t220 + 0x20)) == 0) goto 0x8ec6d328;
				E00007FF77FF78EC6BFB0(_t220);
				_t237 =  *((intOrPtr*)(_t220 + 0x20));
				E00007FF77FF78EC6BFB0(_t220);
				 *((char*)(_t284 + 0x60)) = 1;
				 *((long long*)(_t284 + 0x68)) =  *((intOrPtr*)(_t220 + 0x28));
				E00007FF77FF78EC6C980(_t220,  *((intOrPtr*)(_t237 + 0x38)));
				if ( *_t237 != 0xe06d7363) goto 0x8ec6cfc4;
				if ( *((intOrPtr*)(_t237 + 0x18)) != 4) goto 0x8ec6cfc4;
				if ( *((intOrPtr*)(_t237 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8ec6cfc4;
				if ( *((long long*)(_t237 + 0x30)) == 0) goto 0x8ec6d38f;
				E00007FF77FF78EC6BFB0(_t220);
				if ( *(_t220 + 0x38) == 0) goto 0x8ec6d00c;
				E00007FF77FF78EC6BFB0(_t220);
				E00007FF77FF78EC6BFB0(_t220);
				 *(_t220 + 0x38) =  *(_t220 + 0x38) & 0x00000000;
				if (E00007FF77FF78EC6DEB8(_t220, _t237, _t237,  *(_t220 + 0x38), __r9) != 0) goto 0x8ec6d007;
				if (E00007FF77FF78EC6DFA8(_t220, _t237,  *(_t220 + 0x38), __r9, _t282) == 0) goto 0x8ec6d36c;
				goto 0x8ec6d348;
				 *((long long*)(_t282 - 0x40)) =  *((intOrPtr*)(__r9 + 8));
				 *(_t282 - 0x48) = _t280;
				if ( *_t237 != 0xe06d7363) goto 0x8ec6d2df;
				if ( *((intOrPtr*)(_t237 + 0x18)) != 4) goto 0x8ec6d2df;
				if ( *((intOrPtr*)(_t237 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8ec6d2df;
				r15d = 0;
				if (_t280[3] - r15d <= 0) goto 0x8ec6d210;
				 *(_t284 + 0x28) =  *(_t282 + 0xa0);
				 *(_t284 + 0x20) = _t280;
				r8d = r14d;
				_t145 = E00007FF77FF78EC6C66C(_t237, _t282 - 0x28, _t282 - 0x48, __r9, _t282, _t280, __r9, __r10);
				asm("movups xmm0, [ebp-0x28]");
				asm("movdqu [ebp-0x38], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t145 -  *((intOrPtr*)(_t282 - 0x10)) >= 0) goto 0x8ec6d210;
				_t296 =  *((intOrPtr*)(_t282 - 0x28));
				r13d =  *((intOrPtr*)(_t282 - 0x30));
				 *((long long*)(_t282 - 0x80)) = _t296;
				_t146 = r13d;
				asm("inc ecx");
				 *((intOrPtr*)(_t282 - 0x50)) = __ecx;
				asm("movd eax, xmm0");
				asm("movups [ebp-0x60], xmm0");
				if (_t146 - r14d > 0) goto 0x8ec6d203;
				_t226 =  *(_t282 - 0x60) >> 0x20;
				if (r14d - _t146 > 0) goto 0x8ec6d203;
				r12d = r15d;
				_t267 =  *((intOrPtr*)( *((intOrPtr*)( *( *(_t282 - 0x38)) + 0x10)) + ( *( *(_t282 - 0x38)) +  *( *(_t282 - 0x38)) * 4) * 4 +  *((intOrPtr*)(_t296 + 8)) + 0x10)) +  *((intOrPtr*)(__r9 + 8));
				_t313 =  *(_t282 - 0x58) >> 0x20;
				 *((long long*)(_t282 - 0x70)) = _t267;
				if (r15d == 0) goto 0x8ec6d1f0;
				_t246 = _t226 + _t226 * 4;
				asm("movups xmm0, [edx+ecx*4]");
				asm("movups [ebp-0x8], xmm0");
				_t59 = _t246 * 4; // 0x48ccccc35f40c483
				 *((intOrPtr*)(_t282 + 8)) =  *((intOrPtr*)(_t267 + _t59 + 0x10));
				E00007FF77FF78EC6C954(_t226);
				_t228 = _t226 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x30)) + 0xc));
				 *((long long*)(_t284 + 0x70)) = _t228;
				E00007FF77FF78EC6C954(_t228);
				_t176 =  *((intOrPtr*)(_t228 +  *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x30)) + 0xc))));
				 *((intOrPtr*)(_t284 + 0x64)) = _t176;
				if (_t176 <= 0) goto 0x8ec6d180;
				E00007FF77FF78EC6C954(_t228);
				 *((long long*)(_t282 - 0x78)) = _t228 +  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x70))));
				if (E00007FF77FF78EC6D5B4(_t180, _t237, _t282 - 8, _t228 +  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x70)))), _t280, __r9,  *((intOrPtr*)(_t237 + 0x30))) != 0) goto 0x8ec6d191;
				 *((long long*)(_t284 + 0x70)) =  *((long long*)(_t284 + 0x70)) + 4;
				_t154 =  *((intOrPtr*)(_t284 + 0x64)) - 1;
				 *((intOrPtr*)(_t284 + 0x64)) = _t154;
				if (_t154 > 0) goto 0x8ec6d144;
				r12d = r12d + 1;
				if (r12d == r15d) goto 0x8ec6d1f7;
				goto 0x8ec6d0fd;
				 *((char*)(_t284 + 0x58)) =  *((intOrPtr*)(_t282 + 0x98));
				 *(_t284 + 0x50) =  *((intOrPtr*)(_t284 + 0x60));
				 *((long long*)(_t284 + 0x48)) =  *(_t282 - 0x68);
				 *(_t284 + 0x40) =  *(_t282 + 0xa0);
				 *(_t284 + 0x38) = _t282 - 0x60;
				 *(_t284 + 0x30) =  *((intOrPtr*)(_t282 - 0x78));
				 *(_t284 + 0x28) = _t282 - 8;
				 *(_t284 + 0x20) = _t280;
				E00007FF77FF78EC6CDEC(_t180, _t237, _t237,  *((intOrPtr*)(_t284 + 0x78)),  *((intOrPtr*)(_t284 + 0x68)), _t281);
				goto 0x8ec6d1fc;
				goto 0x8ec6d200;
				r15d = 0;
				r13d = r13d + 1;
				if (r13d -  *((intOrPtr*)(_t282 - 0x10)) < 0) goto 0x8ec6d095;
				if (( *_t280 & 0x1fffffff) - 0x19930521 < 0) goto 0x8ec6d31c;
				_t209 = _t280[8] - r15d;
				if (_t209 == 0) goto 0x8ec6d236;
				E00007FF77FF78EC6C940(_t282 - 8);
				if (_t209 != 0) goto 0x8ec6d257;
				if ((_t280[9] >> 0x00000002 & 0x00000001) == 0) goto 0x8ec6d31c;
				if (E00007FF77FF78EC6C510(_t280[9] >> 0x00000002 & 0x00000001, _t282 - 8 + _t280[8], _t281, _t280) != 0) goto 0x8ec6d31c;
				if ((_t280[9] >> 0x00000002 & 0x00000001) != 0) goto 0x8ec6d372;
				if (_t280[8] == r15d) goto 0x8ec6d27c;
				E00007FF77FF78EC6C940(_t282 - 8 + _t280[8]);
				_t235 = _t280[8];
				goto 0x8ec6d27f;
				if (E00007FF77FF78EC6DEB8(_t235, _t237, _t237, _t313, _t281) != 0) goto 0x8ec6d31c;
				E00007FF77FF78EC6C5A0(_t237,  *((intOrPtr*)(_t284 + 0x78)), _t281, _t282, _t280, _t282 - 0x78);
				_t177 =  *((intOrPtr*)(_t282 + 0x98));
				 *(_t284 + 0x50) = _t177;
				_t178 = _t177 | 0xffffffff;
				 *((long long*)(_t284 + 0x48)) = _t281;
				 *(_t284 + 0x40) = _t313;
				 *(_t284 + 0x38) = _t178;
				 *(_t284 + 0x30) = _t178;
				 *(_t284 + 0x28) = _t280;
				 *(_t284 + 0x20) = _t313;
				E00007FF77FF78EC6C7AC( *((intOrPtr*)(_t284 + 0x78)), _t237,  *((intOrPtr*)(_t284 + 0x68)), _t235);
				goto 0x8ec6d31c;
				if (_t280[3] <= 0) goto 0x8ec6d31c;
				if ( *((char*)(_t282 + 0x98)) != 0) goto 0x8ec6d38f;
				 *(_t284 + 0x38) = _t307;
				 *(_t284 + 0x30) =  *(_t282 + 0xa0);
				 *(_t284 + 0x28) = r14d;
				 *(_t284 + 0x20) = _t280;
				E00007FF77FF78EC6D398(_t237, _t237,  *((intOrPtr*)(_t284 + 0x78)), _t313, _t281);
				_t173 = E00007FF77FF78EC6BFB0(_t235);
				if ( *((long long*)(_t235 + 0x38)) != 0) goto 0x8ec6d38f;
				return E00007FF77FF78EC6A040(_t173, _t178,  *(_t282 + 0x10) ^ _t284);
			}

































                                                                                                                                                              0x7ff78ec6cec0
                                                                                                                                                              0x7ff78ec6cecd
                                                                                                                                                              0x7ff78ec6ced2
                                                                                                                                                              0x7ff78ec6ced9
                                                                                                                                                              0x7ff78ec6cee0
                                                                                                                                                              0x7ff78ec6cee3
                                                                                                                                                              0x7ff78ec6cee7
                                                                                                                                                              0x7ff78ec6cef1
                                                                                                                                                              0x7ff78ec6cefb
                                                                                                                                                              0x7ff78ec6cf00
                                                                                                                                                              0x7ff78ec6cf03
                                                                                                                                                              0x7ff78ec6cf0e
                                                                                                                                                              0x7ff78ec6cf15
                                                                                                                                                              0x7ff78ec6cf1a
                                                                                                                                                              0x7ff78ec6cf1d
                                                                                                                                                              0x7ff78ec6cf22
                                                                                                                                                              0x7ff78ec6cf28
                                                                                                                                                              0x7ff78ec6cf31
                                                                                                                                                              0x7ff78ec6cf3d
                                                                                                                                                              0x7ff78ec6cf47
                                                                                                                                                              0x7ff78ec6cf58
                                                                                                                                                              0x7ff78ec6cf63
                                                                                                                                                              0x7ff78ec6cf69
                                                                                                                                                              0x7ff78ec6cf73
                                                                                                                                                              0x7ff78ec6cf79
                                                                                                                                                              0x7ff78ec6cf7e
                                                                                                                                                              0x7ff78ec6cf82
                                                                                                                                                              0x7ff78ec6cf8b
                                                                                                                                                              0x7ff78ec6cf94
                                                                                                                                                              0x7ff78ec6cf99
                                                                                                                                                              0x7ff78ec6cfa4
                                                                                                                                                              0x7ff78ec6cfaa
                                                                                                                                                              0x7ff78ec6cfb7
                                                                                                                                                              0x7ff78ec6cfbe
                                                                                                                                                              0x7ff78ec6cfc4
                                                                                                                                                              0x7ff78ec6cfce
                                                                                                                                                              0x7ff78ec6cfd0
                                                                                                                                                              0x7ff78ec6cfd9
                                                                                                                                                              0x7ff78ec6cfe4
                                                                                                                                                              0x7ff78ec6cff0
                                                                                                                                                              0x7ff78ec6cffc
                                                                                                                                                              0x7ff78ec6d002
                                                                                                                                                              0x7ff78ec6d010
                                                                                                                                                              0x7ff78ec6d014
                                                                                                                                                              0x7ff78ec6d01e
                                                                                                                                                              0x7ff78ec6d028
                                                                                                                                                              0x7ff78ec6d039
                                                                                                                                                              0x7ff78ec6d03f
                                                                                                                                                              0x7ff78ec6d046
                                                                                                                                                              0x7ff78ec6d056
                                                                                                                                                              0x7ff78ec6d061
                                                                                                                                                              0x7ff78ec6d066
                                                                                                                                                              0x7ff78ec6d069
                                                                                                                                                              0x7ff78ec6d06e
                                                                                                                                                              0x7ff78ec6d072
                                                                                                                                                              0x7ff78ec6d077
                                                                                                                                                              0x7ff78ec6d07c
                                                                                                                                                              0x7ff78ec6d083
                                                                                                                                                              0x7ff78ec6d089
                                                                                                                                                              0x7ff78ec6d08d
                                                                                                                                                              0x7ff78ec6d091
                                                                                                                                                              0x7ff78ec6d0a0
                                                                                                                                                              0x7ff78ec6d0af
                                                                                                                                                              0x7ff78ec6d0b9
                                                                                                                                                              0x7ff78ec6d0bc
                                                                                                                                                              0x7ff78ec6d0c0
                                                                                                                                                              0x7ff78ec6d0c7
                                                                                                                                                              0x7ff78ec6d0d1
                                                                                                                                                              0x7ff78ec6d0d8
                                                                                                                                                              0x7ff78ec6d0de
                                                                                                                                                              0x7ff78ec6d0e4
                                                                                                                                                              0x7ff78ec6d0ec
                                                                                                                                                              0x7ff78ec6d0f0
                                                                                                                                                              0x7ff78ec6d0f7
                                                                                                                                                              0x7ff78ec6d100
                                                                                                                                                              0x7ff78ec6d104
                                                                                                                                                              0x7ff78ec6d108
                                                                                                                                                              0x7ff78ec6d10c
                                                                                                                                                              0x7ff78ec6d110
                                                                                                                                                              0x7ff78ec6d113
                                                                                                                                                              0x7ff78ec6d124
                                                                                                                                                              0x7ff78ec6d127
                                                                                                                                                              0x7ff78ec6d12c
                                                                                                                                                              0x7ff78ec6d139
                                                                                                                                                              0x7ff78ec6d13c
                                                                                                                                                              0x7ff78ec6d142
                                                                                                                                                              0x7ff78ec6d144
                                                                                                                                                              0x7ff78ec6d15f
                                                                                                                                                              0x7ff78ec6d16a
                                                                                                                                                              0x7ff78ec6d170
                                                                                                                                                              0x7ff78ec6d176
                                                                                                                                                              0x7ff78ec6d178
                                                                                                                                                              0x7ff78ec6d17e
                                                                                                                                                              0x7ff78ec6d180
                                                                                                                                                              0x7ff78ec6d186
                                                                                                                                                              0x7ff78ec6d18c
                                                                                                                                                              0x7ff78ec6d1aa
                                                                                                                                                              0x7ff78ec6d1b2
                                                                                                                                                              0x7ff78ec6d1ba
                                                                                                                                                              0x7ff78ec6d1c5
                                                                                                                                                              0x7ff78ec6d1cd
                                                                                                                                                              0x7ff78ec6d1d6
                                                                                                                                                              0x7ff78ec6d1df
                                                                                                                                                              0x7ff78ec6d1e4
                                                                                                                                                              0x7ff78ec6d1e9
                                                                                                                                                              0x7ff78ec6d1ee
                                                                                                                                                              0x7ff78ec6d1f5
                                                                                                                                                              0x7ff78ec6d200
                                                                                                                                                              0x7ff78ec6d203
                                                                                                                                                              0x7ff78ec6d20a
                                                                                                                                                              0x7ff78ec6d21c
                                                                                                                                                              0x7ff78ec6d222
                                                                                                                                                              0x7ff78ec6d226
                                                                                                                                                              0x7ff78ec6d228
                                                                                                                                                              0x7ff78ec6d234
                                                                                                                                                              0x7ff78ec6d23e
                                                                                                                                                              0x7ff78ec6d251
                                                                                                                                                              0x7ff78ec6d25f
                                                                                                                                                              0x7ff78ec6d269
                                                                                                                                                              0x7ff78ec6d26b
                                                                                                                                                              0x7ff78ec6d273
                                                                                                                                                              0x7ff78ec6d27a
                                                                                                                                                              0x7ff78ec6d289
                                                                                                                                                              0x7ff78ec6d29c
                                                                                                                                                              0x7ff78ec6d2a1
                                                                                                                                                              0x7ff78ec6d2b2
                                                                                                                                                              0x7ff78ec6d2b6
                                                                                                                                                              0x7ff78ec6d2b9
                                                                                                                                                              0x7ff78ec6d2be
                                                                                                                                                              0x7ff78ec6d2c3
                                                                                                                                                              0x7ff78ec6d2c7
                                                                                                                                                              0x7ff78ec6d2ce
                                                                                                                                                              0x7ff78ec6d2d3
                                                                                                                                                              0x7ff78ec6d2d8
                                                                                                                                                              0x7ff78ec6d2dd
                                                                                                                                                              0x7ff78ec6d2e3
                                                                                                                                                              0x7ff78ec6d2ec
                                                                                                                                                              0x7ff78ec6d2fb
                                                                                                                                                              0x7ff78ec6d303
                                                                                                                                                              0x7ff78ec6d30a
                                                                                                                                                              0x7ff78ec6d312
                                                                                                                                                              0x7ff78ec6d317
                                                                                                                                                              0x7ff78ec6d31c
                                                                                                                                                              0x7ff78ec6d326
                                                                                                                                                              0x7ff78ec6d347

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                              • Opcode ID: 9c44b781d01f847bcb91b9371ef1ba7e9eee49312ea6e47aa49feb91334e90b1
                                                                                                                                                              • Instruction ID: b88c00210c964f36bedc614ab8fd01eb0c0d77fa9fb1cbbc4062b9bee265ecab
                                                                                                                                                              • Opcode Fuzzy Hash: 9c44b781d01f847bcb91b9371ef1ba7e9eee49312ea6e47aa49feb91334e90b1
                                                                                                                                                              • Instruction Fuzzy Hash: 6DE17172E0C74186EB60BFA5D4402AEBBA0FB45798FA00139EE4D57BA5CF38E490C711
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66720 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC667BF
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC6680F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                              • API String ID: 626452242-27947307
                                                                                                                                                              • Opcode ID: b83ca3e7b889a1513553946ae18469f2ce98555abf274d940f92210c3c33db04
                                                                                                                                                              • Instruction ID: 33001a4c4e775a1a0d4f7c38d1fce903621974917798da731d46a2e4635a9118
                                                                                                                                                              • Opcode Fuzzy Hash: b83ca3e7b889a1513553946ae18469f2ce98555abf274d940f92210c3c33db04
                                                                                                                                                              • Instruction Fuzzy Hash: B941D432E08B8281E660EF95F84056AF7A4FB98790FA44139DE9E47BA4DF3CE451C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66E20 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF78EC62D15,?,?,?,?,?,?), ref: 00007FF78EC66E61
                                                                                                                                                                • Part of subcall function 00007FF78EC61CB0: GetLastError.KERNEL32(?,?,00000000,00007FF78EC66864,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC61CD7
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF78EC62D15,?,?,?,?,?,?), ref: 00007FF78EC66ED5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                              • API String ID: 1717984340-27947307
                                                                                                                                                              • Opcode ID: 3e6bc095cae6b41bdae3089501a96156399f91d7480bb189203c8cb2b631961c
                                                                                                                                                              • Instruction ID: b37569c672b51717aed4b89a0dd12f731b2836bace690b41feb9cd5e2fdc06bc
                                                                                                                                                              • Opcode Fuzzy Hash: 3e6bc095cae6b41bdae3089501a96156399f91d7480bb189203c8cb2b631961c
                                                                                                                                                              • Instruction Fuzzy Hash: D5216031F08B5295E710BF96E94007AB661FB84BC0BA4413ADA5E83BA4EF3CE551C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6F4AC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FF77FF78EC6F4AC(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				signed int _t134;
				void* _t154;
				void* _t184;
				signed short _t197;
				signed short _t198;
				signed int _t199;
				signed int _t246;
				signed int _t248;
				signed int _t250;
				signed int _t254;
				signed int _t257;
				signed short* _t371;
				signed short* _t372;
				signed short* _t374;
				signed short** _t375;
				long long _t376;
				long long* _t379;
				signed short* _t380;
				signed short* _t381;
				signed short** _t385;
				long long* _t386;
				long long* _t387;
				signed short** _t388;
				void* _t389;
				signed short* _t394;
				signed short* _t395;
				long long _t396;
				intOrPtr _t397;
				long long _t398;
				signed short* _t399;

				_t393 = __r8;
				_t385 = __rdx;
				_t376 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t398 =  *__rdx;
				r12d = 0;
				_v64 = _t398;
				r14d = r8d;
				_t388 = __rdx;
				if (_t398 != 0) goto 0x8ec6f4f3;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec6f525;
				if (r14d == 0) goto 0x8ec6f53d;
				_t4 = _t393 - 2; // 0xe
				if (_t4 - 0x22 <= 0) goto 0x8ec6f53d;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t396;
				E00007FF77FF78EC7A180(__rax, __rbx, __rcx, __rdx, __rdx, _t389, __r8);
				_t379 = _t388[1];
				if (_t379 == 0) goto 0x8ec6fb5d;
				 *_t379 =  *_t388;
				goto 0x8ec6fb5d;
				_t380 = _t398 + 2;
				_t134 = r9b & 0xffffffff;
				_t256 = r12d;
				 *_t385 = _t380;
				_t253 =  !=  ? _t134 : _t134 | 0x00000002;
				if ((0x0000fffd & _t376 - 0x0000002b) != 0) goto 0x8ec6f572;
				_t197 =  *_t380 & 0x0000ffff;
				_t371 =  &(_t380[1]);
				 *_t388 = _t371;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t371 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0x8ec6f8e0;
				if (_t197 - 0x30 < 0) goto 0x8ec6f82f;
				if (_t197 - 0x3a >= 0) goto 0x8ec6f67e;
				goto 0x8ec6f82a;
				if (_t197 - 0xff10 >= 0) goto 0x8ec6f81b;
				if (_t197 - r8w < 0) goto 0x8ec6f82f;
				if (_t197 - 0x66a >= 0) goto 0x8ec6f6a6;
				goto 0x8ec6f82a;
				if (_t197 - r10w < 0) goto 0x8ec6f82f;
				if (_t197 - 0x6fa >= 0) goto 0x8ec6f6c5;
				goto 0x8ec6f82a;
				if (_t197 - r11w < 0) goto 0x8ec6f82f;
				if (_t197 - 0x970 >= 0) goto 0x8ec6f6e4;
				goto 0x8ec6f82a;
				if (_t197 - r9w < 0) goto 0x8ec6f82f;
				if (_t197 - 0x9f0 >= 0) goto 0x8ec6f703;
				goto 0x8ec6f82a;
				if (_t197 - (_t197 & 0x0000ffff) - r9d < 0) goto 0x8ec6f82f;
				if (_t197 - _a16 >= 0) goto 0x8ec6f723;
				goto 0x8ec6f82a;
				if (_t197 - _v152 < 0) goto 0x8ec6f82f;
				if (_t197 - _v148 < 0) goto 0x8ec6f674;
				if (_t197 - _v144 < 0) goto 0x8ec6f82f;
				if (_t197 - _v140 < 0) goto 0x8ec6f674;
				if (_t197 - _v136 < 0) goto 0x8ec6f82f;
				if (_t197 - _v132 < 0) goto 0x8ec6f674;
				if (_t197 - _v128 < 0) goto 0x8ec6f82f;
				if (_t197 - _v124 < 0) goto 0x8ec6f674;
				if (_t197 - _v120 < 0) goto 0x8ec6f82f;
				if (_t197 - _v116 < 0) goto 0x8ec6f674;
				if (_t197 - _v112 < 0) goto 0x8ec6f82f;
				if (_t197 - _v108 < 0) goto 0x8ec6f674;
				if (_t197 - _v104 < 0) goto 0x8ec6f82f;
				if (_t197 - _v100 < 0) goto 0x8ec6f674;
				if (_t197 - _v96 < 0) goto 0x8ec6f82f;
				if (_t197 - _v92 < 0) goto 0x8ec6f674;
				if (_t197 - _v88 < 0) goto 0x8ec6f82f;
				if (_t197 - _v84 < 0) goto 0x8ec6f674;
				if (_t197 - _v80 < 0) goto 0x8ec6f82f;
				if (_t197 - _v76 < 0) goto 0x8ec6f674;
				if ((_t197 & 0x0000ffff) - _v72 - 9 > 0) goto 0x8ec6f82f;
				goto 0x8ec6f674;
				if (_t197 - _v68 >= 0) goto 0x8ec6f82f;
				if ((_t197 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0x8ec6f851;
				_t64 = _t380 - 0x41; // -17
				_t65 = _t380 - 0x61; // -49
				_t154 = _t65;
				if (_t64 - 0x19 <= 0) goto 0x8ec6f846;
				if (_t154 - 0x19 > 0) goto 0x8ec6f8d1;
				if (_t154 - 0x19 > 0) goto 0x8ec6f84e;
				_t66 = _t380 - 0x37; // -231
				if (_t66 != 0) goto 0x8ec6f8d1;
				_t381 =  *_t388;
				r9d = 0xffdf;
				_t246 =  *_t381 & 0x0000ffff;
				_t67 =  &(_t381[1]); // 0xffe1
				_t394 = _t67;
				 *_t388 = _t394;
				_t68 = _t385 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0x8ec6f8b9;
				 *_t388 = _t381;
				_t158 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t246 == 0) goto 0x8ec6f8b1;
				if ( *_t381 == _t246) goto 0x8ec6f8b1;
				E00007FF77FF78EC75E08(_t371);
				 *_t371 = 0x16;
				E00007FF77FF78EC7A250();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0x8ec6f8e0;
				r8d = 0x660;
				goto 0x8ec6f8e0;
				_t198 =  *_t394 & 0x0000ffff;
				_t71 =  &(_t394[1]); // 0xffe3
				_t372 = _t71;
				 *_t388 = _t372;
				r8d = 0x660;
				goto 0x8ec6f8d6;
				_t163 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t164 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t248 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r13d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t198 - r13w < 0) goto 0x8ec6fab0;
				if (_t198 - 0x3a >= 0) goto 0x8ec6f912;
				goto 0x8ec6faab;
				if (_t198 - r15w >= 0) goto 0x8ec6fa9b;
				if (_t198 - r8w < 0) goto 0x8ec6fab0;
				if (_t198 - 0x66a >= 0) goto 0x8ec6f93b;
				goto 0x8ec6faab;
				if (_t198 - r10w < 0) goto 0x8ec6fab0;
				if (_t198 - 0x6fa >= 0) goto 0x8ec6f95a;
				goto 0x8ec6faab;
				if (_t198 - r11w < 0) goto 0x8ec6fab0;
				if (_t198 - 0x970 >= 0) goto 0x8ec6f979;
				goto 0x8ec6faab;
				if (_t198 - 0x9e6 < 0) goto 0x8ec6fab0;
				_t76 =  &(_t372[5]); // 0x9f0
				if (_t198 - _t76 >= 0) goto 0x8ec6f999;
				goto 0x8ec6faab;
				if (_t198 - 0xa66 < 0) goto 0x8ec6fab0;
				if (_t198 - _a16 < 0) goto 0x8ec6f98f;
				if (_t198 - _v152 < 0) goto 0x8ec6fab0;
				if (_t198 - _v148 < 0) goto 0x8ec6f98f;
				if (_t198 - _v144 < 0) goto 0x8ec6fab0;
				if (_t198 - _v140 < 0) goto 0x8ec6f98f;
				if (_t198 - _v136 < 0) goto 0x8ec6fab0;
				if (_t198 - _v132 < 0) goto 0x8ec6f98f;
				if (_t198 - _v128 < 0) goto 0x8ec6fab0;
				if (_t198 - _v124 < 0) goto 0x8ec6f98f;
				if (_t198 - _v120 < 0) goto 0x8ec6fab0;
				if (_t198 - _v116 < 0) goto 0x8ec6f98f;
				if (_t198 - _v112 < 0) goto 0x8ec6fab0;
				if (_t198 - _v108 < 0) goto 0x8ec6f98f;
				if (_t198 - _v104 < 0) goto 0x8ec6fab0;
				if (_t198 - _v100 < 0) goto 0x8ec6f98f;
				if (_t198 - _v96 < 0) goto 0x8ec6fab0;
				if (_t198 - _v92 < 0) goto 0x8ec6f98f;
				if (_t198 - _v88 < 0) goto 0x8ec6fab0;
				if (_t198 - _v84 < 0) goto 0x8ec6f98f;
				if (_t198 - _v80 < 0) goto 0x8ec6fab0;
				if (_t198 - _v76 < 0) goto 0x8ec6f98f;
				if ((_t198 & 0x0000ffff) - _v72 - 9 > 0) goto 0x8ec6fab0;
				goto 0x8ec6faab;
				if (_t198 - _v68 >= 0) goto 0x8ec6fab0;
				if ((_t198 & 0x0000ffff) - r15d != 0xffffffff) goto 0x8ec6fad3;
				_t100 = _t381 - 0x41; // -65
				_t101 = _t381 - 0x61; // -97
				_t184 = _t101;
				if (_t100 - 0x19 <= 0) goto 0x8ec6fac3;
				if (_t184 - 0x19 > 0) goto 0x8ec6fad0;
				if (_t184 - 0x19 > 0) goto 0x8ec6facb;
				goto 0x8ec6fad3;
				_t395 =  *_t388;
				if (((_t198 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0x8ec6fb17;
				_t199 =  *_t395 & 0x0000ffff;
				_t250 = _t372 + _t381;
				_t257 = _t250;
				_t107 =  &(_t395[1]); // 0x12
				r8d = 0x660;
				 *_t388 = _t107;
				_t254 = ( !=  ? _t134 : _t134 | 0x00000002) | (r12d & 0xffffff00 | _t250 - r12d * r14d > 0x00000000 | r12d & 0xffffff00 | _t256 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0x8ec6f8f7;
				_t399 = _v64;
				_t109 = _t395 - 2; // 0xe
				_t374 = _t109;
				_t397 = _a8;
				 *_t388 = _t374;
				if (_t199 == 0) goto 0x8ec6fb48;
				if ( *_t374 == _t199) goto 0x8ec6fb48;
				E00007FF77FF78EC75E08(_t374);
				 *_t374 = 0x16;
				E00007FF77FF78EC7A250();
				if ((dil & 0x00000008) != 0) goto 0x8ec6fb64;
				_t375 = _t388[1];
				 *_t388 = _t399;
				if (_t375 == 0) goto 0x8ec6fb5d;
				 *_t375 = _t399;
				goto 0x8ec6fbe8;
				r8d = 0x80000000;
				_t114 = _t395 - 1; // 0xf
				r9d = _t114;
				if ((dil & 0x00000004) != 0) goto 0x8ec6fb8c;
				if ((dil & 0x00000001) == 0) goto 0x8ec6fbcf;
				if ((dil & 0x00000002) == 0) goto 0x8ec6fb87;
				if (_t257 - r8d <= 0) goto 0x8ec6fbd5;
				goto 0x8ec6fb8c;
				if (_t257 - r9d <= 0) goto 0x8ec6fbd7;
				 *((char*)(_t397 + 0x30)) = 1;
				 *((intOrPtr*)(_t397 + 0x2c)) = 0x22;
				if ((_t254 & 0x00000001) != 0) goto 0x8ec6fba7;
				goto 0x8ec6fbd7;
				_t386 = _t388[1];
				if ((_t254 & 0x00000002) == 0) goto 0x8ec6fbbf;
				if (_t386 == 0) goto 0x8ec6fbba;
				 *_t386 =  *_t388;
				goto 0x8ec6fbe8;
				if (_t386 == 0) goto 0x8ec6fbca;
				 *_t386 =  *_t388;
				goto 0x8ec6fbe8;
				if ((dil & 0x00000002) == 0) goto 0x8ec6fbd7;
				_t387 = _t388[1];
				if (_t387 == 0) goto 0x8ec6fbe6;
				 *_t387 =  *_t388;
				return  ~(_t257 | 0xffffffff);
			}




























































                                                                                                                                                              0x7ff78ec6f4ac
                                                                                                                                                              0x7ff78ec6f4ac
                                                                                                                                                              0x7ff78ec6f4ac
                                                                                                                                                              0x7ff78ec6f4ac
                                                                                                                                                              0x7ff78ec6f4b1
                                                                                                                                                              0x7ff78ec6f4c8
                                                                                                                                                              0x7ff78ec6f4cb
                                                                                                                                                              0x7ff78ec6f4ce
                                                                                                                                                              0x7ff78ec6f4d6
                                                                                                                                                              0x7ff78ec6f4d9
                                                                                                                                                              0x7ff78ec6f4df
                                                                                                                                                              0x7ff78ec6f4e1
                                                                                                                                                              0x7ff78ec6f4e6
                                                                                                                                                              0x7ff78ec6f4ec
                                                                                                                                                              0x7ff78ec6f4f1
                                                                                                                                                              0x7ff78ec6f4f6
                                                                                                                                                              0x7ff78ec6f4f8
                                                                                                                                                              0x7ff78ec6f4ff
                                                                                                                                                              0x7ff78ec6f501
                                                                                                                                                              0x7ff78ec6f506
                                                                                                                                                              0x7ff78ec6f509
                                                                                                                                                              0x7ff78ec6f50d
                                                                                                                                                              0x7ff78ec6f510
                                                                                                                                                              0x7ff78ec6f51b
                                                                                                                                                              0x7ff78ec6f520
                                                                                                                                                              0x7ff78ec6f525
                                                                                                                                                              0x7ff78ec6f52c
                                                                                                                                                              0x7ff78ec6f535
                                                                                                                                                              0x7ff78ec6f538
                                                                                                                                                              0x7ff78ec6f541
                                                                                                                                                              0x7ff78ec6f545
                                                                                                                                                              0x7ff78ec6f549
                                                                                                                                                              0x7ff78ec6f54e
                                                                                                                                                              0x7ff78ec6f55d
                                                                                                                                                              0x7ff78ec6f566
                                                                                                                                                              0x7ff78ec6f568
                                                                                                                                                              0x7ff78ec6f56b
                                                                                                                                                              0x7ff78ec6f56f
                                                                                                                                                              0x7ff78ec6f572
                                                                                                                                                              0x7ff78ec6f582
                                                                                                                                                              0x7ff78ec6f58f
                                                                                                                                                              0x7ff78ec6f59c
                                                                                                                                                              0x7ff78ec6f5a4
                                                                                                                                                              0x7ff78ec6f5aa
                                                                                                                                                              0x7ff78ec6f5b2
                                                                                                                                                              0x7ff78ec6f5b2
                                                                                                                                                              0x7ff78ec6f5b6
                                                                                                                                                              0x7ff78ec6f5be
                                                                                                                                                              0x7ff78ec6f5c4
                                                                                                                                                              0x7ff78ec6f5cc
                                                                                                                                                              0x7ff78ec6f5d2
                                                                                                                                                              0x7ff78ec6f5da
                                                                                                                                                              0x7ff78ec6f5e2
                                                                                                                                                              0x7ff78ec6f5ea
                                                                                                                                                              0x7ff78ec6f5f2
                                                                                                                                                              0x7ff78ec6f5fa
                                                                                                                                                              0x7ff78ec6f602
                                                                                                                                                              0x7ff78ec6f60a
                                                                                                                                                              0x7ff78ec6f612
                                                                                                                                                              0x7ff78ec6f61a
                                                                                                                                                              0x7ff78ec6f622
                                                                                                                                                              0x7ff78ec6f62a
                                                                                                                                                              0x7ff78ec6f632
                                                                                                                                                              0x7ff78ec6f63a
                                                                                                                                                              0x7ff78ec6f642
                                                                                                                                                              0x7ff78ec6f64d
                                                                                                                                                              0x7ff78ec6f65f
                                                                                                                                                              0x7ff78ec6f668
                                                                                                                                                              0x7ff78ec6f672
                                                                                                                                                              0x7ff78ec6f679
                                                                                                                                                              0x7ff78ec6f681
                                                                                                                                                              0x7ff78ec6f68b
                                                                                                                                                              0x7ff78ec6f699
                                                                                                                                                              0x7ff78ec6f6a1
                                                                                                                                                              0x7ff78ec6f6aa
                                                                                                                                                              0x7ff78ec6f6b8
                                                                                                                                                              0x7ff78ec6f6c0
                                                                                                                                                              0x7ff78ec6f6c9
                                                                                                                                                              0x7ff78ec6f6d7
                                                                                                                                                              0x7ff78ec6f6df
                                                                                                                                                              0x7ff78ec6f6e8
                                                                                                                                                              0x7ff78ec6f6f6
                                                                                                                                                              0x7ff78ec6f6fe
                                                                                                                                                              0x7ff78ec6f706
                                                                                                                                                              0x7ff78ec6f714
                                                                                                                                                              0x7ff78ec6f71e
                                                                                                                                                              0x7ff78ec6f72a
                                                                                                                                                              0x7ff78ec6f735
                                                                                                                                                              0x7ff78ec6f742
                                                                                                                                                              0x7ff78ec6f74d
                                                                                                                                                              0x7ff78ec6f75a
                                                                                                                                                              0x7ff78ec6f765
                                                                                                                                                              0x7ff78ec6f772
                                                                                                                                                              0x7ff78ec6f77d
                                                                                                                                                              0x7ff78ec6f78a
                                                                                                                                                              0x7ff78ec6f795
                                                                                                                                                              0x7ff78ec6f7a2
                                                                                                                                                              0x7ff78ec6f7ad
                                                                                                                                                              0x7ff78ec6f7ba
                                                                                                                                                              0x7ff78ec6f7c1
                                                                                                                                                              0x7ff78ec6f7ce
                                                                                                                                                              0x7ff78ec6f7d5
                                                                                                                                                              0x7ff78ec6f7e2
                                                                                                                                                              0x7ff78ec6f7e9
                                                                                                                                                              0x7ff78ec6f7f6
                                                                                                                                                              0x7ff78ec6f7fd
                                                                                                                                                              0x7ff78ec6f814
                                                                                                                                                              0x7ff78ec6f816
                                                                                                                                                              0x7ff78ec6f823
                                                                                                                                                              0x7ff78ec6f82d
                                                                                                                                                              0x7ff78ec6f832
                                                                                                                                                              0x7ff78ec6f838
                                                                                                                                                              0x7ff78ec6f838
                                                                                                                                                              0x7ff78ec6f83b
                                                                                                                                                              0x7ff78ec6f840
                                                                                                                                                              0x7ff78ec6f849
                                                                                                                                                              0x7ff78ec6f84e
                                                                                                                                                              0x7ff78ec6f853
                                                                                                                                                              0x7ff78ec6f855
                                                                                                                                                              0x7ff78ec6f858
                                                                                                                                                              0x7ff78ec6f85e
                                                                                                                                                              0x7ff78ec6f861
                                                                                                                                                              0x7ff78ec6f861
                                                                                                                                                              0x7ff78ec6f865
                                                                                                                                                              0x7ff78ec6f868
                                                                                                                                                              0x7ff78ec6f86f
                                                                                                                                                              0x7ff78ec6f874
                                                                                                                                                              0x7ff78ec6f87c
                                                                                                                                                              0x7ff78ec6f880
                                                                                                                                                              0x7ff78ec6f886
                                                                                                                                                              0x7ff78ec6f88b
                                                                                                                                                              0x7ff78ec6f88d
                                                                                                                                                              0x7ff78ec6f892
                                                                                                                                                              0x7ff78ec6f898
                                                                                                                                                              0x7ff78ec6f89d
                                                                                                                                                              0x7ff78ec6f8a3
                                                                                                                                                              0x7ff78ec6f8a9
                                                                                                                                                              0x7ff78ec6f8af
                                                                                                                                                              0x7ff78ec6f8b1
                                                                                                                                                              0x7ff78ec6f8b7
                                                                                                                                                              0x7ff78ec6f8b9
                                                                                                                                                              0x7ff78ec6f8bd
                                                                                                                                                              0x7ff78ec6f8bd
                                                                                                                                                              0x7ff78ec6f8c1
                                                                                                                                                              0x7ff78ec6f8c4
                                                                                                                                                              0x7ff78ec6f8cf
                                                                                                                                                              0x7ff78ec6f8d9
                                                                                                                                                              0x7ff78ec6f8dd
                                                                                                                                                              0x7ff78ec6f8e2
                                                                                                                                                              0x7ff78ec6f8e5
                                                                                                                                                              0x7ff78ec6f8e5
                                                                                                                                                              0x7ff78ec6f8e8
                                                                                                                                                              0x7ff78ec6f8ee
                                                                                                                                                              0x7ff78ec6f8f4
                                                                                                                                                              0x7ff78ec6f8fb
                                                                                                                                                              0x7ff78ec6f905
                                                                                                                                                              0x7ff78ec6f90d
                                                                                                                                                              0x7ff78ec6f916
                                                                                                                                                              0x7ff78ec6f920
                                                                                                                                                              0x7ff78ec6f92e
                                                                                                                                                              0x7ff78ec6f936
                                                                                                                                                              0x7ff78ec6f93f
                                                                                                                                                              0x7ff78ec6f94d
                                                                                                                                                              0x7ff78ec6f955
                                                                                                                                                              0x7ff78ec6f95e
                                                                                                                                                              0x7ff78ec6f96c
                                                                                                                                                              0x7ff78ec6f974
                                                                                                                                                              0x7ff78ec6f981
                                                                                                                                                              0x7ff78ec6f987
                                                                                                                                                              0x7ff78ec6f98d
                                                                                                                                                              0x7ff78ec6f994
                                                                                                                                                              0x7ff78ec6f9a1
                                                                                                                                                              0x7ff78ec6f9af
                                                                                                                                                              0x7ff78ec6f9b8
                                                                                                                                                              0x7ff78ec6f9c3
                                                                                                                                                              0x7ff78ec6f9cc
                                                                                                                                                              0x7ff78ec6f9d7
                                                                                                                                                              0x7ff78ec6f9e0
                                                                                                                                                              0x7ff78ec6f9eb
                                                                                                                                                              0x7ff78ec6f9f4
                                                                                                                                                              0x7ff78ec6f9ff
                                                                                                                                                              0x7ff78ec6fa08
                                                                                                                                                              0x7ff78ec6fa13
                                                                                                                                                              0x7ff78ec6fa20
                                                                                                                                                              0x7ff78ec6fa2b
                                                                                                                                                              0x7ff78ec6fa38
                                                                                                                                                              0x7ff78ec6fa3f
                                                                                                                                                              0x7ff78ec6fa4c
                                                                                                                                                              0x7ff78ec6fa53
                                                                                                                                                              0x7ff78ec6fa60
                                                                                                                                                              0x7ff78ec6fa67
                                                                                                                                                              0x7ff78ec6fa74
                                                                                                                                                              0x7ff78ec6fa7b
                                                                                                                                                              0x7ff78ec6fa92
                                                                                                                                                              0x7ff78ec6fa99
                                                                                                                                                              0x7ff78ec6faa3
                                                                                                                                                              0x7ff78ec6faae
                                                                                                                                                              0x7ff78ec6fab3
                                                                                                                                                              0x7ff78ec6fab9
                                                                                                                                                              0x7ff78ec6fab9
                                                                                                                                                              0x7ff78ec6fabc
                                                                                                                                                              0x7ff78ec6fac1
                                                                                                                                                              0x7ff78ec6fac6
                                                                                                                                                              0x7ff78ec6face
                                                                                                                                                              0x7ff78ec6fad3
                                                                                                                                                              0x7ff78ec6fad9
                                                                                                                                                              0x7ff78ec6fadb
                                                                                                                                                              0x7ff78ec6fae5
                                                                                                                                                              0x7ff78ec6faf6
                                                                                                                                                              0x7ff78ec6fafd
                                                                                                                                                              0x7ff78ec6fb04
                                                                                                                                                              0x7ff78ec6fb0d
                                                                                                                                                              0x7ff78ec6fb10
                                                                                                                                                              0x7ff78ec6fb12
                                                                                                                                                              0x7ff78ec6fb17
                                                                                                                                                              0x7ff78ec6fb1f
                                                                                                                                                              0x7ff78ec6fb1f
                                                                                                                                                              0x7ff78ec6fb23
                                                                                                                                                              0x7ff78ec6fb2b
                                                                                                                                                              0x7ff78ec6fb31
                                                                                                                                                              0x7ff78ec6fb36
                                                                                                                                                              0x7ff78ec6fb38
                                                                                                                                                              0x7ff78ec6fb3d
                                                                                                                                                              0x7ff78ec6fb43
                                                                                                                                                              0x7ff78ec6fb4c
                                                                                                                                                              0x7ff78ec6fb4e
                                                                                                                                                              0x7ff78ec6fb52
                                                                                                                                                              0x7ff78ec6fb58
                                                                                                                                                              0x7ff78ec6fb5a
                                                                                                                                                              0x7ff78ec6fb5f
                                                                                                                                                              0x7ff78ec6fb64
                                                                                                                                                              0x7ff78ec6fb6a
                                                                                                                                                              0x7ff78ec6fb6a
                                                                                                                                                              0x7ff78ec6fb72
                                                                                                                                                              0x7ff78ec6fb78
                                                                                                                                                              0x7ff78ec6fb7e
                                                                                                                                                              0x7ff78ec6fb83
                                                                                                                                                              0x7ff78ec6fb85
                                                                                                                                                              0x7ff78ec6fb8a
                                                                                                                                                              0x7ff78ec6fb8e
                                                                                                                                                              0x7ff78ec6fb96
                                                                                                                                                              0x7ff78ec6fba0
                                                                                                                                                              0x7ff78ec6fba5
                                                                                                                                                              0x7ff78ec6fba7
                                                                                                                                                              0x7ff78ec6fbad
                                                                                                                                                              0x7ff78ec6fbb2
                                                                                                                                                              0x7ff78ec6fbb7
                                                                                                                                                              0x7ff78ec6fbbd
                                                                                                                                                              0x7ff78ec6fbc2
                                                                                                                                                              0x7ff78ec6fbc7
                                                                                                                                                              0x7ff78ec6fbcd
                                                                                                                                                              0x7ff78ec6fbd3
                                                                                                                                                              0x7ff78ec6fbd7
                                                                                                                                                              0x7ff78ec6fbde
                                                                                                                                                              0x7ff78ec6fbe3
                                                                                                                                                              0x7ff78ec6fc02

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: f$p$p
                                                                                                                                                              • API String ID: 3215553584-1995029353
                                                                                                                                                              • Opcode ID: 5260fc6e70538eab79462ef4c698ef4c5cb929645a3d65cb86eb2fac62676952
                                                                                                                                                              • Instruction ID: bc06974e57bc001aefa227bc8e05fbfec246c923794247799814a7b4ebfd32e5
                                                                                                                                                              • Opcode Fuzzy Hash: 5260fc6e70538eab79462ef4c698ef4c5cb929645a3d65cb86eb2fac62676952
                                                                                                                                                              • Instruction Fuzzy Hash: F812A322E0C2C386FB207E94E05467BF692FB95754FE84139D68A466E5DF3CE580CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66F10 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                              • API String ID: 626452242-876015163
                                                                                                                                                              • Opcode ID: 15457d4cd492d6e01e955470869bfc39260c55ca7ba40b2958126f2227dbb189
                                                                                                                                                              • Instruction ID: 276f834bcc7b881b349e1ac682a4ac2d2b29dde24a6445dcf4adaf296101b112
                                                                                                                                                              • Opcode Fuzzy Hash: 15457d4cd492d6e01e955470869bfc39260c55ca7ba40b2958126f2227dbb189
                                                                                                                                                              • Instruction Fuzzy Hash: B441C372E08A4282EA10EB55E84057AE7A5FB44790FB44139DEAD47BA4DF3CE452C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC655A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                              			E00007FF77FF78EC655A0(void* __rax, long long __rbx, void* __rcx, void* __r8, char _a24, char _a8216, signed int _a16408, long long _a16448) {
				void* __rdi;
				void* _t15;
				long _t18;
				void* _t19;
				void* _t24;
				void* _t36;
				void* _t42;
				void* _t43;
				signed long long _t52;
				signed long long _t53;
				long long _t55;
				signed long long _t79;
				void* _t81;
				void* _t82;
				void* _t83;
				void* _t91;
				void* _t92;
				void* _t93;

				_t86 = __r8;
				_t55 = __rbx;
				E00007FF77FF78EC6A070(0x4030, __rax, _t92, _t93);
				_t84 = _t83 - __rax;
				_t52 =  *0x8ec9d000; // 0xa1f108556e84
				_t53 = _t52 ^ _t83 - __rax;
				_a16408 = _t53;
				_t74 = __rcx;
				r8d = 0;
				_t15 = E00007FF77FF78EC66D10(_t53, __rbx, __rcx, __rcx, _t81, __r8);
				if (_t53 != 0) goto 0x8ec655e9;
				E00007FF77FF78EC61C50(_t15, _t53, "LOADER: Failed to convert runtime-tmpdir to a wide string.\n", _t74, _t86, _t91);
				goto 0x8ec656f8;
				r8d = 0x1000;
				_a16448 = _t55;
				_t18 = ExpandEnvironmentStringsW(??, ??, ??);
				_t19 = E00007FF77FF78EC73ED8(0, _t53,  &_a24, _t86);
				if (_t18 != 0) goto 0x8ec65626;
				E00007FF77FF78EC61C50(_t19, _t53, "LOADER: Failed to expand environment variables in the runtime-tmpdir.\n",  &_a24, _t86, _t91);
				goto 0x8ec656f0;
				if (E00007FF77FF78EC668C0(_t55,  &_a24) == 0) goto 0x8ec65640;
				E00007FF77FF78EC75E28(_t53, _t55,  &_a24, _t81, _t82);
				goto 0x8ec65652;
				r8d = 0x1000;
				_t24 = E00007FF77FF78EC75158(0, _t36, _t53, _t55,  &_a24,  &_a24, _t53, _t81, _t86);
				if (_t53 != 0) goto 0x8ec6566d;
				E00007FF77FF78EC61C50(_t24, _t53, "LOADER: Failed to obtain the absolute path of the runtime-tmpdir.\n",  &_a24, _t86, _t91);
				goto 0x8ec656f0;
				r8d = 0x2000;
				E00007FF77FF78EC6B7B0();
				E00007FF77FF78EC6B624(0x5c, _t53, _t91);
				_t79 = _t53;
				if (_t53 == 0) goto 0x8ec656e2;
				asm("o16 nop [eax+eax]");
				E00007FF77FF78EC75EAC(0, _t42, _t43,  &_a8216, _t53, _t79, (_t79 - _t53 >> 1) + 1);
				CreateDirectoryW(??, ??);
				_t10 = _t79 + 2; // 0x2
				E00007FF77FF78EC6B624(0x5c, _t10, _t91);
				if (_t53 != 0) goto 0x8ec656a0;
				return E00007FF77FF78EC6A040(CreateDirectoryW(??, ??), 0, _a16408 ^ _t84);
			}





















                                                                                                                                                              0x7ff78ec655a0
                                                                                                                                                              0x7ff78ec655a0
                                                                                                                                                              0x7ff78ec655a7
                                                                                                                                                              0x7ff78ec655ac
                                                                                                                                                              0x7ff78ec655af
                                                                                                                                                              0x7ff78ec655b6
                                                                                                                                                              0x7ff78ec655b9
                                                                                                                                                              0x7ff78ec655c1
                                                                                                                                                              0x7ff78ec655c4
                                                                                                                                                              0x7ff78ec655c9
                                                                                                                                                              0x7ff78ec655d4
                                                                                                                                                              0x7ff78ec655dd
                                                                                                                                                              0x7ff78ec655e4
                                                                                                                                                              0x7ff78ec655e9
                                                                                                                                                              0x7ff78ec655ef
                                                                                                                                                              0x7ff78ec655ff
                                                                                                                                                              0x7ff78ec6560a
                                                                                                                                                              0x7ff78ec65611
                                                                                                                                                              0x7ff78ec6561a
                                                                                                                                                              0x7ff78ec65621
                                                                                                                                                              0x7ff78ec65632
                                                                                                                                                              0x7ff78ec65639
                                                                                                                                                              0x7ff78ec6563e
                                                                                                                                                              0x7ff78ec65640
                                                                                                                                                              0x7ff78ec6564d
                                                                                                                                                              0x7ff78ec65658
                                                                                                                                                              0x7ff78ec65661
                                                                                                                                                              0x7ff78ec65668
                                                                                                                                                              0x7ff78ec65677
                                                                                                                                                              0x7ff78ec6567d
                                                                                                                                                              0x7ff78ec6568a
                                                                                                                                                              0x7ff78ec6568f
                                                                                                                                                              0x7ff78ec65695
                                                                                                                                                              0x7ff78ec65697
                                                                                                                                                              0x7ff78ec656b7
                                                                                                                                                              0x7ff78ec656c6
                                                                                                                                                              0x7ff78ec656d1
                                                                                                                                                              0x7ff78ec656d5
                                                                                                                                                              0x7ff78ec656e0
                                                                                                                                                              0x7ff78ec65710

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF78EC66D10: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC66D4A
                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF78EC658EF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF78EC655FF
                                                                                                                                                              Strings
                                                                                                                                                              • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF78EC65613
                                                                                                                                                              • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF78EC655D6
                                                                                                                                                              • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF78EC6565A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                              • API String ID: 2001182103-3498232454
                                                                                                                                                              • Opcode ID: 395eb4d83bddf4265a9cb5c8f8d4d8032859ba964a8fd3fea1c26e2e8d64cd22
                                                                                                                                                              • Instruction ID: 8d65179925b6e5c01b63d204e12892167fc7b4155011282b78634f861e38e156
                                                                                                                                                              • Opcode Fuzzy Hash: 395eb4d83bddf4265a9cb5c8f8d4d8032859ba964a8fd3fea1c26e2e8d64cd22
                                                                                                                                                              • Instruction Fuzzy Hash: 57315011F1D78250FA64BBA5E9552BB9291BF987C0FF44439DA4E427A6EF3CE104C620
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6C178 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF77FF78EC6C178(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				struct HINSTANCE__* _t81;
				long long _t85;
				void* _t89;
				struct HINSTANCE__* _t94;
				long _t97;
				void* _t100;
				signed long long _t101;
				WCHAR* _t104;

				 *((long long*)(_t89 + 8)) = __rbx;
				 *((long long*)(_t89 + 0x10)) = _t85;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t101 = _t100 | 0xffffffff;
				_t61 =  *((intOrPtr*)(0x7ff78ec60000 + 0x4c710 + _t81 * 8));
				if (_t61 == _t101) goto 0x8ec6c2a7;
				if (_t61 != 0) goto 0x8ec6c2a9;
				if (__r8 == __r9) goto 0x8ec6c29f;
				_t67 =  *((intOrPtr*)(0x7ff78ec60000 + 0x4c6f8 + __rsi * 8));
				if (_t67 == 0) goto 0x8ec6c1ea;
				if (_t67 != _t101) goto 0x8ec6c281;
				goto 0x8ec6c255;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t100, _t97);
				_t68 = _t61;
				if (_t61 != 0) goto 0x8ec6c261;
				if (GetLastError() != 0x57) goto 0x8ec6c243;
				_t14 = _t68 + 7; // 0x7
				r8d = _t14;
				if (E00007FF77FF78EC79E9C(__r8) == 0) goto 0x8ec6c243;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t61 != 0) goto 0x8ec6c261;
				 *((intOrPtr*)(0x7ff78ec60000 + 0x4c6f8 + __rsi * 8)) = _t101;
				goto 0x8ec6c1c8;
				_t21 = 0x7ff78ec60000 + 0x4c6f8 + __rsi * 8;
				_t65 =  *_t21;
				 *_t21 = _t61;
				if (_t65 == 0) goto 0x8ec6c281;
				FreeLibrary(_t94);
				GetProcAddress(_t81);
				if (_t65 == 0) goto 0x8ec6c29f;
				 *((intOrPtr*)(0x7ff78ec60000 + 0x4c710 + _t81 * 8)) = _t65;
				goto 0x8ec6c2a9;
				 *((intOrPtr*)(0x7ff78ec60000 + 0x4c710 + _t81 * 8)) = _t101;
				return 0;
			}















                                                                                                                                                              0x7ff78ec6c178
                                                                                                                                                              0x7ff78ec6c17d
                                                                                                                                                              0x7ff78ec6c182
                                                                                                                                                              0x7ff78ec6c19d
                                                                                                                                                              0x7ff78ec6c1aa
                                                                                                                                                              0x7ff78ec6c1b6
                                                                                                                                                              0x7ff78ec6c1bf
                                                                                                                                                              0x7ff78ec6c1c8
                                                                                                                                                              0x7ff78ec6c1d1
                                                                                                                                                              0x7ff78ec6c1dd
                                                                                                                                                              0x7ff78ec6c1e2
                                                                                                                                                              0x7ff78ec6c1e8
                                                                                                                                                              0x7ff78ec6c1f7
                                                                                                                                                              0x7ff78ec6c1fd
                                                                                                                                                              0x7ff78ec6c203
                                                                                                                                                              0x7ff78ec6c209
                                                                                                                                                              0x7ff78ec6c214
                                                                                                                                                              0x7ff78ec6c216
                                                                                                                                                              0x7ff78ec6c216
                                                                                                                                                              0x7ff78ec6c22b
                                                                                                                                                              0x7ff78ec6c22d
                                                                                                                                                              0x7ff78ec6c235
                                                                                                                                                              0x7ff78ec6c241
                                                                                                                                                              0x7ff78ec6c24d
                                                                                                                                                              0x7ff78ec6c25c
                                                                                                                                                              0x7ff78ec6c26b
                                                                                                                                                              0x7ff78ec6c26b
                                                                                                                                                              0x7ff78ec6c26b
                                                                                                                                                              0x7ff78ec6c276
                                                                                                                                                              0x7ff78ec6c27b
                                                                                                                                                              0x7ff78ec6c287
                                                                                                                                                              0x7ff78ec6c290
                                                                                                                                                              0x7ff78ec6c295
                                                                                                                                                              0x7ff78ec6c29d
                                                                                                                                                              0x7ff78ec6c29f
                                                                                                                                                              0x7ff78ec6c2c5

                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF78EC6C42A,?,?,?,00007FF78EC6C11C,?,?,00000001,00007FF78EC6BD39), ref: 00007FF78EC6C1FD
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF78EC6C42A,?,?,?,00007FF78EC6C11C,?,?,00000001,00007FF78EC6BD39), ref: 00007FF78EC6C20B
                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF78EC6C42A,?,?,?,00007FF78EC6C11C,?,?,00000001,00007FF78EC6BD39), ref: 00007FF78EC6C235
                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF78EC6C42A,?,?,?,00007FF78EC6C11C,?,?,00000001,00007FF78EC6BD39), ref: 00007FF78EC6C27B
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF78EC6C42A,?,?,?,00007FF78EC6C11C,?,?,00000001,00007FF78EC6BD39), ref: 00007FF78EC6C287
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                              • Opcode ID: c7b5a127782adb6287aa8122f4b1c4e7f8537a2c8b18c9206494bb7e0b67d0f4
                                                                                                                                                              • Instruction ID: 89bf8b8b0932952814dc48a702ffbc4e220c2c1dbe60ff0a22f7403264b55d7a
                                                                                                                                                              • Opcode Fuzzy Hash: c7b5a127782adb6287aa8122f4b1c4e7f8537a2c8b18c9206494bb7e0b67d0f4
                                                                                                                                                              • Instruction Fuzzy Hash: DB319421F1A65291FE51BBC6EC00976A394BF49BA0FAA4539DD2D573A0EF3CE444C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66D10 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC66D4A
                                                                                                                                                                • Part of subcall function 00007FF78EC61CB0: GetLastError.KERNEL32(?,?,00000000,00007FF78EC66864,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC61CD7
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC66DD0
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                              • API String ID: 1717984340-876015163
                                                                                                                                                              • Opcode ID: 4f0c6bc7b11372aed5319b08498c5081c00d6ff21e3e848fa80df47cf50eae0a
                                                                                                                                                              • Instruction ID: e3c27138701fc728d30852258ea9ba52cfee6a4810ed45d320b9e82a424ef96a
                                                                                                                                                              • Opcode Fuzzy Hash: 4f0c6bc7b11372aed5319b08498c5081c00d6ff21e3e848fa80df47cf50eae0a
                                                                                                                                                              • Instruction Fuzzy Hash: 0E21A821F08A5292EB50EB59F9000AAE761FF847C4FA84136DB5D93B69EF3CE551C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7AAB0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AABF
                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AAD4
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AAF5
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AB22
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AB33
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AB44
                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AB5F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                              • Opcode ID: c940a6dd2148e608d9888d762462463afabf16e1f15555649911ded38990cd3b
                                                                                                                                                              • Instruction ID: 9b1faab244e59d5c2c111ec9a8b39415300cbccd7550c144f828900aa5f32f2e
                                                                                                                                                              • Opcode Fuzzy Hash: c940a6dd2148e608d9888d762462463afabf16e1f15555649911ded38990cd3b
                                                                                                                                                              • Instruction Fuzzy Hash: 3F214521E0D20646FA98BBA9DA45079E6427F457F0FB48739E93E066D6EF3CE441C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC86FFC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                              • Opcode ID: 25a38ad91bb89dfa904c6f75e80a85761cd8d9635167a062241b29f482f95994
                                                                                                                                                              • Instruction ID: 93c6418fde1c11b4153b7e0e8c36b09e1f16d95bb72b66bc04581d9aa9530d00
                                                                                                                                                              • Opcode Fuzzy Hash: 25a38ad91bb89dfa904c6f75e80a85761cd8d9635167a062241b29f482f95994
                                                                                                                                                              • Instruction Fuzzy Hash: 4F119021F18B5186E750AB92E954329E6A0FB98BE4FA40234EE2D87794EF3CD404C750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7AC28 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7AC37
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7AC6D
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7AC9A
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7ACAB
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7ACBC
                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7ACD7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                              • Opcode ID: 6c9975334ad6ec263309aa8c9021f61e80af89c3463c72ff03b3cf98a0bf7665
                                                                                                                                                              • Instruction ID: 9d8041dbb47259e2487608235dc44c5787888628b9d2aa134143763d72bcf258
                                                                                                                                                              • Opcode Fuzzy Hash: 6c9975334ad6ec263309aa8c9021f61e80af89c3463c72ff03b3cf98a0bf7665
                                                                                                                                                              • Instruction Fuzzy Hash: 57115821E0C60646FA58BBA9DA4107DE2427F457B0FB48738E92E067D6EF3DE401C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6D6F4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 63%
                                                                                                                                                              			E00007FF77FF78EC6D6F4(void* __ecx, void* __esi, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				signed int _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				void* _t55;
				intOrPtr _t60;
				signed int _t102;
				void* _t110;
				intOrPtr _t112;
				signed int* _t116;
				intOrPtr* _t137;
				void* _t140;
				void* _t143;
				void* _t145;
				void* _t159;
				void* _t160;

				_t110 = _t145;
				 *((long long*)(_t110 + 8)) = __rbx;
				 *((long long*)(_t110 + 0x10)) = __rbp;
				 *((long long*)(_t110 + 0x18)) = __rsi;
				 *((long long*)(_t110 + 0x20)) = __rdi;
				_t137 = __rcx;
				_t140 = __r9;
				_t160 = __r8;
				_t143 = __rdx;
				E00007FF77FF78EC6BF54(_t55, __r8);
				E00007FF77FF78EC6BFB0(_t110);
				_t116 = _a40;
				if ( *((intOrPtr*)(_t110 + 0x40)) != 0) goto 0x8ec6d776;
				if ( *__rcx == 0xe06d7363) goto 0x8ec6d776;
				if ( *__rcx != 0x80000029) goto 0x8ec6d75a;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0x8ec6d75e;
				if ( *((long long*)(__rcx + 0x60)) == 0x19930520) goto 0x8ec6d776;
				if ( *__rcx == 0x80000026) goto 0x8ec6d776;
				if (( *_t116 & 0x1fffffff) - 0x19930522 < 0) goto 0x8ec6d776;
				if ((_t116[9] & 0x00000001) != 0) goto 0x8ec6d905;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0x8ec6d80e;
				if (_t116[1] == 0) goto 0x8ec6d905;
				if (_a48 != 0) goto 0x8ec6d905;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0x8ec6d7fb;
				if ( *__rcx != 0x80000026) goto 0x8ec6d7d9;
				_t60 = E00007FF77FF78EC6CAC4(_t116, __r9,  *((intOrPtr*)(__r9 + 0x20)), __r9);
				if (_t60 - 0xffffffff < 0) goto 0x8ec6d925;
				if (_t60 - _t116[1] >= 0) goto 0x8ec6d925;
				r9d = _t60;
				E00007FF77FF78EC6DC94(_t110, _t143, __r9, _t116);
				goto 0x8ec6d905;
				if ( *_t137 != 0x80000029) goto 0x8ec6d7fb;
				r9d =  *((intOrPtr*)(_t137 + 0x38));
				if (r9d - 0xffffffff < 0) goto 0x8ec6d925;
				if (r9d - _t116[1] >= 0) goto 0x8ec6d925;
				goto 0x8ec6d7c9;
				E00007FF77FF78EC6C53C(r9d - _t116[1], _t110, _t116, __r9, __r9, _t116);
				goto 0x8ec6d905;
				if (_t116[3] != 0) goto 0x8ec6d856;
				if (( *_t116 & 0x1fffffff) - 0x19930521 < 0) goto 0x8ec6d836;
				_t102 = _t116[8];
				if (_t102 == 0) goto 0x8ec6d836;
				E00007FF77FF78EC6C940(_t110);
				if (_t102 != 0) goto 0x8ec6d856;
				if (( *_t116 & 0x1fffffff) - 0x19930522 < 0) goto 0x8ec6d905;
				if ((_t116[9] >> 0x00000002 & 0x00000001) == 0) goto 0x8ec6d905;
				if ( *_t137 != 0xe06d7363) goto 0x8ec6d8cc;
				if ( *((intOrPtr*)(_t137 + 0x18)) - 3 < 0) goto 0x8ec6d8cc;
				if ( *((intOrPtr*)(_t137 + 0x20)) - 0x19930522 <= 0) goto 0x8ec6d8cc;
				_t112 =  *((intOrPtr*)(_t137 + 0x30));
				if ( *((intOrPtr*)(_t112 + 8)) == 0) goto 0x8ec6d8cc;
				E00007FF77FF78EC6C954(_t112);
				if (_t112 +  *((intOrPtr*)( *((intOrPtr*)(_t137 + 0x30)) + 8)) == 0) goto 0x8ec6d8cc;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t116;
				 *0x8ec8a360(_t159);
				goto 0x8ec6d90a;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t116;
				E00007FF77FF78EC6CEC0(_a64 & 0x000000ff, 0x80000026, __esi, _t137, _t143, _t160, _t140, _t112 +  *((intOrPtr*)( *((intOrPtr*)(_t137 + 0x30)) + 8)));
				return 1;
			}



















                                                                                                                                                              0x7ff78ec6d6f4
                                                                                                                                                              0x7ff78ec6d6f7
                                                                                                                                                              0x7ff78ec6d6fb
                                                                                                                                                              0x7ff78ec6d6ff
                                                                                                                                                              0x7ff78ec6d703
                                                                                                                                                              0x7ff78ec6d70d
                                                                                                                                                              0x7ff78ec6d710
                                                                                                                                                              0x7ff78ec6d716
                                                                                                                                                              0x7ff78ec6d719
                                                                                                                                                              0x7ff78ec6d71c
                                                                                                                                                              0x7ff78ec6d721
                                                                                                                                                              0x7ff78ec6d726
                                                                                                                                                              0x7ff78ec6d73c
                                                                                                                                                              0x7ff78ec6d744
                                                                                                                                                              0x7ff78ec6d748
                                                                                                                                                              0x7ff78ec6d74e
                                                                                                                                                              0x7ff78ec6d758
                                                                                                                                                              0x7ff78ec6d75c
                                                                                                                                                              0x7ff78ec6d76a
                                                                                                                                                              0x7ff78ec6d770
                                                                                                                                                              0x7ff78ec6d77a
                                                                                                                                                              0x7ff78ec6d784
                                                                                                                                                              0x7ff78ec6d792
                                                                                                                                                              0x7ff78ec6d79c
                                                                                                                                                              0x7ff78ec6d7a0
                                                                                                                                                              0x7ff78ec6d7ac
                                                                                                                                                              0x7ff78ec6d7b4
                                                                                                                                                              0x7ff78ec6d7bd
                                                                                                                                                              0x7ff78ec6d7c3
                                                                                                                                                              0x7ff78ec6d7cf
                                                                                                                                                              0x7ff78ec6d7d4
                                                                                                                                                              0x7ff78ec6d7db
                                                                                                                                                              0x7ff78ec6d7dd
                                                                                                                                                              0x7ff78ec6d7e5
                                                                                                                                                              0x7ff78ec6d7ef
                                                                                                                                                              0x7ff78ec6d7f9
                                                                                                                                                              0x7ff78ec6d804
                                                                                                                                                              0x7ff78ec6d809
                                                                                                                                                              0x7ff78ec6d812
                                                                                                                                                              0x7ff78ec6d820
                                                                                                                                                              0x7ff78ec6d822
                                                                                                                                                              0x7ff78ec6d826
                                                                                                                                                              0x7ff78ec6d828
                                                                                                                                                              0x7ff78ec6d834
                                                                                                                                                              0x7ff78ec6d842
                                                                                                                                                              0x7ff78ec6d850
                                                                                                                                                              0x7ff78ec6d85c
                                                                                                                                                              0x7ff78ec6d862
                                                                                                                                                              0x7ff78ec6d86b
                                                                                                                                                              0x7ff78ec6d86d
                                                                                                                                                              0x7ff78ec6d875
                                                                                                                                                              0x7ff78ec6d877
                                                                                                                                                              0x7ff78ec6d88a
                                                                                                                                                              0x7ff78ec6d8a1
                                                                                                                                                              0x7ff78ec6d8b0
                                                                                                                                                              0x7ff78ec6d8b8
                                                                                                                                                              0x7ff78ec6d8bf
                                                                                                                                                              0x7ff78ec6d8c4
                                                                                                                                                              0x7ff78ec6d8ca
                                                                                                                                                              0x7ff78ec6d8d7
                                                                                                                                                              0x7ff78ec6d8e9
                                                                                                                                                              0x7ff78ec6d8f7
                                                                                                                                                              0x7ff78ec6d8fb
                                                                                                                                                              0x7ff78ec6d900
                                                                                                                                                              0x7ff78ec6d924

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                              • API String ID: 851805269-3733052814
                                                                                                                                                              • Opcode ID: 950ae6828b2f61cd077b98b3d11d61ed14320742099c75916b852c21ec08a04d
                                                                                                                                                              • Instruction ID: d7142d381f0b1f59a4b0e3e8f8763d7679beac808f223812fdbd7e82053567a8
                                                                                                                                                              • Opcode Fuzzy Hash: 950ae6828b2f61cd077b98b3d11d61ed14320742099c75916b852c21ec08a04d
                                                                                                                                                              • Instruction Fuzzy Hash: 7461C232D0C34286EB60BF95E44427ABBA0FB55B84FA48139DA9D47BA9CF3CE450C751
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6BB38 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                              			E00007FF77FF78EC6BB38(void* __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __r8, intOrPtr* __r9) {
				void* _t76;
				void* _t83;
				void* _t84;
				intOrPtr _t101;
				intOrPtr _t103;
				void* _t113;
				void* _t118;
				void* _t130;
				long long _t133;
				intOrPtr* _t135;
				signed long long _t144;
				void* _t150;
				signed long long _t154;
				void* _t156;
				long long _t158;
				intOrPtr* _t159;
				void* _t161;
				void* _t162;
				signed long long _t166;
				void* _t170;
				intOrPtr _t171;
				void* _t173;
				void* _t174;
				void* _t176;
				void* _t178;
				void* _t180;
				intOrPtr* _t181;

				_t130 = __rax;
				 *((long long*)(_t161 + 8)) = __rbx;
				 *((long long*)(_t161 + 0x10)) = _t158;
				 *((long long*)(_t161 + 0x18)) = __rsi;
				_t162 = _t161 - 0x40;
				_t159 = __rcx;
				_t181 = __r9;
				_t174 = __rdx;
				E00007FF77FF78EC6BF54(_t76, __r8);
				_t171 =  *((intOrPtr*)(__r9 + 8));
				_t135 =  *((intOrPtr*)(__r9 + 0x38));
				_t178 =  *__r9 - _t171;
				_t103 =  *((intOrPtr*)(__r9 + 0x48));
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0x8ec6bc60;
				 *((long long*)(_t162 + 0x30)) = __rcx;
				 *((long long*)(_t162 + 0x38)) = __r8;
				if (_t103 -  *_t135 >= 0) goto 0x8ec6bd0c;
				_t154 = __r8 + __r8;
				if (_t178 - _t130 < 0) goto 0x8ec6bc52;
				if (_t178 - _t130 >= 0) goto 0x8ec6bc52;
				if ( *((intOrPtr*)(_t135 + 0x10 + _t154 * 8)) == 0) goto 0x8ec6bc52;
				if ( *((intOrPtr*)(_t135 + 0xc + _t154 * 8)) == 1) goto 0x8ec6bbde;
				_t113 =  *((long long*)(_t130 + _t171))(_t180, _t176, _t173, _t170, _t150);
				if (_t113 < 0) goto 0x8ec6bc59;
				if (_t113 <= 0) goto 0x8ec6bc52;
				if ( *((intOrPtr*)(__rcx)) != 0xe06d7363) goto 0x8ec6bc0f;
				if ( *0x8ec903f0 == 0) goto 0x8ec6bc0f;
				if (E00007FF77FF78EC88F70(_t130 + _t171, _t135, 0x8ec903f0) == 0) goto 0x8ec6bc0f;
				_t83 =  *0x8ec903f0();
				r8d = 1;
				_t84 = E00007FF77FF78EC6BF20(_t83, _t159 + _t171, _t174);
				_t101 =  *((intOrPtr*)(_t135 + 0x10 + _t154 * 8));
				r9d =  *_t159;
				 *((long long*)(_t162 + 0x28)) =  *((intOrPtr*)(_t181 + 0x40));
				_t133 =  *((intOrPtr*)(_t181 + 0x28));
				 *((long long*)(_t162 + 0x20)) = _t133;
				__imp__RtlUnwindEx();
				E00007FF77FF78EC6BF50(_t84);
				goto 0x8ec6bb8e;
				goto 0x8ec6bd11;
				_t156 =  *((intOrPtr*)(_t181 + 0x20)) - _t171;
				goto 0x8ec6bd02;
				_t144 = _t174 + _t174;
				if (_t178 - _t133 < 0) goto 0x8ec6bd00;
				_t118 = _t178 - _t133;
				if (_t118 >= 0) goto 0x8ec6bd00;
				r10d =  *(_t159 + 4);
				r10d = r10d & 0x00000020;
				if (_t118 == 0) goto 0x8ec6bcd5;
				r9d = 0;
				if (_t101 == 0) goto 0x8ec6bcd0;
				r8d = r9d;
				_t166 = _t159 + _t159;
				if (_t156 - _t133 < 0) goto 0x8ec6bcc8;
				if (_t156 - _t133 >= 0) goto 0x8ec6bcc8;
				if ( *((intOrPtr*)(_t135 + 0x10 + _t166 * 8)) !=  *((intOrPtr*)(_t135 + 0x10 + _t144 * 8))) goto 0x8ec6bcc8;
				if ( *((intOrPtr*)(_t135 + 0xc + _t166 * 8)) ==  *((intOrPtr*)(_t135 + 0xc + _t144 * 8))) goto 0x8ec6bcd0;
				r9d = r9d + 1;
				if (r9d - _t101 < 0) goto 0x8ec6bc98;
				if (r9d != _t101) goto 0x8ec6bd0c;
				if ( *((intOrPtr*)(_t135 + 0x10 + _t144 * 8)) == 0) goto 0x8ec6bce9;
				if (_t156 != _t133) goto 0x8ec6bd00;
				if (r10d != 0) goto 0x8ec6bd0c;
				goto 0x8ec6bd00;
				 *((intOrPtr*)(_t181 + 0x48)) = _t150 + 1;
				r8d =  *((intOrPtr*)(_t135 + 0xc + _t144 * 8));
				 *((long long*)(_t166 + _t171))();
				if (_t103 + 2 -  *_t135 < 0) goto 0x8ec6bc6c;
				return 1;
			}






























                                                                                                                                                              0x7ff78ec6bb38
                                                                                                                                                              0x7ff78ec6bb38
                                                                                                                                                              0x7ff78ec6bb3d
                                                                                                                                                              0x7ff78ec6bb42
                                                                                                                                                              0x7ff78ec6bb50
                                                                                                                                                              0x7ff78ec6bb54
                                                                                                                                                              0x7ff78ec6bb57
                                                                                                                                                              0x7ff78ec6bb60
                                                                                                                                                              0x7ff78ec6bb63
                                                                                                                                                              0x7ff78ec6bb68
                                                                                                                                                              0x7ff78ec6bb6f
                                                                                                                                                              0x7ff78ec6bb73
                                                                                                                                                              0x7ff78ec6bb7a
                                                                                                                                                              0x7ff78ec6bb7e
                                                                                                                                                              0x7ff78ec6bb84
                                                                                                                                                              0x7ff78ec6bb89
                                                                                                                                                              0x7ff78ec6bb90
                                                                                                                                                              0x7ff78ec6bb98
                                                                                                                                                              0x7ff78ec6bba2
                                                                                                                                                              0x7ff78ec6bbaf
                                                                                                                                                              0x7ff78ec6bbba
                                                                                                                                                              0x7ff78ec6bbc5
                                                                                                                                                              0x7ff78ec6bbd8
                                                                                                                                                              0x7ff78ec6bbda
                                                                                                                                                              0x7ff78ec6bbdc
                                                                                                                                                              0x7ff78ec6bbe5
                                                                                                                                                              0x7ff78ec6bbef
                                                                                                                                                              0x7ff78ec6bbff
                                                                                                                                                              0x7ff78ec6bc09
                                                                                                                                                              0x7ff78ec6bc13
                                                                                                                                                              0x7ff78ec6bc1f
                                                                                                                                                              0x7ff78ec6bc2b
                                                                                                                                                              0x7ff78ec6bc32
                                                                                                                                                              0x7ff78ec6bc39
                                                                                                                                                              0x7ff78ec6bc3e
                                                                                                                                                              0x7ff78ec6bc42
                                                                                                                                                              0x7ff78ec6bc47
                                                                                                                                                              0x7ff78ec6bc4d
                                                                                                                                                              0x7ff78ec6bc54
                                                                                                                                                              0x7ff78ec6bc5b
                                                                                                                                                              0x7ff78ec6bc64
                                                                                                                                                              0x7ff78ec6bc67
                                                                                                                                                              0x7ff78ec6bc6e
                                                                                                                                                              0x7ff78ec6bc78
                                                                                                                                                              0x7ff78ec6bc82
                                                                                                                                                              0x7ff78ec6bc85
                                                                                                                                                              0x7ff78ec6bc87
                                                                                                                                                              0x7ff78ec6bc8b
                                                                                                                                                              0x7ff78ec6bc8f
                                                                                                                                                              0x7ff78ec6bc91
                                                                                                                                                              0x7ff78ec6bc96
                                                                                                                                                              0x7ff78ec6bc98
                                                                                                                                                              0x7ff78ec6bc9b
                                                                                                                                                              0x7ff78ec6bca6
                                                                                                                                                              0x7ff78ec6bcb0
                                                                                                                                                              0x7ff78ec6bcbb
                                                                                                                                                              0x7ff78ec6bcc6
                                                                                                                                                              0x7ff78ec6bcc8
                                                                                                                                                              0x7ff78ec6bcce
                                                                                                                                                              0x7ff78ec6bcd3
                                                                                                                                                              0x7ff78ec6bcdb
                                                                                                                                                              0x7ff78ec6bce0
                                                                                                                                                              0x7ff78ec6bce5
                                                                                                                                                              0x7ff78ec6bce7
                                                                                                                                                              0x7ff78ec6bcef
                                                                                                                                                              0x7ff78ec6bcf3
                                                                                                                                                              0x7ff78ec6bcfd
                                                                                                                                                              0x7ff78ec6bd06
                                                                                                                                                              0x7ff78ec6bd2e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                              • String ID: csm$f
                                                                                                                                                              • API String ID: 2395640692-629598281
                                                                                                                                                              • Opcode ID: 6900edcc1fa400eb38c1eb5f42e136e427448ac8628f1593a5b885d2bf070d95
                                                                                                                                                              • Instruction ID: ddeddd603ca61e1fb76f4aa01ac06116933edec61eacad89a07d2e68e4e17751
                                                                                                                                                              • Opcode Fuzzy Hash: 6900edcc1fa400eb38c1eb5f42e136e427448ac8628f1593a5b885d2bf070d95
                                                                                                                                                              • Instruction Fuzzy Hash: B851C632E0960296EB14EF55E444A7ABB95FB50BC8FA08138DE1E47758DF78E941C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC78D90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                              • Opcode ID: f4d1d4ada2980999414c083bf883c8cbbe26688c97fecdee198fdf72bb517a28
                                                                                                                                                              • Instruction ID: 46675544313bf9791096704b5ddab8cc6e53f90febf6cd2046eeb08168e03f48
                                                                                                                                                              • Opcode Fuzzy Hash: f4d1d4ada2980999414c083bf883c8cbbe26688c97fecdee198fdf72bb517a28
                                                                                                                                                              • Instruction Fuzzy Hash: 58F06262E1971281FB14ABA4E84537AA360FF59761FE40635CA6E452F4DF3CD448D320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC8874C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E00007FF77FF78EC8874C(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x8ec8877e;
				if (sil >= 0) goto 0x8ec8877e;
				E00007FF77FF78EC88EE4(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x8ec887d5;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x8ec88799;
				asm("dec eax");
				if (_t42 >= 0) goto 0x8ec88799;
				E00007FF77FF78EC88EE4(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x8ec887d5;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x8ec887b5;
				asm("dec eax");
				if (_t43 >= 0) goto 0x8ec887b5;
				E00007FF77FF78EC88EE4(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x8ec887d5;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x8ec887d5;
				asm("dec eax");
				if (_t44 >= 0) goto 0x8ec887d5;
				if ((dil & 0x00000010) == 0) goto 0x8ec887d2;
				E00007FF77FF78EC88EE4(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x8ec887ef;
				asm("dec eax");
				if (_t46 >= 0) goto 0x8ec887ef;
				E00007FF77FF78EC88EE4(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}













                                                                                                                                                              0x7ff78ec8874c
                                                                                                                                                              0x7ff78ec88751
                                                                                                                                                              0x7ff78ec88760
                                                                                                                                                              0x7ff78ec88768
                                                                                                                                                              0x7ff78ec8876d
                                                                                                                                                              0x7ff78ec88774
                                                                                                                                                              0x7ff78ec88779
                                                                                                                                                              0x7ff78ec8877c
                                                                                                                                                              0x7ff78ec88783
                                                                                                                                                              0x7ff78ec88786
                                                                                                                                                              0x7ff78ec88788
                                                                                                                                                              0x7ff78ec8878d
                                                                                                                                                              0x7ff78ec8878f
                                                                                                                                                              0x7ff78ec88794
                                                                                                                                                              0x7ff78ec88797
                                                                                                                                                              0x7ff78ec88799
                                                                                                                                                              0x7ff78ec8879d
                                                                                                                                                              0x7ff78ec8879f
                                                                                                                                                              0x7ff78ec887a4
                                                                                                                                                              0x7ff78ec887ab
                                                                                                                                                              0x7ff78ec887b0
                                                                                                                                                              0x7ff78ec887b3
                                                                                                                                                              0x7ff78ec887b5
                                                                                                                                                              0x7ff78ec887b9
                                                                                                                                                              0x7ff78ec887bb
                                                                                                                                                              0x7ff78ec887c0
                                                                                                                                                              0x7ff78ec887c6
                                                                                                                                                              0x7ff78ec887cd
                                                                                                                                                              0x7ff78ec887d2
                                                                                                                                                              0x7ff78ec887d5
                                                                                                                                                              0x7ff78ec887d9
                                                                                                                                                              0x7ff78ec887db
                                                                                                                                                              0x7ff78ec887e0
                                                                                                                                                              0x7ff78ec887e7
                                                                                                                                                              0x7ff78ec88805

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                              • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                              • Instruction ID: 7d5c1ccc49f8429606bd752d0badddabb6bee1496051485e9de8bf1adc0b573b
                                                                                                                                                              • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                              • Instruction Fuzzy Hash: B3119027E58A6202F66431AAD64737580617F54374FE40631F6AE06EDADF3C6840C134
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7ACF0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7AD0F
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7AD2E
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7AD56
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7AD67
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7AD78
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                              • Opcode ID: 328f4b4e298c608bbf4534667ebc31bc082cefde8e619169c695582eca08ad0e
                                                                                                                                                              • Instruction ID: 9aafed39d83cf9285ea7c8e07a087652e416a78d0e2f522f043178b8a20b0547
                                                                                                                                                              • Opcode Fuzzy Hash: 328f4b4e298c608bbf4534667ebc31bc082cefde8e619169c695582eca08ad0e
                                                                                                                                                              • Instruction Fuzzy Hash: A2115921E0C60245FB59BBA9DD451BAD242BF557B0FA49738E83E066D6EF3CF401C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7AB84 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F), ref: 00007FF78EC7AB95
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F), ref: 00007FF78EC7ABB4
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F), ref: 00007FF78EC7ABDC
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F), ref: 00007FF78EC7ABED
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F), ref: 00007FF78EC7ABFE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                              • Opcode ID: 0e6fb46ea43ddaa85ff62e3369364ec5d033076e7954bd204cc947d61d48f9a6
                                                                                                                                                              • Instruction ID: 222c12681337dd487b3194eceed61e1be3800942471a6afa3c9aefd0bf3c0483
                                                                                                                                                              • Opcode Fuzzy Hash: 0e6fb46ea43ddaa85ff62e3369364ec5d033076e7954bd204cc947d61d48f9a6
                                                                                                                                                              • Instruction Fuzzy Hash: 6A11DA21E0D20746FA587AE9DC111B992466F45774EF49B39E93D1A2D2EF3DF841C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7F554 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00007FF77FF78EC7F554(long long __rbx, signed int* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				signed int _t31;
				signed int _t33;
				signed int _t36;
				signed int _t49;
				signed int _t56;
				void* _t61;
				void* _t83;
				signed int _t89;
				void* _t90;
				signed int _t94;
				signed int _t109;
				intOrPtr* _t129;
				signed short* _t131;
				signed short* _t132;
				long long _t136;
				signed int _t138;
				signed short* _t142;
				signed short* _t143;
				void* _t144;

				_t109 = _t138;
				 *((long long*)(_t109 + 8)) = __rbx;
				 *((long long*)(_t109 + 0x10)) = _t136;
				 *((long long*)(_t109 + 0x18)) = __rsi;
				 *((long long*)(_t109 + 0x20)) = __rdi;
				 *__rcx = _t109;
				__rcx[2] = 0;
				r14d = 0x20;
				_t31 =  *0x8ecaca0c; // 0x0
				__rcx[1] = _t31;
				goto 0x8ec7f597;
				_t142 = __rdx + 2;
				_t33 =  *_t142 & 0x0000ffff;
				if (_t33 == r14w) goto 0x8ec7f58f;
				if (_t33 == 0x61) goto 0x8ec7f5c4;
				if (_t33 == 0x72) goto 0x8ec7f5bb;
				if (_t33 != 0x77) goto 0x8ec7f828;
				 *__rcx = 0x301;
				goto 0x8ec7f5ca;
				__rcx[1] = 1;
				goto 0x8ec7f5d1;
				 *__rcx = 0x109;
				__rcx[1] = 2;
				_t143 =  &(_t142[1]);
				r9b = bpl;
				dil = bpl;
				r10b = bpl;
				r11b = bpl;
				_t9 = _t136 + 0xa; // 0xa
				if ( *_t143 == 0) goto 0x8ec7f73a;
				_t56 =  *_t143 & 0x0000ffff;
				_t83 = _t56 - 0x53;
				if (_t83 > 0) goto 0x8ec7f6a4;
				if (_t83 == 0) goto 0x8ec7f68d;
				if (_t83 == 0) goto 0x8ec7f725;
				if (_t83 == 0) goto 0x8ec7f65b;
				if (_t83 == 0) goto 0x8ec7f653;
				if (_t83 == 0) goto 0x8ec7f641;
				_t61 = _t56 - r14d - 0xfffffffffffffff2 - _t9;
				if (_t83 == 0) goto 0x8ec7f638;
				if (_t61 != 4) goto 0x8ec7f828;
				if (r10b != 0) goto 0x8ec7f718;
				 *__rcx =  *__rcx | 0x00000010;
				goto 0x8ec7f699;
				asm("bts dword [ebx], 0x7");
				goto 0x8ec7f723;
				if (( *__rcx & 0x00000040) != 0) goto 0x8ec7f718;
				goto 0x8ec7f721;
				r11b = 1;
				goto 0x8ec7f718;
				if (dil != 0) goto 0x8ec7f718;
				_t36 =  *__rcx;
				dil = 1;
				if ((_t36 & 0x00000002) != 0) goto 0x8ec7f718;
				 *__rcx = _t36 & 0xfffffffe | 0x00000002;
				__rcx[1] = __rcx[1] & 0xfffffffc | 0x00000004;
				goto 0x8ec7f725;
				_t89 = r10b;
				if (_t89 != 0) goto 0x8ec7f718;
				 *__rcx =  *__rcx | r14d;
				r10b = 1;
				goto 0x8ec7f725;
				if (_t89 == 0) goto 0x8ec7f710;
				if (_t89 == 0) goto 0x8ec7f701;
				if (_t89 == 0) goto 0x8ec7f6ef;
				if (_t89 == 0) goto 0x8ec7f6e3;
				if (_t89 == 0) goto 0x8ec7f6d4;
				_t90 = _t61 - 0x34 - 4;
				if (_t90 != 0) goto 0x8ec7f828;
				asm("bt eax, 0x9");
				if (_t90 >= 0) goto 0x8ec7f718;
				asm("bts eax, 0xa");
				goto 0x8ec7f721;
				if (( *__rcx & 0x0000c000) != 0) goto 0x8ec7f718;
				asm("bts eax, 0xe");
				goto 0x8ec7f721;
				if (r9b != 0) goto 0x8ec7f718;
				asm("btr dword [ebx+0x4], 0xb");
				goto 0x8ec7f6f9;
				if (r9b != 0) goto 0x8ec7f718;
				asm("bts dword [ebx+0x4], 0xb");
				r9b = 1;
				goto 0x8ec7f725;
				_t94 =  *__rcx & 0x0000c000;
				if (_t94 != 0) goto 0x8ec7f718;
				asm("bts eax, 0xf");
				goto 0x8ec7f721;
				asm("bt eax, 0xc");
				if (_t94 >= 0) goto 0x8ec7f71d;
				goto 0x8ec7f725;
				asm("bts eax, 0xc");
				asm("dec eax");
				_t144 = _t143 + __rcx;
				if (1 != 0) goto 0x8ec7f5e8;
				_t128 =  ==  ? _t144 : _t144 + 2;
				goto 0x8ec7f74b;
				_t129 = ( ==  ? _t144 : _t144 + 2) + 2;
				if ( *_t129 == r14w) goto 0x8ec7f747;
				if (r11b != 0) goto 0x8ec7f768;
				if ( *_t129 != 0) goto 0x8ec7f828;
				__rcx[2] = 1;
				goto 0x8ec7f838;
				r8d = 3;
				if (E00007FF77FF78EC79E9C(_t144) != 0) goto 0x8ec7f828;
				goto 0x8ec7f78f;
				_t131 = _t129 + 8;
				_t49 =  *_t131 & 0x0000ffff;
				if (_t49 == r14w) goto 0x8ec7f78b;
				if (_t49 != 0x3d) goto 0x8ec7f828;
				_t132 =  &(_t131[1]);
				if ( *_t132 == r14w) goto 0x8ec7f7a2;
				r8d = 5;
				if (E00007FF77FF78EC85418(_t109, _t132) != 0) goto 0x8ec7f7cb;
				asm("bts dword [ebx], 0x12");
				goto 0x8ec7f80d;
				r8d = 8;
				if (E00007FF77FF78EC85418(_t109, _t132) != 0) goto 0x8ec7f7ed;
				asm("bts dword [ebx], 0x11");
				goto 0x8ec7f80d;
				r8d = 7;
				if (E00007FF77FF78EC85418(_t109, _t132) != 0) goto 0x8ec7f828;
				asm("bts dword [ebx], 0x10");
				goto 0x8ec7f817;
				if (( *(_t132 + __rsi + 2) & 0x0000ffff) == r14w) goto 0x8ec7f813;
				goto 0x8ec7f759;
				E00007FF77FF78EC75E08(_t109);
				 *_t109 = 0x16;
				return E00007FF77FF78EC7A250();
			}






















                                                                                                                                                              0x7ff78ec7f554
                                                                                                                                                              0x7ff78ec7f557
                                                                                                                                                              0x7ff78ec7f55b
                                                                                                                                                              0x7ff78ec7f55f
                                                                                                                                                              0x7ff78ec7f563
                                                                                                                                                              0x7ff78ec7f572
                                                                                                                                                              0x7ff78ec7f578
                                                                                                                                                              0x7ff78ec7f57b
                                                                                                                                                              0x7ff78ec7f581
                                                                                                                                                              0x7ff78ec7f587
                                                                                                                                                              0x7ff78ec7f58d
                                                                                                                                                              0x7ff78ec7f58f
                                                                                                                                                              0x7ff78ec7f593
                                                                                                                                                              0x7ff78ec7f59b
                                                                                                                                                              0x7ff78ec7f5a1
                                                                                                                                                              0x7ff78ec7f5a7
                                                                                                                                                              0x7ff78ec7f5ad
                                                                                                                                                              0x7ff78ec7f5b3
                                                                                                                                                              0x7ff78ec7f5b9
                                                                                                                                                              0x7ff78ec7f5bb
                                                                                                                                                              0x7ff78ec7f5c2
                                                                                                                                                              0x7ff78ec7f5c4
                                                                                                                                                              0x7ff78ec7f5ca
                                                                                                                                                              0x7ff78ec7f5d1
                                                                                                                                                              0x7ff78ec7f5d9
                                                                                                                                                              0x7ff78ec7f5dc
                                                                                                                                                              0x7ff78ec7f5df
                                                                                                                                                              0x7ff78ec7f5e2
                                                                                                                                                              0x7ff78ec7f5e5
                                                                                                                                                              0x7ff78ec7f5ec
                                                                                                                                                              0x7ff78ec7f5f2
                                                                                                                                                              0x7ff78ec7f5f6
                                                                                                                                                              0x7ff78ec7f5f9
                                                                                                                                                              0x7ff78ec7f5ff
                                                                                                                                                              0x7ff78ec7f608
                                                                                                                                                              0x7ff78ec7f611
                                                                                                                                                              0x7ff78ec7f616
                                                                                                                                                              0x7ff78ec7f61b
                                                                                                                                                              0x7ff78ec7f61d
                                                                                                                                                              0x7ff78ec7f61f
                                                                                                                                                              0x7ff78ec7f624
                                                                                                                                                              0x7ff78ec7f62d
                                                                                                                                                              0x7ff78ec7f633
                                                                                                                                                              0x7ff78ec7f636
                                                                                                                                                              0x7ff78ec7f638
                                                                                                                                                              0x7ff78ec7f63c
                                                                                                                                                              0x7ff78ec7f645
                                                                                                                                                              0x7ff78ec7f64e
                                                                                                                                                              0x7ff78ec7f653
                                                                                                                                                              0x7ff78ec7f656
                                                                                                                                                              0x7ff78ec7f65e
                                                                                                                                                              0x7ff78ec7f664
                                                                                                                                                              0x7ff78ec7f666
                                                                                                                                                              0x7ff78ec7f66b
                                                                                                                                                              0x7ff78ec7f67a
                                                                                                                                                              0x7ff78ec7f685
                                                                                                                                                              0x7ff78ec7f688
                                                                                                                                                              0x7ff78ec7f68d
                                                                                                                                                              0x7ff78ec7f690
                                                                                                                                                              0x7ff78ec7f696
                                                                                                                                                              0x7ff78ec7f699
                                                                                                                                                              0x7ff78ec7f69f
                                                                                                                                                              0x7ff78ec7f6a7
                                                                                                                                                              0x7ff78ec7f6ac
                                                                                                                                                              0x7ff78ec7f6b1
                                                                                                                                                              0x7ff78ec7f6b6
                                                                                                                                                              0x7ff78ec7f6bb
                                                                                                                                                              0x7ff78ec7f6bd
                                                                                                                                                              0x7ff78ec7f6c0
                                                                                                                                                              0x7ff78ec7f6c8
                                                                                                                                                              0x7ff78ec7f6cc
                                                                                                                                                              0x7ff78ec7f6ce
                                                                                                                                                              0x7ff78ec7f6d2
                                                                                                                                                              0x7ff78ec7f6db
                                                                                                                                                              0x7ff78ec7f6dd
                                                                                                                                                              0x7ff78ec7f6e1
                                                                                                                                                              0x7ff78ec7f6e6
                                                                                                                                                              0x7ff78ec7f6e8
                                                                                                                                                              0x7ff78ec7f6ed
                                                                                                                                                              0x7ff78ec7f6f2
                                                                                                                                                              0x7ff78ec7f6f4
                                                                                                                                                              0x7ff78ec7f6f9
                                                                                                                                                              0x7ff78ec7f6ff
                                                                                                                                                              0x7ff78ec7f703
                                                                                                                                                              0x7ff78ec7f708
                                                                                                                                                              0x7ff78ec7f70a
                                                                                                                                                              0x7ff78ec7f70e
                                                                                                                                                              0x7ff78ec7f712
                                                                                                                                                              0x7ff78ec7f716
                                                                                                                                                              0x7ff78ec7f71b
                                                                                                                                                              0x7ff78ec7f71d
                                                                                                                                                              0x7ff78ec7f729
                                                                                                                                                              0x7ff78ec7f72f
                                                                                                                                                              0x7ff78ec7f734
                                                                                                                                                              0x7ff78ec7f741
                                                                                                                                                              0x7ff78ec7f745
                                                                                                                                                              0x7ff78ec7f747
                                                                                                                                                              0x7ff78ec7f74f
                                                                                                                                                              0x7ff78ec7f754
                                                                                                                                                              0x7ff78ec7f759
                                                                                                                                                              0x7ff78ec7f75f
                                                                                                                                                              0x7ff78ec7f763
                                                                                                                                                              0x7ff78ec7f768
                                                                                                                                                              0x7ff78ec7f77f
                                                                                                                                                              0x7ff78ec7f789
                                                                                                                                                              0x7ff78ec7f78b
                                                                                                                                                              0x7ff78ec7f78f
                                                                                                                                                              0x7ff78ec7f796
                                                                                                                                                              0x7ff78ec7f79c
                                                                                                                                                              0x7ff78ec7f7a2
                                                                                                                                                              0x7ff78ec7f7aa
                                                                                                                                                              0x7ff78ec7f7ac
                                                                                                                                                              0x7ff78ec7f7c3
                                                                                                                                                              0x7ff78ec7f7c5
                                                                                                                                                              0x7ff78ec7f7c9
                                                                                                                                                              0x7ff78ec7f7cb
                                                                                                                                                              0x7ff78ec7f7e2
                                                                                                                                                              0x7ff78ec7f7e4
                                                                                                                                                              0x7ff78ec7f7eb
                                                                                                                                                              0x7ff78ec7f7ed
                                                                                                                                                              0x7ff78ec7f804
                                                                                                                                                              0x7ff78ec7f806
                                                                                                                                                              0x7ff78ec7f811
                                                                                                                                                              0x7ff78ec7f81e
                                                                                                                                                              0x7ff78ec7f823
                                                                                                                                                              0x7ff78ec7f828
                                                                                                                                                              0x7ff78ec7f82d
                                                                                                                                                              0x7ff78ec7f855

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                              • Opcode ID: 4c5a14b365211e3e93dbed1b4a307768974a75985a14d7ac45fb1570d02ad6a4
                                                                                                                                                              • Instruction ID: 1255c9a2c2b36b2aa7d11aa81700c00519a93a821b246fdbfee5d9107a6b726a
                                                                                                                                                              • Opcode Fuzzy Hash: 4c5a14b365211e3e93dbed1b4a307768974a75985a14d7ac45fb1570d02ad6a4
                                                                                                                                                              • Instruction Fuzzy Hash: 2781AF72E0C28A85FB656FADD99027CA6A0FB11B88FF58035CA0957294DF3DE801D761
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6D398 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF78EC6D398(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t19;
				void* _t27;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;

				_t27 = _t45;
				 *((long long*)(_t27 + 0x20)) = __rbx;
				 *((long long*)(_t27 + 0x18)) = __r8;
				 *((long long*)(_t27 + 0x10)) = __rdx;
				_t43 = _t27 - 0x3f;
				_t46 = _t45 - 0xc0;
				if ( *__rcx == 0x80000003) goto 0x8ec6d43c;
				E00007FF77FF78EC6BFB0(_t27);
				r12d =  *((intOrPtr*)(_t43 + 0x6f));
				if ( *((long long*)(_t27 + 0x10)) == 0) goto 0x8ec6d457;
				__imp__EncodePointer(_t59, _t56, _t54, _t52, _t36, _t39, _t42);
				E00007FF77FF78EC6BFB0(_t27);
				if ( *((intOrPtr*)(_t27 + 0x10)) == _t27) goto 0x8ec6d457;
				if ( *__rcx == 0xe0434f4d) goto 0x8ec6d457;
				r13d =  *((intOrPtr*)(_t43 + 0x77));
				if ( *__rcx == 0xe0434352) goto 0x8ec6d45b;
				 *((intOrPtr*)(_t46 + 0x38)) = r12d;
				 *((long long*)(_t46 + 0x30)) =  *((intOrPtr*)(_t43 + 0x7f));
				 *((intOrPtr*)(_t46 + 0x28)) = r13d;
				 *((long long*)(_t46 + 0x20)) =  *((intOrPtr*)(_t43 + 0x67));
				_t19 = E00007FF77FF78EC6C458(__rcx,  *((intOrPtr*)(_t43 + 0x4f)), __r8, __r9);
				if (_t19 == 0) goto 0x8ec6d45b;
				return _t19;
			}















                                                                                                                                                              0x7ff78ec6d398
                                                                                                                                                              0x7ff78ec6d39b
                                                                                                                                                              0x7ff78ec6d39f
                                                                                                                                                              0x7ff78ec6d3a3
                                                                                                                                                              0x7ff78ec6d3b2
                                                                                                                                                              0x7ff78ec6d3b6
                                                                                                                                                              0x7ff78ec6d3cc
                                                                                                                                                              0x7ff78ec6d3ce
                                                                                                                                                              0x7ff78ec6d3d3
                                                                                                                                                              0x7ff78ec6d3e0
                                                                                                                                                              0x7ff78ec6d3e4
                                                                                                                                                              0x7ff78ec6d3ed
                                                                                                                                                              0x7ff78ec6d3f6
                                                                                                                                                              0x7ff78ec6d3ff
                                                                                                                                                              0x7ff78ec6d408
                                                                                                                                                              0x7ff78ec6d40c
                                                                                                                                                              0x7ff78ec6d41c
                                                                                                                                                              0x7ff78ec6d424
                                                                                                                                                              0x7ff78ec6d429
                                                                                                                                                              0x7ff78ec6d42e
                                                                                                                                                              0x7ff78ec6d433
                                                                                                                                                              0x7ff78ec6d43a
                                                                                                                                                              0x7ff78ec6d456

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                              • Opcode ID: b811f9d035f1e051f4446d81a48ba224ae6f3274d3e91807cb4f46dd0d23d8c6
                                                                                                                                                              • Instruction ID: 344e3b50cd80a5cf331a7e8ccd17df615961743d9959d4305d636d02a62c11a3
                                                                                                                                                              • Opcode Fuzzy Hash: b811f9d035f1e051f4446d81a48ba224ae6f3274d3e91807cb4f46dd0d23d8c6
                                                                                                                                                              • Instruction Fuzzy Hash: D4615D72E08B458AE710AFA5D4407AEBBA0FB44B8CF644229EF4D17BA5CF38E555C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC62CB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E00007FF77FF78EC62CB0(void* __rax, long long __rcx, char _a24, signed int _a8216) {
				void* __rbx;
				void* _t10;
				intOrPtr _t16;
				signed long long _t21;
				signed long long _t22;
				long long _t23;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t38;
				void* _t39;
				void* _t40;
				void* _t41;

				E00007FF77FF78EC6A070(0x2030, __rax, _t40, _t41);
				_t36 = _t35 - __rax;
				_t21 =  *0x8ec9d000; // 0xa1f108556e84
				_t22 = _t21 ^ _t35 - __rax;
				_a8216 = _t22;
				_t23 = __rcx;
				r8d = 0x1000;
				if (GetModuleFileNameW(??, ??, ??) != 0) goto 0x8ec62d02;
				E00007FF77FF78EC61CB0("GetModuleFileNameW", "Failed to get executable path.\n", _t38, _t39);
				goto 0x8ec62d2f;
				r8d = 0x1000;
				_t10 = E00007FF77FF78EC66E20(_t16, _t23, _t23,  &_a24, _t33, _t34, _t38);
				if (_t22 != 0) goto 0x8ec62d2a;
				E00007FF77FF78EC61C50(_t10, _t22, "Failed to convert executable path to UTF-8.\n",  &_a24, _t38, _t39);
				goto 0x8ec62d2f;
				return E00007FF77FF78EC6A040(1, 0, _a8216 ^ _t36);
			}
















                                                                                                                                                              0x7ff78ec62cb7
                                                                                                                                                              0x7ff78ec62cbc
                                                                                                                                                              0x7ff78ec62cbf
                                                                                                                                                              0x7ff78ec62cc6
                                                                                                                                                              0x7ff78ec62cc9
                                                                                                                                                              0x7ff78ec62cd1
                                                                                                                                                              0x7ff78ec62cdb
                                                                                                                                                              0x7ff78ec62ce9
                                                                                                                                                              0x7ff78ec62cf9
                                                                                                                                                              0x7ff78ec62d00
                                                                                                                                                              0x7ff78ec62d02
                                                                                                                                                              0x7ff78ec62d10
                                                                                                                                                              0x7ff78ec62d18
                                                                                                                                                              0x7ff78ec62d21
                                                                                                                                                              0x7ff78ec62d28
                                                                                                                                                              0x7ff78ec62d47

                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF78EC627A9,?,?,?,?,?,?), ref: 00007FF78EC62CE1
                                                                                                                                                                • Part of subcall function 00007FF78EC61CB0: GetLastError.KERNEL32(?,?,00000000,00007FF78EC66864,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC61CD7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                              • API String ID: 2776309574-1977442011
                                                                                                                                                              • Opcode ID: 69f9f38fb52e236f6fe3fafe9453d7a9ad04d6afb8ed0cf7924aed2a75b51a31
                                                                                                                                                              • Instruction ID: 4ed4d230c5822de5a0ca8173e066d5a3b5a2302273fc6ee52a4493869ed2df2e
                                                                                                                                                              • Opcode Fuzzy Hash: 69f9f38fb52e236f6fe3fafe9453d7a9ad04d6afb8ed0cf7924aed2a75b51a31
                                                                                                                                                              • Instruction Fuzzy Hash: 9F018421F1D64295FA65B7A0E8153F79291BF58384FE00439DD4E866A6EF3CE104C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7BF30 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E00007FF77FF78EC7BF30(void* __ecx, signed int __edx, void* __esi, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t182;
				signed int _t186;
				signed int _t193;
				signed int _t198;
				void* _t212;
				signed char _t213;
				void* _t229;
				void* _t262;
				signed long long _t263;
				signed long long _t266;
				long long _t268;
				signed long long _t270;
				long long _t275;
				long long _t277;
				long long _t279;
				intOrPtr* _t288;
				intOrPtr _t293;
				long long _t294;
				long long _t317;
				void* _t325;
				long long _t326;
				void* _t327;
				long long _t328;
				intOrPtr* _t329;
				long long _t330;
				signed char* _t331;
				signed char* _t332;
				signed char* _t333;
				intOrPtr* _t334;
				void* _t335;
				void* _t336;
				signed long long _t337;
				intOrPtr _t340;
				signed long long _t342;
				void* _t344;
				intOrPtr* _t346;
				intOrPtr _t350;
				signed long long _t355;
				signed long long _t358;
				signed long long _t360;
				void* _t363;
				long long _t364;
				long long _t366;
				char _t367;
				void* _t371;
				signed char* _t372;
				signed long long _t374;

				_t262 = _t336;
				_t335 = _t262 - 0x57;
				_t337 = _t336 - 0xe0;
				 *((long long*)(_t335 - 9)) = 0xfffffffe;
				 *((long long*)(_t262 + 8)) = __rbx;
				_t263 =  *0x8ec9d000; // 0xa1f108556e84
				 *(_t335 + 0x17) = _t263 ^ _t337;
				_t329 = __r8;
				 *((long long*)(_t335 - 0x49)) = __r8;
				_t288 = __rcx;
				_t366 =  *((intOrPtr*)(_t335 + 0x7f));
				 *((long long*)(_t335 - 0x51)) = _t366;
				 *(_t335 - 0x19) = __edx;
				_t266 = __edx >> 6;
				 *(_t335 - 0x59) = _t266;
				 *(_t335 - 0x11) = __edx;
				_t374 = __edx + __edx * 8;
				_t268 =  *((intOrPtr*)( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t266 * 8)) + 0x28 + _t374 * 8));
				 *((long long*)(_t335 - 0x29)) = _t268;
				r12d = r9d;
				_t364 = _t363 + __r8;
				 *((long long*)(_t335 - 0x71)) = _t364;
				 *((intOrPtr*)(_t335 - 0x61)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)(_t366 + 0x28)) != dil) goto 0x8ec7bfd0;
				E00007FF77FF78EC735D0(_t268, __rcx, _t366, __r8);
				_t24 = _t366 + 0x18; // 0x58d48cccccccccc
				_t293 =  *_t24;
				r8d =  *(_t293 + 0xc);
				 *(_t335 - 0x5d) = r8d;
				 *_t288 = _t268;
				 *((intOrPtr*)(_t288 + 8)) = 0;
				if ( *((intOrPtr*)(_t335 - 0x49)) - _t364 >= 0) goto 0x8ec7c390;
				_t270 = __edx >> 6;
				 *(_t335 - 0x21) = _t270;
				 *((char*)(_t337 + 0x40)) =  *_t329;
				 *((intOrPtr*)(_t335 - 0x7d)) = 0;
				r12d = 1;
				if (r8d != 0xfde9) goto 0x8ec7c198;
				_t346 = 0x3e + _t374 * 8 +  *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t270 * 8));
				if ( *_t346 == dil) goto 0x8ec7c04c;
				_t371 = _t328 + 1;
				if (_t371 - 5 < 0) goto 0x8ec7c039;
				if (_t371 == 0) goto 0x8ec7c12a;
				r12d =  *((char*)(_t293 + 0x7ff78ec9d2d0));
				r12d = r12d + 1;
				_t182 = r12d - 1;
				 *((intOrPtr*)(_t335 - 0x69)) = _t182;
				_t340 = _t182;
				if (_t340 -  *((intOrPtr*)(_t335 - 0x71)) - _t329 > 0) goto 0x8ec7c2ff;
				_t294 = _t328;
				 *((char*)(_t335 + _t294 - 1)) =  *_t346;
				if (_t294 + 1 - _t371 < 0) goto 0x8ec7c091;
				if (_t340 <= 0) goto 0x8ec7c0c2;
				E00007FF77FF78EC6ADF0();
				_t317 = _t328;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 +  *(_t335 - 0x59) * 8)) + _t317 + 0x3e + _t374 * 8)) = dil;
				if (_t317 + 1 - _t371 < 0) goto 0x8ec7c0c5;
				 *((long long*)(_t335 - 0x41)) = _t328;
				_t275 = _t335 - 1;
				 *((long long*)(_t335 - 0x39)) = _t275;
				_t186 = (0 | r12d == 0x00000004) + 1;
				r12d = _t186;
				r8d = _t186;
				 *((long long*)(_t337 + 0x20)) = _t366;
				E00007FF77FF78EC7F938(_t275, _t288, _t335 - 0x7d, _t335 - 0x39, _t340, _t335 - 0x41);
				if (_t275 == 0xffffffff) goto 0x8ec7c390;
				_t330 = _t329 +  *((intOrPtr*)(_t335 - 0x69)) - 1;
				goto 0x8ec7c22d;
				_t367 =  *((char*)(_t275 + 0x7ff78ec9d2d0));
				_t212 = _t367 + 1;
				_t342 =  *((intOrPtr*)(_t335 - 0x71)) - _t330;
				if (_t212 - _t342 > 0) goto 0x8ec7c32d;
				 *((long long*)(_t335 - 0x69)) = _t328;
				 *((long long*)(_t335 - 0x31)) = _t330;
				_t193 = (0 | _t212 == 0x00000004) + 1;
				r14d = _t193;
				r8d = _t193;
				_t277 =  *((intOrPtr*)(_t335 - 0x51));
				 *((long long*)(_t337 + 0x20)) = _t277;
				E00007FF77FF78EC7F938(_t277, _t288, _t335 - 0x7d, _t335 - 0x31, _t342, _t335 - 0x69);
				if (_t277 == 0xffffffff) goto 0x8ec7c390;
				_t331 = _t330 + _t367;
				r12d = r14d;
				_t368 =  *((intOrPtr*)(_t335 - 0x51));
				goto 0x8ec7c22d;
				_t358 =  *(_t335 - 0x59);
				_t350 =  *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t358 * 8));
				_t213 =  *(_t350 + 0x3d + _t374 * 8);
				if ((_t213 & 0x00000004) == 0) goto 0x8ec7c1cf;
				 *((char*)(_t335 + 7)) =  *((intOrPtr*)(_t350 + 0x3e + _t374 * 8));
				 *((char*)(_t335 + 8)) =  *_t331;
				 *(_t350 + 0x3d + _t374 * 8) = _t213 & 0x000000fb;
				r8d = 2;
				goto 0x8ec7c218;
				r8d =  *_t331 & 0x000000ff;
				_t102 = _t368 + 0x18; // 0x58d48cccccccccc
				if ( *((intOrPtr*)( *((intOrPtr*)( *_t102)) + _t342 * 2)) >= 0) goto 0x8ec7c212;
				_t372 =  &(_t331[1]);
				if (_t372 -  *((intOrPtr*)(_t335 - 0x71)) >= 0) goto 0x8ec7c36b;
				r8d = 2;
				if (E00007FF77FF78EC7E0A0(_t213 & 0x000000fb, _t229, _t288, _t335 - 0x7d, _t331, _t328, _t331, _t335, _t342,  *((intOrPtr*)(_t335 - 0x51))) == 0xffffffff) goto 0x8ec7c390;
				_t332 = _t372;
				goto 0x8ec7c22d;
				_t198 = E00007FF77FF78EC7E0A0(_t213 & 0x000000fb, _t229, _t288, _t335 - 0x7d, _t332, _t328, _t332, _t335, _t364,  *((intOrPtr*)(_t335 - 0x51)));
				if (_t198 == 0xffffffff) goto 0x8ec7c390;
				_t333 =  &(_t332[1]);
				 *((long long*)(_t337 + 0x38)) = _t328;
				 *((long long*)(_t337 + 0x30)) = _t328;
				 *((intOrPtr*)(_t337 + 0x28)) = 5;
				_t279 = _t335 + 0xf;
				 *((long long*)(_t337 + 0x20)) = _t279;
				r9d = r12d;
				_t344 = _t335 - 0x7d;
				E00007FF77FF78EC7F4A4();
				r14d = _t198;
				if (_t198 == 0) goto 0x8ec7c390;
				 *((long long*)(_t337 + 0x20)) = _t328;
				r8d = _t198;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8ec7c388;
				 *((intOrPtr*)(_t288 + 4)) = __esi -  *((intOrPtr*)(_t335 - 0x49)) +  *((intOrPtr*)(_t288 + 8));
				if ( *((intOrPtr*)(_t335 - 0x79)) - r14d < 0) goto 0x8ec7c390;
				if ( *((char*)(_t337 + 0x40)) != 0xa) goto 0x8ec7c2e8;
				 *((short*)(_t337 + 0x40)) = 0xd;
				 *((long long*)(_t337 + 0x20)) = _t328;
				_t128 = _t279 - 0xc; // 0x1
				r8d = _t128;
				_t325 = _t337 + 0x40;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8ec7c388;
				if ( *((intOrPtr*)(_t335 - 0x79)) - 1 < 0) goto 0x8ec7c390;
				 *((intOrPtr*)(_t288 + 8)) =  *((intOrPtr*)(_t288 + 8)) + 1;
				 *((intOrPtr*)(_t288 + 4)) =  *((intOrPtr*)(_t288 + 4)) + 1;
				if (_t333 -  *((intOrPtr*)(_t335 - 0x71)) >= 0) goto 0x8ec7c390;
				r8d =  *(_t335 - 0x5d);
				goto 0x8ec7bffb;
				if (_t325 <= 0) goto 0x8ec7c328;
				_t334 = _t333 - _t372;
				 *((char*)( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t358 * 8)) + _t372 + 0x3e + _t374 * 8)) =  *((intOrPtr*)(_t334 + _t372));
				if (1 - _t325 < 0) goto 0x8ec7c307;
				 *((intOrPtr*)(_t288 + 4)) =  *((intOrPtr*)(_t288 + 4)) +  *((intOrPtr*)(_t288 + 4));
				goto 0x8ec7c390;
				if (_t344 <= 0) goto 0x8ec7c365;
				_t326 = _t328;
				_t360 =  *(_t335 - 0x19) >> 6;
				_t355 =  *(_t335 - 0x11) +  *(_t335 - 0x11) * 8;
				 *((char*)( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t360 * 8)) + _t355 * 8 + _t326 + 0x3e)) =  *((intOrPtr*)(_t326 + _t334));
				_t327 = _t326 + 1;
				if (2 - _t344 < 0) goto 0x8ec7c345;
				 *((intOrPtr*)(_t288 + 4)) =  *((intOrPtr*)(_t288 + 4)) + r8d;
				goto 0x8ec7c390;
				 *((char*)(_t355 + 0x3e + _t374 * 8)) =  *_t334;
				 *( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t360 * 8)) + 0x3d + _t374 * 8) =  *( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t360 * 8)) + 0x3d + _t374 * 8) | 0x00000004;
				_t174 = _t327 + 1; // 0x1
				 *((intOrPtr*)(_t288 + 4)) = _t174;
				goto 0x8ec7c390;
				 *_t288 = GetLastError();
				return E00007FF77FF78EC6A040(_t206,  *((intOrPtr*)(_t335 - 0x61)),  *(_t335 + 0x17) ^ _t337);
			}





















































                                                                                                                                                              0x7ff78ec7bf30
                                                                                                                                                              0x7ff78ec7bf3e
                                                                                                                                                              0x7ff78ec7bf42
                                                                                                                                                              0x7ff78ec7bf49
                                                                                                                                                              0x7ff78ec7bf51
                                                                                                                                                              0x7ff78ec7bf55
                                                                                                                                                              0x7ff78ec7bf5f
                                                                                                                                                              0x7ff78ec7bf63
                                                                                                                                                              0x7ff78ec7bf66
                                                                                                                                                              0x7ff78ec7bf6d
                                                                                                                                                              0x7ff78ec7bf70
                                                                                                                                                              0x7ff78ec7bf74
                                                                                                                                                              0x7ff78ec7bf7b
                                                                                                                                                              0x7ff78ec7bf82
                                                                                                                                                              0x7ff78ec7bf86
                                                                                                                                                              0x7ff78ec7bf94
                                                                                                                                                              0x7ff78ec7bf98
                                                                                                                                                              0x7ff78ec7bfa4
                                                                                                                                                              0x7ff78ec7bfa9
                                                                                                                                                              0x7ff78ec7bfad
                                                                                                                                                              0x7ff78ec7bfb0
                                                                                                                                                              0x7ff78ec7bfb3
                                                                                                                                                              0x7ff78ec7bfbd
                                                                                                                                                              0x7ff78ec7bfc6
                                                                                                                                                              0x7ff78ec7bfcb
                                                                                                                                                              0x7ff78ec7bfd0
                                                                                                                                                              0x7ff78ec7bfd0
                                                                                                                                                              0x7ff78ec7bfd4
                                                                                                                                                              0x7ff78ec7bfd8
                                                                                                                                                              0x7ff78ec7bfde
                                                                                                                                                              0x7ff78ec7bfe1
                                                                                                                                                              0x7ff78ec7bfe8
                                                                                                                                                              0x7ff78ec7bff1
                                                                                                                                                              0x7ff78ec7bff5
                                                                                                                                                              0x7ff78ec7bffd
                                                                                                                                                              0x7ff78ec7c001
                                                                                                                                                              0x7ff78ec7c004
                                                                                                                                                              0x7ff78ec7c018
                                                                                                                                                              0x7ff78ec7c033
                                                                                                                                                              0x7ff78ec7c03c
                                                                                                                                                              0x7ff78ec7c040
                                                                                                                                                              0x7ff78ec7c04a
                                                                                                                                                              0x7ff78ec7c04f
                                                                                                                                                              0x7ff78ec7c067
                                                                                                                                                              0x7ff78ec7c070
                                                                                                                                                              0x7ff78ec7c076
                                                                                                                                                              0x7ff78ec7c078
                                                                                                                                                              0x7ff78ec7c082
                                                                                                                                                              0x7ff78ec7c088
                                                                                                                                                              0x7ff78ec7c08e
                                                                                                                                                              0x7ff78ec7c094
                                                                                                                                                              0x7ff78ec7c0a1
                                                                                                                                                              0x7ff78ec7c0a6
                                                                                                                                                              0x7ff78ec7c0b2
                                                                                                                                                              0x7ff78ec7c0c2
                                                                                                                                                              0x7ff78ec7c0d0
                                                                                                                                                              0x7ff78ec7c0db
                                                                                                                                                              0x7ff78ec7c0dd
                                                                                                                                                              0x7ff78ec7c0e1
                                                                                                                                                              0x7ff78ec7c0e5
                                                                                                                                                              0x7ff78ec7c0f2
                                                                                                                                                              0x7ff78ec7c0f4
                                                                                                                                                              0x7ff78ec7c0f7
                                                                                                                                                              0x7ff78ec7c0fa
                                                                                                                                                              0x7ff78ec7c10b
                                                                                                                                                              0x7ff78ec7c114
                                                                                                                                                              0x7ff78ec7c122
                                                                                                                                                              0x7ff78ec7c125
                                                                                                                                                              0x7ff78ec7c12d
                                                                                                                                                              0x7ff78ec7c136
                                                                                                                                                              0x7ff78ec7c13e
                                                                                                                                                              0x7ff78ec7c147
                                                                                                                                                              0x7ff78ec7c14d
                                                                                                                                                              0x7ff78ec7c151
                                                                                                                                                              0x7ff78ec7c15d
                                                                                                                                                              0x7ff78ec7c15f
                                                                                                                                                              0x7ff78ec7c162
                                                                                                                                                              0x7ff78ec7c165
                                                                                                                                                              0x7ff78ec7c169
                                                                                                                                                              0x7ff78ec7c17a
                                                                                                                                                              0x7ff78ec7c183
                                                                                                                                                              0x7ff78ec7c189
                                                                                                                                                              0x7ff78ec7c18c
                                                                                                                                                              0x7ff78ec7c18f
                                                                                                                                                              0x7ff78ec7c193
                                                                                                                                                              0x7ff78ec7c198
                                                                                                                                                              0x7ff78ec7c19c
                                                                                                                                                              0x7ff78ec7c1a4
                                                                                                                                                              0x7ff78ec7c1ac
                                                                                                                                                              0x7ff78ec7c1b3
                                                                                                                                                              0x7ff78ec7c1b8
                                                                                                                                                              0x7ff78ec7c1be
                                                                                                                                                              0x7ff78ec7c1c3
                                                                                                                                                              0x7ff78ec7c1cd
                                                                                                                                                              0x7ff78ec7c1cf
                                                                                                                                                              0x7ff78ec7c1d3
                                                                                                                                                              0x7ff78ec7c1df
                                                                                                                                                              0x7ff78ec7c1e1
                                                                                                                                                              0x7ff78ec7c1e9
                                                                                                                                                              0x7ff78ec7c1f2
                                                                                                                                                              0x7ff78ec7c207
                                                                                                                                                              0x7ff78ec7c20d
                                                                                                                                                              0x7ff78ec7c210
                                                                                                                                                              0x7ff78ec7c21f
                                                                                                                                                              0x7ff78ec7c227
                                                                                                                                                              0x7ff78ec7c22d
                                                                                                                                                              0x7ff78ec7c230
                                                                                                                                                              0x7ff78ec7c235
                                                                                                                                                              0x7ff78ec7c23a
                                                                                                                                                              0x7ff78ec7c242
                                                                                                                                                              0x7ff78ec7c246
                                                                                                                                                              0x7ff78ec7c24b
                                                                                                                                                              0x7ff78ec7c24e
                                                                                                                                                              0x7ff78ec7c257
                                                                                                                                                              0x7ff78ec7c25c
                                                                                                                                                              0x7ff78ec7c261
                                                                                                                                                              0x7ff78ec7c267
                                                                                                                                                              0x7ff78ec7c270
                                                                                                                                                              0x7ff78ec7c286
                                                                                                                                                              0x7ff78ec7c294
                                                                                                                                                              0x7ff78ec7c29b
                                                                                                                                                              0x7ff78ec7c2a6
                                                                                                                                                              0x7ff78ec7c2ad
                                                                                                                                                              0x7ff78ec7c2b2
                                                                                                                                                              0x7ff78ec7c2bb
                                                                                                                                                              0x7ff78ec7c2bb
                                                                                                                                                              0x7ff78ec7c2bf
                                                                                                                                                              0x7ff78ec7c2cf
                                                                                                                                                              0x7ff78ec7c2d9
                                                                                                                                                              0x7ff78ec7c2df
                                                                                                                                                              0x7ff78ec7c2e2
                                                                                                                                                              0x7ff78ec7c2ec
                                                                                                                                                              0x7ff78ec7c2f6
                                                                                                                                                              0x7ff78ec7c2fa
                                                                                                                                                              0x7ff78ec7c302
                                                                                                                                                              0x7ff78ec7c304
                                                                                                                                                              0x7ff78ec7c316
                                                                                                                                                              0x7ff78ec7c326
                                                                                                                                                              0x7ff78ec7c328
                                                                                                                                                              0x7ff78ec7c32b
                                                                                                                                                              0x7ff78ec7c330
                                                                                                                                                              0x7ff78ec7c332
                                                                                                                                                              0x7ff78ec7c339
                                                                                                                                                              0x7ff78ec7c341
                                                                                                                                                              0x7ff78ec7c354
                                                                                                                                                              0x7ff78ec7c35a
                                                                                                                                                              0x7ff78ec7c363
                                                                                                                                                              0x7ff78ec7c365
                                                                                                                                                              0x7ff78ec7c369
                                                                                                                                                              0x7ff78ec7c36d
                                                                                                                                                              0x7ff78ec7c37a
                                                                                                                                                              0x7ff78ec7c380
                                                                                                                                                              0x7ff78ec7c383
                                                                                                                                                              0x7ff78ec7c386
                                                                                                                                                              0x7ff78ec7c38e
                                                                                                                                                              0x7ff78ec7c3b9

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2718003287-0
                                                                                                                                                              • Opcode ID: 462450d4d902cffcc5a3d4bd936668fc75f0525f5455500ffb60ea8cc1aab69e
                                                                                                                                                              • Instruction ID: d1dd2c036b67977e59942677afcf8d8bddb20bbc5f7ed20d0531c9be7ba05a64
                                                                                                                                                              • Opcode Fuzzy Hash: 462450d4d902cffcc5a3d4bd936668fc75f0525f5455500ffb60ea8cc1aab69e
                                                                                                                                                              • Instruction Fuzzy Hash: F8D1E332F08A8299E710DFB9D8405ACBBB1FB48798B604236DE5E57B95DF38D406C750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC85A38 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00007FF77FF78EC85A38(signed int __edx, void* __eflags, intOrPtr* __rax, long long __rbx, signed char* __rcx, long long __rbp, long long _a8, char _a16, long long _a24) {
				signed int _t43;
				signed int _t55;
				signed int _t57;
				signed int _t73;
				void* _t96;
				signed int _t106;

				_a8 = __rbx;
				_a24 = __rbp;
				 *__rcx = 0;
				r14d = r9d;
				_t73 = __edx;
				if (__eflags == 0) goto 0x8ec85aad;
				if (__eflags == 0) goto 0x8ec85a89;
				if ((__edx & 0x00000003) - 1 == 1) goto 0x8ec85a82;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec85ab2;
				goto 0x8ec85ab2;
				asm("sbb ecx, ecx");
				goto 0x8ec85ab2;
				__rcx[4] = 0x80000000;
				_t43 = _t73 & 0x00000700;
				if ((dil & 0x00000008) == 0) goto 0x8ec85b21;
				if (_t43 == 0x100) goto 0x8ec85b1a;
				if (_t43 == 0x200) goto 0x8ec85b13;
				if (_t43 == 0x300) goto 0x8ec85b0c;
				if (_t43 == 0x400) goto 0x8ec85b21;
				if (_t43 == 0x500) goto 0x8ec85b05;
				if (_t43 == 0x600) goto 0x8ec85b13;
				_t96 = _t43 - 0x700;
				if (_t96 == 0) goto 0x8ec85b05;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec85b26;
				goto 0x8ec85b26;
				goto 0x8ec85b26;
				goto 0x8ec85b26;
				goto 0x8ec85b26;
				__rcx[8] = 3;
				if (_t96 == 0) goto 0x8ec85b77;
				if (_t96 == 0) goto 0x8ec85b70;
				if (_t96 == 0) goto 0x8ec85b69;
				if (_t96 == 0) goto 0x8ec85b62;
				if (r8d - 0xffffffffffffffe0 == 0x40) goto 0x8ec85b54;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec85b79;
				sil = __rcx[4] == 0x80000000;
				goto 0x8ec85b79;
				goto 0x8ec85b79;
				goto 0x8ec85b79;
				goto 0x8ec85b79;
				__rcx[0x14] = __rcx[0x14] & 0x00000000;
				__rcx[0xc] = 0;
				__rcx[0x10] = 0x80;
				if (dil >= 0) goto 0x8ec85b8f;
				 *__rcx =  *__rcx | 0x00000010;
				if ((0x00008000 & _t73) != 0) goto 0x8ec85bb7;
				if ((_t73 & 0x00074000) != 0) goto 0x8ec85bb4;
				if (E00007FF77FF78EC7557C(__rax,  &_a16) != 0) goto 0x8ec85c2c;
				if (_a16 == 0x8000) goto 0x8ec85bb7;
				 *__rcx =  *__rcx | 0x00000080;
				if ((0x00000100 & _t73) == 0) goto 0x8ec85bd6;
				_t55 =  *0x8ecad3b8; // 0x0
				_t57 =  !_t55 & r14d;
				if (_t57 < 0) goto 0x8ec85bd6;
				__rcx[0x10] = 1;
				_t106 = dil & 0x00000040;
				if (_t106 == 0) goto 0x8ec85bea;
				asm("bts dword [ebx+0x14], 0x1a");
				asm("bts dword [ebx+0x4], 0x10");
				__rcx[0xc] = __rcx[0xc] | 0x00000004;
				asm("bt edi, 0xc");
				if (_t106 >= 0) goto 0x8ec85bf3;
				__rcx[0x10] = __rcx[0x10] | 0x00000100;
				asm("bt edi, 0xd");
				if (_t106 >= 0) goto 0x8ec85bfe;
				asm("bts dword [ebx+0x14], 0x19");
				if ((dil & 0x00000020) == 0) goto 0x8ec85c0b;
				asm("bts dword [ebx+0x14], 0x1b");
				goto 0x8ec85c16;
				if ((dil & 0x00000010) == 0) goto 0x8ec85c16;
				asm("bts dword [ebx+0x14], 0x1c");
				return _t57;
			}









                                                                                                                                                              0x7ff78ec85a38
                                                                                                                                                              0x7ff78ec85a3d
                                                                                                                                                              0x7ff78ec85a4d
                                                                                                                                                              0x7ff78ec85a52
                                                                                                                                                              0x7ff78ec85a58
                                                                                                                                                              0x7ff78ec85a62
                                                                                                                                                              0x7ff78ec85a67
                                                                                                                                                              0x7ff78ec85a6c
                                                                                                                                                              0x7ff78ec85a6e
                                                                                                                                                              0x7ff78ec85a73
                                                                                                                                                              0x7ff78ec85a79
                                                                                                                                                              0x7ff78ec85a80
                                                                                                                                                              0x7ff78ec85a87
                                                                                                                                                              0x7ff78ec85a9d
                                                                                                                                                              0x7ff78ec85aab
                                                                                                                                                              0x7ff78ec85ab4
                                                                                                                                                              0x7ff78ec85abc
                                                                                                                                                              0x7ff78ec85abe
                                                                                                                                                              0x7ff78ec85ac5
                                                                                                                                                              0x7ff78ec85acc
                                                                                                                                                              0x7ff78ec85ad3
                                                                                                                                                              0x7ff78ec85ada
                                                                                                                                                              0x7ff78ec85ae1
                                                                                                                                                              0x7ff78ec85ae8
                                                                                                                                                              0x7ff78ec85aea
                                                                                                                                                              0x7ff78ec85aec
                                                                                                                                                              0x7ff78ec85aee
                                                                                                                                                              0x7ff78ec85af3
                                                                                                                                                              0x7ff78ec85af9
                                                                                                                                                              0x7ff78ec85b03
                                                                                                                                                              0x7ff78ec85b0a
                                                                                                                                                              0x7ff78ec85b11
                                                                                                                                                              0x7ff78ec85b18
                                                                                                                                                              0x7ff78ec85b1f
                                                                                                                                                              0x7ff78ec85b26
                                                                                                                                                              0x7ff78ec85b2c
                                                                                                                                                              0x7ff78ec85b31
                                                                                                                                                              0x7ff78ec85b36
                                                                                                                                                              0x7ff78ec85b3b
                                                                                                                                                              0x7ff78ec85b40
                                                                                                                                                              0x7ff78ec85b42
                                                                                                                                                              0x7ff78ec85b47
                                                                                                                                                              0x7ff78ec85b4d
                                                                                                                                                              0x7ff78ec85b52
                                                                                                                                                              0x7ff78ec85b5c
                                                                                                                                                              0x7ff78ec85b60
                                                                                                                                                              0x7ff78ec85b67
                                                                                                                                                              0x7ff78ec85b6e
                                                                                                                                                              0x7ff78ec85b75
                                                                                                                                                              0x7ff78ec85b79
                                                                                                                                                              0x7ff78ec85b7d
                                                                                                                                                              0x7ff78ec85b80
                                                                                                                                                              0x7ff78ec85b8a
                                                                                                                                                              0x7ff78ec85b8c
                                                                                                                                                              0x7ff78ec85b96
                                                                                                                                                              0x7ff78ec85b9e
                                                                                                                                                              0x7ff78ec85bac
                                                                                                                                                              0x7ff78ec85bb2
                                                                                                                                                              0x7ff78ec85bb4
                                                                                                                                                              0x7ff78ec85bbe
                                                                                                                                                              0x7ff78ec85bc0
                                                                                                                                                              0x7ff78ec85bc8
                                                                                                                                                              0x7ff78ec85bcd
                                                                                                                                                              0x7ff78ec85bcf
                                                                                                                                                              0x7ff78ec85bd6
                                                                                                                                                              0x7ff78ec85bda
                                                                                                                                                              0x7ff78ec85bdc
                                                                                                                                                              0x7ff78ec85be1
                                                                                                                                                              0x7ff78ec85be6
                                                                                                                                                              0x7ff78ec85bea
                                                                                                                                                              0x7ff78ec85bee
                                                                                                                                                              0x7ff78ec85bf0
                                                                                                                                                              0x7ff78ec85bf3
                                                                                                                                                              0x7ff78ec85bf7
                                                                                                                                                              0x7ff78ec85bf9
                                                                                                                                                              0x7ff78ec85c02
                                                                                                                                                              0x7ff78ec85c04
                                                                                                                                                              0x7ff78ec85c09
                                                                                                                                                              0x7ff78ec85c0f
                                                                                                                                                              0x7ff78ec85c11
                                                                                                                                                              0x7ff78ec85c2b

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 72036449-0
                                                                                                                                                              • Opcode ID: 8a406785a72c892738552bbb2d3a95dfeca04d9c4dd013807edb0ef2ae62de69
                                                                                                                                                              • Instruction ID: 96e18da4cb21ae8345940b5a14e844e49c220d24b005e955262596af12a3d768
                                                                                                                                                              • Opcode Fuzzy Hash: 8a406785a72c892738552bbb2d3a95dfeca04d9c4dd013807edb0ef2ae62de69
                                                                                                                                                              • Instruction Fuzzy Hash: 1151A032E0C22246F7696AA8D605379E680FB60714FF94039DA0D472D6DBBCE840C672
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC84CE4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FF77FF78EC84CE4(void* __ebx, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __r8, void* __r9, void* __r10, long long _a8, long long _a16) {
				char _v16;
				intOrPtr _v32;
				char _v40;
				signed long long _v48;
				signed long long _v56;
				intOrPtr _v64;
				long long _v72;
				void* _t28;
				void* _t29;
				long long _t57;

				_t29 = __ebx;
				_a8 = __rbx;
				_a16 = __rsi;
				_t57 = __r8;
				if (E00007FF77FF78EC80C50(__rax, __r9, __rdx, __rdx, __r8, __rcx, __r9) != 0) goto 0x8ec84db1;
				E00007FF77FF78EC74824(__rax, __r9,  &_v40, __rdx, __r8);
				if ( *((intOrPtr*)(_v32 + 0xc)) != 0xfde9) goto 0x8ec84d44;
				if (_v16 == 0) goto 0x8ec84d7b;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				goto 0x8ec84d7b;
				_t28 = E00007FF77FF78EC7E4D8(_v16, _v40);
				if (_t28 != 0) goto 0x8ec84d66;
				if (_v16 == _t28) goto 0x8ec84d5f;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				goto 0x8ec84d7b;
				if (_v16 == 0) goto 0x8ec84d79;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				_v48 = _v48 & 0x00000000;
				r9d = _t29;
				_v56 = _v56 & 0x00000000;
				_v64 = 0x3f;
				_v72 = _t57;
				E00007FF77FF78EC7F4A4();
				return _t28;
			}













                                                                                                                                                              0x7ff78ec84ce4
                                                                                                                                                              0x7ff78ec84ce4
                                                                                                                                                              0x7ff78ec84ce9
                                                                                                                                                              0x7ff78ec84cf6
                                                                                                                                                              0x7ff78ec84d10
                                                                                                                                                              0x7ff78ec84d1b
                                                                                                                                                              0x7ff78ec84d2d
                                                                                                                                                              0x7ff78ec84d34
                                                                                                                                                              0x7ff78ec84d3b
                                                                                                                                                              0x7ff78ec84d42
                                                                                                                                                              0x7ff78ec84d44
                                                                                                                                                              0x7ff78ec84d4b
                                                                                                                                                              0x7ff78ec84d51
                                                                                                                                                              0x7ff78ec84d58
                                                                                                                                                              0x7ff78ec84d64
                                                                                                                                                              0x7ff78ec84d6b
                                                                                                                                                              0x7ff78ec84d72
                                                                                                                                                              0x7ff78ec84d7b
                                                                                                                                                              0x7ff78ec84d81
                                                                                                                                                              0x7ff78ec84d84
                                                                                                                                                              0x7ff78ec84d8d
                                                                                                                                                              0x7ff78ec84d97
                                                                                                                                                              0x7ff78ec84d9c
                                                                                                                                                              0x7ff78ec84db0

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                              • String ID: ?
                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                              • Opcode ID: bce607ece9376f72a0087ebccefc344875d207fa92e37d697f16642748ff1bb3
                                                                                                                                                              • Instruction ID: b89861414213570f6006d0c03a1c7fcc3ba20e74c22f0db98c4c78a4fec0d86f
                                                                                                                                                              • Opcode Fuzzy Hash: bce607ece9376f72a0087ebccefc344875d207fa92e37d697f16642748ff1bb3
                                                                                                                                                              • Instruction Fuzzy Hash: 5741F722E0869242FB60ABA5E6113BAE690FB81BA4FA04235EF5C06BD5DF3CD441C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC78314 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 54%
                                                                                                                                                              			E00007FF77FF78EC78314(void* __ecx, intOrPtr* __rax, long long __rbx, void* __rcx, void* __r8, long long _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t30;
				intOrPtr _t36;
				intOrPtr _t42;
				intOrPtr* _t65;
				long long _t71;
				void* _t73;
				long long _t87;
				signed int _t88;
				intOrPtr* _t89;
				void* _t99;

				_t73 = __rcx;
				_a8 = __rbx;
				r14d = __ecx;
				if (__ecx == 0) goto 0x8ec78483;
				_t2 = _t73 - 1; // -1
				if (_t2 - 1 <= 0) goto 0x8ec78352;
				E00007FF77FF78EC75E08(__rax);
				_t3 = _t88 + 0x16; // 0x16
				_t42 = _t3;
				 *__rax = _t42;
				E00007FF77FF78EC7A250();
				goto 0x8ec78483;
				r8d = 0x104;
				GetModuleFileNameW(??, ??, ??);
				_t89 =  *0x8ecac768; // 0x2176c61222a
				 *0x8ecac740 = 0x8ecac7c0;
				if (_t89 == 0) goto 0x8ec78382;
				if ( *_t89 != _t42) goto 0x8ec78385;
				_t65 =  &_a32;
				_a24 = _t88;
				_v56 = _t65;
				r8d = 0;
				_a32 = _t88;
				_t30 = E00007FF77FF78EC78110(0x8ecac7c0, 0x8ecac7c0, 0x8ecac7c0, _t88, 0x8ecac7c0, __r8,  &_a24, _t99);
				r8d = 2;
				E00007FF77FF78EC782B4(_t30, _a24, _a32, __r8);
				_t71 = _t65;
				if (_t65 != 0) goto 0x8ec783dd;
				E00007FF77FF78EC75E08(_t65);
				 *_t65 = 0xc;
				E00007FF77FF78EC7A2B8(_t65, _a24);
				goto 0x8ec7834b;
				_v56 =  &_a32;
				E00007FF77FF78EC78110(_t71, 0x8ecac7c0, _t71, _t88, 0x8ecac7c0, _t65 + _a24 * 8,  &_a24, _t99);
				if (r14d != 1) goto 0x8ec78415;
				_t36 = _a24 - 1;
				 *0x8ecac758 = _t71;
				 *0x8ecac748 = _t36;
				goto 0x8ec7847e;
				_a16 = _t88;
				0x8ec812e0();
				if (_t36 == 0) goto 0x8ec78444;
				E00007FF77FF78EC7A2B8( &_a32, _a16);
				_a16 = _t88;
				E00007FF77FF78EC7A2B8( &_a32, _t71);
				goto 0x8ec78483;
				_t87 = _a16;
				if ( *_t87 == _t88) goto 0x8ec7845f;
				if ( *((intOrPtr*)(_t87 + 8)) != _t88) goto 0x8ec78453;
				 *0x8ecac748 = 0;
				_a16 = _t88;
				 *0x8ecac758 = _t87;
				E00007FF77FF78EC7A2B8(_t87 + 8, _t88 + 1);
				_a16 = _t88;
				E00007FF77FF78EC7A2B8(_t87 + 8, _t71);
				return _t36;
			}

















                                                                                                                                                              0x7ff78ec78314
                                                                                                                                                              0x7ff78ec78314
                                                                                                                                                              0x7ff78ec78329
                                                                                                                                                              0x7ff78ec7832e
                                                                                                                                                              0x7ff78ec78334
                                                                                                                                                              0x7ff78ec7833a
                                                                                                                                                              0x7ff78ec7833c
                                                                                                                                                              0x7ff78ec78341
                                                                                                                                                              0x7ff78ec78341
                                                                                                                                                              0x7ff78ec78344
                                                                                                                                                              0x7ff78ec78346
                                                                                                                                                              0x7ff78ec7834d
                                                                                                                                                              0x7ff78ec78359
                                                                                                                                                              0x7ff78ec78364
                                                                                                                                                              0x7ff78ec7836a
                                                                                                                                                              0x7ff78ec78371
                                                                                                                                                              0x7ff78ec7837b
                                                                                                                                                              0x7ff78ec78380
                                                                                                                                                              0x7ff78ec78385
                                                                                                                                                              0x7ff78ec78389
                                                                                                                                                              0x7ff78ec78391
                                                                                                                                                              0x7ff78ec78396
                                                                                                                                                              0x7ff78ec78399
                                                                                                                                                              0x7ff78ec783a2
                                                                                                                                                              0x7ff78ec783ab
                                                                                                                                                              0x7ff78ec783b8
                                                                                                                                                              0x7ff78ec783bd
                                                                                                                                                              0x7ff78ec783c3
                                                                                                                                                              0x7ff78ec783c5
                                                                                                                                                              0x7ff78ec783d1
                                                                                                                                                              0x7ff78ec783d3
                                                                                                                                                              0x7ff78ec783d8
                                                                                                                                                              0x7ff78ec783ef
                                                                                                                                                              0x7ff78ec783f4
                                                                                                                                                              0x7ff78ec783fd
                                                                                                                                                              0x7ff78ec78402
                                                                                                                                                              0x7ff78ec78404
                                                                                                                                                              0x7ff78ec7840b
                                                                                                                                                              0x7ff78ec78413
                                                                                                                                                              0x7ff78ec78419
                                                                                                                                                              0x7ff78ec78420
                                                                                                                                                              0x7ff78ec78429
                                                                                                                                                              0x7ff78ec7842f
                                                                                                                                                              0x7ff78ec78437
                                                                                                                                                              0x7ff78ec7843b
                                                                                                                                                              0x7ff78ec78442
                                                                                                                                                              0x7ff78ec78444
                                                                                                                                                              0x7ff78ec78451
                                                                                                                                                              0x7ff78ec7845d
                                                                                                                                                              0x7ff78ec7845f
                                                                                                                                                              0x7ff78ec78467
                                                                                                                                                              0x7ff78ec7846b
                                                                                                                                                              0x7ff78ec78472
                                                                                                                                                              0x7ff78ec7847a
                                                                                                                                                              0x7ff78ec7847e
                                                                                                                                                              0x7ff78ec78495

                                                                                                                                                              APIs
                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC78346
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: RtlReleasePrivilege.NTDLL(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2CE
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: GetLastError.KERNEL32(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2D8
                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF78EC6A115), ref: 00007FF78EC78364
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastModuleNamePrivilegeRelease_invalid_parameter_noinfo
                                                                                                                                                              • String ID: C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                              • API String ID: 1752791759-3420502662
                                                                                                                                                              • Opcode ID: e19e11296164cc5f5849ee78601b9a04ecc97558caa5d883e89eb0069fe35f22
                                                                                                                                                              • Instruction ID: df3073f1a285a1878f79d74559a3852df2f328d8fdbb38272ed16cafb53a7f2c
                                                                                                                                                              • Opcode Fuzzy Hash: e19e11296164cc5f5849ee78601b9a04ecc97558caa5d883e89eb0069fe35f22
                                                                                                                                                              • Instruction Fuzzy Hash: 4C415D32E08A6286EB14AFAAD8500BDA794FB447D0BE44035EE4E43B85DF3DE481C360
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7C5DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 29%
                                                                                                                                                              			E00007FF77FF78EC7C5DC(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, void* __r10, void* __r11, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				void* _t91;
				void* _t102;
				void* _t103;

				_a8 = __rbx;
				_a24 = __rbp;
				E00007FF77FF78EC6A070(0x1470, __rax, __r10, __r11);
				_t62 =  *0x8ec9d000; // 0xa1f108556e84
				_a5176 = _t62 ^ _t91 - __rax;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t103 = _t102 + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0x8ecaca50 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t103 >= 0) goto 0x8ec7c71d;
				_t67 =  &_a40;
				if (__r8 - _t103 >= 0) goto 0x8ec7c686;
				_t41 =  *__r8 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x8ec7c672;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x8ec7c654;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FF77FF78EC7F4A4();
				if (0 == 0) goto 0x8ec7c715;
				if (0 == 0) goto 0x8ec7c705;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8ec7c715;
				if (0 + _a24 < 0) goto 0x8ec7c6d2;
				 *((intOrPtr*)(__rcx + 4)) = __edi - r15d;
				goto 0x8ec7c649;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E00007FF77FF78EC6A040(_t39, 0, _a5176 ^ _t91 - __rax);
			}












                                                                                                                                                              0x7ff78ec7c5dc
                                                                                                                                                              0x7ff78ec7c5e1
                                                                                                                                                              0x7ff78ec7c5f3
                                                                                                                                                              0x7ff78ec7c5fb
                                                                                                                                                              0x7ff78ec7c605
                                                                                                                                                              0x7ff78ec7c616
                                                                                                                                                              0x7ff78ec7c624
                                                                                                                                                              0x7ff78ec7c628
                                                                                                                                                              0x7ff78ec7c640
                                                                                                                                                              0x7ff78ec7c646
                                                                                                                                                              0x7ff78ec7c649
                                                                                                                                                              0x7ff78ec7c64f
                                                                                                                                                              0x7ff78ec7c657
                                                                                                                                                              0x7ff78ec7c659
                                                                                                                                                              0x7ff78ec7c664
                                                                                                                                                              0x7ff78ec7c66b
                                                                                                                                                              0x7ff78ec7c66e
                                                                                                                                                              0x7ff78ec7c672
                                                                                                                                                              0x7ff78ec7c684
                                                                                                                                                              0x7ff78ec7c686
                                                                                                                                                              0x7ff78ec7c691
                                                                                                                                                              0x7ff78ec7c69f
                                                                                                                                                              0x7ff78ec7c6b2
                                                                                                                                                              0x7ff78ec7c6b7
                                                                                                                                                              0x7ff78ec7c6c1
                                                                                                                                                              0x7ff78ec7c6ca
                                                                                                                                                              0x7ff78ec7c6d0
                                                                                                                                                              0x7ff78ec7c6d2
                                                                                                                                                              0x7ff78ec7c6e7
                                                                                                                                                              0x7ff78ec7c6f0
                                                                                                                                                              0x7ff78ec7c6fb
                                                                                                                                                              0x7ff78ec7c703
                                                                                                                                                              0x7ff78ec7c70a
                                                                                                                                                              0x7ff78ec7c710
                                                                                                                                                              0x7ff78ec7c71b
                                                                                                                                                              0x7ff78ec7c74b

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                              • String ID: U
                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                              • Opcode ID: 35d1ba7b3e06cf66a9a63fc15f9cdb867b526454cddcb1cc7585018f3c01db52
                                                                                                                                                              • Instruction ID: a660aec01d79664d96c2c31e29c831d90976ca5b9fb853a6e2c91cf10783d533
                                                                                                                                                              • Opcode Fuzzy Hash: 35d1ba7b3e06cf66a9a63fc15f9cdb867b526454cddcb1cc7585018f3c01db52
                                                                                                                                                              • Instruction Fuzzy Hash: 5641C532B1CA4296DB60EF69E8447AAA760FB987D4FA04031EE4D87794EF3CD541C750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7E928 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                              			E00007FF77FF78EC7E928(long long __rbx, long long __rsi, long long _a8, long long _a16) {
				void* _v8;
				signed int _v24;
				short _v550;
				signed int _v552;
				void* _t38;
				signed long long _t54;
				signed long long _t55;
				signed short* _t57;
				signed short* _t59;
				void* _t67;

				_a8 = __rbx;
				_a16 = __rsi;
				_t54 =  *0x8ec9d000; // 0xa1f108556e84
				_t55 = _t54 ^ _t67 - 0x00000240;
				_v24 = _t55;
				_t59 =  &_v552;
				r8d = 0x20a;
				E00007FF77FF78EC6B7B0();
				if (GetCurrentDirectoryW(??, ??) - 0x104 > 0) goto 0x8ec7e99c;
				if (_v552 == 0) goto 0x8ec7e9f7;
				if (_v550 != 0x3a) goto 0x8ec7e9f7;
				_t37 =  >  ? _v552 & 0x0000ffff : _t59 - 0x20;
				_t38 = ( >  ? _v552 & 0x0000ffff : _t59 - 0x20) - 0x40;
				goto 0x8ec7e9f7;
				E00007FF77FF78EC7E248(_t59 - 0x61, _t59,  &_v552);
				_t57 = _t55;
				if (_t55 == 0) goto 0x8ec7e9c4;
				if (GetCurrentDirectoryW(??, ??) != 0) goto 0x8ec7e9d1;
				E00007FF77FF78EC75E08(_t55);
				 *_t55 = 0xc;
				goto 0x8ec7e9ef;
				if ( *_t57 == 0) goto 0x8ec7e9ef;
				if (_t57[1] != 0x3a) goto 0x8ec7e9ef;
				_t41 =  >  ?  *_t57 & 0x0000ffff : _t59 - 0x20;
				_t42 = ( >  ?  *_t57 & 0x0000ffff : _t59 - 0x20) - 0x40;
				E00007FF77FF78EC7A2B8(_t55, _t57);
				_t26 = ( >  ?  *_t57 & 0x0000ffff : _t59 - 0x20) - 0x40;
				return E00007FF77FF78EC6A040(( >  ?  *_t57 & 0x0000ffff : _t59 - 0x20) - 0x40,  *_t57 & 0x0000ffff, _v24 ^ _t67 - 0x00000240);
			}













                                                                                                                                                              0x7ff78ec7e928
                                                                                                                                                              0x7ff78ec7e92d
                                                                                                                                                              0x7ff78ec7e93a
                                                                                                                                                              0x7ff78ec7e941
                                                                                                                                                              0x7ff78ec7e944
                                                                                                                                                              0x7ff78ec7e94e
                                                                                                                                                              0x7ff78ec7e953
                                                                                                                                                              0x7ff78ec7e959
                                                                                                                                                              0x7ff78ec7e973
                                                                                                                                                              0x7ff78ec7e97c
                                                                                                                                                              0x7ff78ec7e984
                                                                                                                                                              0x7ff78ec7e994
                                                                                                                                                              0x7ff78ec7e997
                                                                                                                                                              0x7ff78ec7e99a
                                                                                                                                                              0x7ff78ec7e9a6
                                                                                                                                                              0x7ff78ec7e9ad
                                                                                                                                                              0x7ff78ec7e9b3
                                                                                                                                                              0x7ff78ec7e9c2
                                                                                                                                                              0x7ff78ec7e9c4
                                                                                                                                                              0x7ff78ec7e9c9
                                                                                                                                                              0x7ff78ec7e9cf
                                                                                                                                                              0x7ff78ec7e9d4
                                                                                                                                                              0x7ff78ec7e9db
                                                                                                                                                              0x7ff78ec7e9e9
                                                                                                                                                              0x7ff78ec7e9ec
                                                                                                                                                              0x7ff78ec7e9f2
                                                                                                                                                              0x7ff78ec7e9f7
                                                                                                                                                              0x7ff78ec7ea1d

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                              • String ID: :
                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                              • Opcode ID: 9769e6ca8fb2a8de9264a6bf9dfaf679a4c219dd4368c191bd7920ad95472fbf
                                                                                                                                                              • Instruction ID: fbea40fef6953d7904da8c200e734f53f283e0e8fcd8969cdd30329ab7e2d03c
                                                                                                                                                              • Opcode Fuzzy Hash: 9769e6ca8fb2a8de9264a6bf9dfaf679a4c219dd4368c191bd7920ad95472fbf
                                                                                                                                                              • Instruction Fuzzy Hash: A621E433E1868185FB64AF59D8442AEB3B1FB84B44FE58139DA8D03285DF7CE945C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6E230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                              • String ID: csm
                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                              • Opcode ID: ed93e57f905e8d2c307eff59956c4c6cc3209cab66e14db4cfb89e499c7c97d1
                                                                                                                                                              • Instruction ID: bf241f30933d89ebe4ae0d0937122651dfa577613badf6141820811fa774733a
                                                                                                                                                              • Opcode Fuzzy Hash: ed93e57f905e8d2c307eff59956c4c6cc3209cab66e14db4cfb89e499c7c97d1
                                                                                                                                                              • Instruction Fuzzy Hash: 24114F32A08B4182EB509F55E54026AB7A1FB88B94F684235EE8C07B65DF3CD551C700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7F3FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E00007FF77FF78EC7F3FC(void* __ecx) {
				signed int _v16;
				short _v18;
				intOrPtr _v22;
				short _v24;
				void* _t20;
				signed long long _t26;
				signed long long _t27;
				signed long long _t32;

				_t20 = __ecx;
				_t26 =  *0x8ec9d000; // 0xa1f108556e84
				_t27 = _t26 ^ _t32;
				_v16 = _t27;
				if (__ecx - 0x1a <= 0) goto 0x8ec7f435;
				E00007FF77FF78EC75DE8(_t27);
				 *_t27 = 0xf;
				E00007FF77FF78EC75E08(_t27);
				 *_t27 = 0xd;
				E00007FF77FF78EC7A250();
				goto 0x8ec7f469;
				if (_t20 != 0) goto 0x8ec7f440;
				goto 0x8ec7f469;
				_v22 = 0x5c003a;
				_v24 = _t20 + 0x40;
				_v18 = 0;
				return E00007FF77FF78EC6A040(0 | GetDriveTypeW(??) - 0x00000002 >= 0x00000000, _t20 + 0x40, _v16 ^ _t32);
			}











                                                                                                                                                              0x7ff78ec7f3fc
                                                                                                                                                              0x7ff78ec7f402
                                                                                                                                                              0x7ff78ec7f409
                                                                                                                                                              0x7ff78ec7f40c
                                                                                                                                                              0x7ff78ec7f414
                                                                                                                                                              0x7ff78ec7f416
                                                                                                                                                              0x7ff78ec7f41b
                                                                                                                                                              0x7ff78ec7f421
                                                                                                                                                              0x7ff78ec7f426
                                                                                                                                                              0x7ff78ec7f42c
                                                                                                                                                              0x7ff78ec7f433
                                                                                                                                                              0x7ff78ec7f439
                                                                                                                                                              0x7ff78ec7f43e
                                                                                                                                                              0x7ff78ec7f444
                                                                                                                                                              0x7ff78ec7f44c
                                                                                                                                                              0x7ff78ec7f456
                                                                                                                                                              0x7ff78ec7f47b

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.386496992.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.386457703.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386563821.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386617077.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386654688.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.386697156.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: :
                                                                                                                                                              • API String ID: 3215553584-336475711
                                                                                                                                                              • Opcode ID: af30997fc9b2bda5339abb9cf150afc1d24e6460e7359128a80d95a47095e053
                                                                                                                                                              • Instruction ID: dea0907e7b69f9723483b77f2b4d3463ac65f02498023d8da9ebc2f6914bc7b6
                                                                                                                                                              • Opcode Fuzzy Hash: af30997fc9b2bda5339abb9cf150afc1d24e6460e7359128a80d95a47095e053
                                                                                                                                                              • Instruction Fuzzy Hash: 9A01AD22E1C24686F730BFA4E89227EA3A0FF48744FE00435E95E46691DF3CE144CA24
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:5.7%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                              Total number of Nodes:1027
                                                                                                                                                              Total number of Limit Nodes:27
                                                                                                                                                              execution_graph 27894 7ff78ec78c5d 27906 7ff78ec79588 27894->27906 27896 7ff78ec78c62 27897 7ff78ec78c89 GetModuleHandleW 27896->27897 27898 7ff78ec78cd3 27896->27898 27897->27898 27904 7ff78ec78c96 27897->27904 27899 7ff78ec78b60 39 API calls 27898->27899 27901 7ff78ec78d0f 27899->27901 27900 7ff78ec78d16 27901->27900 27902 7ff78ec78d2c 11 API calls 27901->27902 27903 7ff78ec78d28 27902->27903 27904->27898 27905 7ff78ec78d90 GetModuleHandleExW GetProcAddress FreeLibrary 27904->27905 27905->27898 27911 7ff78ec7aab0 GetLastError 27906->27911 27912 7ff78ec7aad4 FlsGetValue 27911->27912 27913 7ff78ec7aaf1 FlsSetValue 27911->27913 27914 7ff78ec7aaeb 27912->27914 27931 7ff78ec7aae1 27912->27931 27915 7ff78ec7ab03 27913->27915 27913->27931 27914->27913 27934 7ff78ec7e248 27915->27934 27916 7ff78ec7ab5d SetLastError 27918 7ff78ec7ab7d 27916->27918 27919 7ff78ec79591 27916->27919 27948 7ff78ec796bc 45 API calls 2 library calls 27918->27948 27933 7ff78ec796bc 45 API calls 2 library calls 27919->27933 27922 7ff78ec7ab30 FlsSetValue 27926 7ff78ec7ab4e 27922->27926 27927 7ff78ec7ab3c FlsSetValue 27922->27927 27923 7ff78ec7ab20 FlsSetValue 27925 7ff78ec7ab29 27923->27925 27941 7ff78ec7a2b8 27925->27941 27947 7ff78ec7a860 11 API calls _get_daylight 27926->27947 27927->27925 27930 7ff78ec7ab56 27932 7ff78ec7a2b8 __free_lconv_mon 11 API calls 27930->27932 27931->27916 27932->27916 27940 7ff78ec7e259 _get_daylight 27934->27940 27935 7ff78ec7e2aa 27950 7ff78ec75e08 11 API calls _get_daylight 27935->27950 27936 7ff78ec7e28e RtlAllocateHeap 27938 7ff78ec7ab12 27936->27938 27936->27940 27938->27922 27938->27923 27940->27935 27940->27936 27949 7ff78ec82a40 EnterCriticalSection LeaveCriticalSection _get_daylight 27940->27949 27942 7ff78ec7a2bd HeapFree 27941->27942 27943 7ff78ec7a2ec 27941->27943 27942->27943 27944 7ff78ec7a2d8 GetLastError 27942->27944 27943->27931 27945 7ff78ec7a2e5 __free_lconv_mon 27944->27945 27951 7ff78ec75e08 11 API calls _get_daylight 27945->27951 27947->27930 27949->27940 27950->27938 27951->27943 27952 7ffc60f75a30 27953 7ffc60f75a58 __security_init_cookie 27952->27953 27954 7ffc60f75a44 27952->27954 27953->27954 27955 7ffc60f75a81 27954->27955 27962 7ffc60f75b8c 27954->27962 27956 7ffc60f75b31 27955->27956 27957 7ffc60f75a8a 27955->27957 27981 7ffc60f77010 27956->27981 27958 7ffc60f75a8f GetLastError 27957->27958 27959 7ffc60f75b09 27957->27959 27963 7ffc60f75aa6 27958->27963 27967 7ffc60f75b3a 27958->27967 27961 7ffc60f75af5 27959->27961 27965 7ffc60f75b19 27959->27965 27962->27961 27999 7ffc60f7710c EnterCriticalSection LeaveCriticalSection 27962->27999 27988 7ffc60f73360 GetProcAddress TlsGetValue 27963->27988 27990 7ffc60f73360 GetProcAddress TlsGetValue 27965->27990 27970 7ffc60f75bd7 SetLastError 27967->27970 27991 7ffc60f6d610 27967->27991 27969 7ffc60f75aab 27969->27967 27971 7ffc60f75ab7 27969->27971 27970->27961 27971->27970 27980 7ffc60f75ac1 27971->27980 27973 7ffc60f75aca 27989 7ffc60f73360 GetProcAddress TlsGetValue 27973->27989 27975 7ffc60f75b1e 27975->27961 28000 7ffc60f7f2d0 EnterCriticalSection LeaveCriticalSection 27975->28000 27976 7ffc60f75ad5 SetLastError 27976->27961 27978 7ffc60f75af0 27976->27978 27978->27961 27979 7ffc60f75bc9 27979->27970 27980->27970 27980->27973 27980->27979 27983 7ffc60f77024 27981->27983 27982 7ffc60fb36a2 __vcrt_uninitialize 27984 7ffc60f7705d 27982->27984 27983->27984 28001 7ffc60f7c190 EnterCriticalSection 27983->28001 28009 7ffc60f7f360 27983->28009 27984->27982 27985 7ffc60f77066 27984->27985 27985->27961 27988->27969 27989->27976 27990->27975 27992 7ffc60f6d621 27991->27992 27993 7ffc60f6d636 RtlAllocateHeap 27991->27993 27992->27993 27994 7ffc60f6d667 27992->27994 27993->27994 27995 7ffc60fb0fd6 27993->27995 27994->27980 27996 7ffc60fb1014 27995->27996 27997 7ffc60fb0ff5 HeapAlloc 27995->27997 27997->27995 27998 7ffc60fb100f 27997->27998 27998->27996 27999->27961 28000->27978 28012 7ffc60f7c338 28001->28012 28003 7ffc60f7c1ac 28004 7ffc60f7c1bc LeaveCriticalSection 28003->28004 28020 7ffc60f7c2dc GetStartupInfoW 28003->28020 28004->27983 28032 7ffc60f7f38c 28009->28032 28011 7ffc60f7f369 28011->27983 28013 7ffc60f7c35b EnterCriticalSection 28012->28013 28017 7ffc60fb5b96 28012->28017 28014 7ffc60f7c373 28013->28014 28015 7ffc60f7c3b2 LeaveCriticalSection 28014->28015 28016 7ffc60f7c389 28014->28016 28015->28003 28016->28014 28019 7ffc60f7c3ad 28016->28019 28031 7ffc60f7c3e0 RtlAllocateHeap HeapAlloc InitializeCriticalSectionAndSpinCount GetProcAddress 28016->28031 28019->28015 28021 7ffc60fb5af2 28020->28021 28023 7ffc60f7c1b5 28020->28023 28022 7ffc60f7c338 6 API calls 28021->28022 28021->28023 28024 7ffc60fb5b1b 28022->28024 28026 7ffc60f7c1d8 28023->28026 28024->28023 28025 7ffc60fb5b49 GetFileType 28024->28025 28025->28024 28030 7ffc60f7c1f6 28026->28030 28027 7ffc60f7c23a GetStdHandle 28028 7ffc60f7c24d GetFileType 28027->28028 28027->28030 28028->28030 28029 7ffc60f7c1ba 28029->28004 28030->28027 28030->28029 28031->28016 28033 7ffc60f7f39b 28032->28033 28034 7ffc60f7f3c4 28033->28034 28036 7ffc60f6d4f0 28033->28036 28034->28011 28037 7ffc60f6d50b 28036->28037 28038 7ffc60f6d610 2 API calls 28037->28038 28040 7ffc60f6d558 28038->28040 28039 7ffc60f6d610 2 API calls 28039->28040 28040->28039 28041 7ffc60f6d5cf 28040->28041 28042 7ffc60fb0f9c 28040->28042 28041->28034 28045 7ffc60fd1200 IsProcessorFeaturePresent GetCurrentProcess TerminateProcess 28042->28045 28046 7ff78ec6a1ac 28071 7ff78ec6a62c 28046->28071 28049 7ff78ec6a1cd __scrt_acquire_startup_lock 28052 7ff78ec6a30d 28049->28052 28053 7ff78ec6a1eb 28049->28053 28050 7ff78ec6a303 28181 7ff78ec6a95c 7 API calls 2 library calls 28050->28181 28182 7ff78ec6a95c 7 API calls 2 library calls 28052->28182 28061 7ff78ec6a22d __scrt_release_startup_lock 28053->28061 28079 7ff78ec78b18 28053->28079 28057 7ff78ec6a210 28058 7ff78ec6a318 __GetCurrentState 28060 7ff78ec6a296 28088 7ff78ec78a7c 28060->28088 28061->28060 28178 7ff78ec78e34 45 API calls 28061->28178 28064 7ff78ec6a29b 28094 7ff78ec61000 28064->28094 28068 7ff78ec6a2bf 28068->28058 28180 7ff78ec6a7c0 7 API calls __scrt_initialize_crt 28068->28180 28070 7ff78ec6a2d6 28070->28057 28183 7ff78ec6abfc 28071->28183 28074 7ff78ec6a65b 28185 7ff78ec7953c 28074->28185 28075 7ff78ec6a1c5 28075->28049 28075->28050 28081 7ff78ec78b2b 28079->28081 28080 7ff78ec6a20c 28080->28057 28084 7ff78ec78ad4 28080->28084 28081->28080 28202 7ff78ec73f90 28081->28202 28214 7ff78ec6a0c0 28081->28214 28085 7ff78ec78ad9 28084->28085 28086 7ff78ec78b0a 28084->28086 28085->28086 28285 7ff78ec6a190 28085->28285 28086->28061 28089 7ff78ec78a8c 28088->28089 28093 7ff78ec78aa1 28088->28093 28089->28093 28294 7ff78ec7850c 28089->28294 28093->28064 28095 7ff78ec61011 28094->28095 28350 7ff78ec66720 28095->28350 28097 7ff78ec61023 28357 7ff78ec74d20 28097->28357 28099 7ff78ec6278b 28364 7ff78ec61af0 28099->28364 28105 7ff78ec627a9 28169 7ff78ec628aa 28105->28169 28380 7ff78ec62c30 28105->28380 28107 7ff78ec627db 28107->28169 28383 7ff78ec65ab0 28107->28383 28109 7ff78ec627f7 28110 7ff78ec62843 28109->28110 28112 7ff78ec65ab0 92 API calls 28109->28112 28398 7ff78ec66050 28110->28398 28116 7ff78ec62818 __std_exception_copy 28112->28116 28113 7ff78ec62858 28402 7ff78ec619d0 28113->28402 28116->28110 28120 7ff78ec66050 89 API calls 28116->28120 28117 7ff78ec6294d 28118 7ff78ec62978 28117->28118 28507 7ff78ec62480 86 API calls 28117->28507 28127 7ff78ec629bb 28118->28127 28413 7ff78ec66d10 28118->28413 28119 7ff78ec619d0 121 API calls 28123 7ff78ec6288e 28119->28123 28120->28110 28125 7ff78ec628d0 28123->28125 28126 7ff78ec62892 28123->28126 28124 7ff78ec62998 28128 7ff78ec629ae SetDllDirectoryW 28124->28128 28129 7ff78ec6299d 28124->28129 28125->28117 28484 7ff78ec62dc0 28125->28484 28469 7ff78ec61c50 28126->28469 28427 7ff78ec64f80 28127->28427 28128->28127 28132 7ff78ec61c50 86 API calls 28129->28132 28132->28169 28136 7ff78ec62a16 28143 7ff78ec62ad6 28136->28143 28150 7ff78ec62a29 28136->28150 28137 7ff78ec628f2 28142 7ff78ec61c50 86 API calls 28137->28142 28140 7ff78ec629d8 28140->28136 28509 7ff78ec64780 158 API calls 3 library calls 28140->28509 28141 7ff78ec62920 28141->28117 28144 7ff78ec62925 28141->28144 28142->28169 28459 7ff78ec62310 28143->28459 28503 7ff78ec6e528 28144->28503 28148 7ff78ec629e9 28151 7ff78ec62a0c 28148->28151 28152 7ff78ec629ed 28148->28152 28157 7ff78ec62a75 28150->28157 28513 7ff78ec61b30 28150->28513 28512 7ff78ec649d0 FreeLibrary 28151->28512 28510 7ff78ec64710 120 API calls 28152->28510 28157->28169 28431 7ff78ec622b0 28157->28431 28158 7ff78ec629f7 28158->28151 28160 7ff78ec629fb 28158->28160 28159 7ff78ec62b0b 28161 7ff78ec65ab0 92 API calls 28159->28161 28511 7ff78ec64dd0 87 API calls 28160->28511 28164 7ff78ec62b17 28161->28164 28167 7ff78ec62b28 28164->28167 28164->28169 28165 7ff78ec62ab1 28517 7ff78ec649d0 FreeLibrary 28165->28517 28166 7ff78ec62a0a 28166->28136 28519 7ff78ec66090 95 API calls 2 library calls 28167->28519 28475 7ff78ec6a040 28169->28475 28171 7ff78ec62b40 28520 7ff78ec649d0 FreeLibrary 28171->28520 28173 7ff78ec62b4c 28174 7ff78ec62b67 28173->28174 28521 7ff78ec65d50 98 API calls 2 library calls 28173->28521 28522 7ff78ec61ab0 74 API calls __std_exception_copy 28174->28522 28177 7ff78ec62b6f 28177->28169 28178->28060 28179 7ff78ec6aab0 GetModuleHandleW 28179->28068 28180->28070 28181->28052 28182->28058 28184 7ff78ec6a64e __scrt_dllmain_crt_thread_attach 28183->28184 28184->28074 28184->28075 28186 7ff78ec8295c 28185->28186 28187 7ff78ec6a660 28186->28187 28190 7ff78ec7beb0 28186->28190 28187->28075 28189 7ff78ec6bd58 7 API calls 2 library calls 28187->28189 28189->28075 28201 7ff78ec7fb48 EnterCriticalSection 28190->28201 28192 7ff78ec7bec0 28193 7ff78ec76a28 43 API calls 28192->28193 28194 7ff78ec7bec9 28193->28194 28195 7ff78ec7bed7 28194->28195 28197 7ff78ec7bcb0 45 API calls 28194->28197 28196 7ff78ec7fba8 _isindst LeaveCriticalSection 28195->28196 28198 7ff78ec7bee3 28196->28198 28199 7ff78ec7bed2 28197->28199 28198->28186 28200 7ff78ec7bda0 GetStdHandle GetFileType 28199->28200 28200->28195 28203 7ff78ec73fba 28202->28203 28204 7ff78ec7e248 _get_daylight 11 API calls 28203->28204 28205 7ff78ec73fd9 28204->28205 28206 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28205->28206 28207 7ff78ec73fe7 28206->28207 28208 7ff78ec7e248 _get_daylight 11 API calls 28207->28208 28212 7ff78ec74011 28207->28212 28209 7ff78ec74003 28208->28209 28211 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28209->28211 28211->28212 28213 7ff78ec7401a 28212->28213 28231 7ff78ec7e628 6 API calls __crtLCMapStringW 28212->28231 28213->28081 28215 7ff78ec6a0d0 28214->28215 28232 7ff78ec755ac 28215->28232 28217 7ff78ec6a0dc 28238 7ff78ec6a678 28217->28238 28219 7ff78ec6a149 28230 7ff78ec6a165 28219->28230 28272 7ff78ec6a95c 7 API calls 2 library calls 28219->28272 28221 7ff78ec6a0f4 _RTC_Initialize 28221->28219 28243 7ff78ec6a828 28221->28243 28222 7ff78ec6a175 28222->28081 28224 7ff78ec6a109 28246 7ff78ec78314 28224->28246 28228 7ff78ec6a11e 28229 7ff78ec78f30 45 API calls 28228->28229 28229->28219 28230->28081 28231->28212 28233 7ff78ec755bd 28232->28233 28234 7ff78ec755c5 28233->28234 28273 7ff78ec75e08 11 API calls _get_daylight 28233->28273 28234->28217 28236 7ff78ec755d4 28274 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 28236->28274 28239 7ff78ec6a689 28238->28239 28242 7ff78ec6a68e __scrt_release_startup_lock 28238->28242 28239->28242 28275 7ff78ec6a95c 7 API calls 2 library calls 28239->28275 28241 7ff78ec6a702 28242->28221 28276 7ff78ec6a7ec 28243->28276 28245 7ff78ec6a831 28245->28224 28247 7ff78ec78334 28246->28247 28248 7ff78ec6a115 28246->28248 28249 7ff78ec7833c 28247->28249 28250 7ff78ec78352 GetModuleFileNameW 28247->28250 28248->28219 28271 7ff78ec6a8fc InitializeSListHead 28248->28271 28281 7ff78ec75e08 11 API calls _get_daylight 28249->28281 28254 7ff78ec7837d 28250->28254 28252 7ff78ec78341 28282 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 28252->28282 28283 7ff78ec782b4 11 API calls 2 library calls 28254->28283 28256 7ff78ec783bd 28257 7ff78ec783c5 28256->28257 28260 7ff78ec783dd 28256->28260 28284 7ff78ec75e08 11 API calls _get_daylight 28257->28284 28259 7ff78ec783ca 28261 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28259->28261 28264 7ff78ec7842b 28260->28264 28265 7ff78ec78444 28260->28265 28269 7ff78ec783ff 28260->28269 28262 7ff78ec783d8 28261->28262 28262->28248 28263 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28263->28248 28266 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28264->28266 28267 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28265->28267 28268 7ff78ec78434 28266->28268 28267->28269 28270 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28268->28270 28269->28263 28270->28262 28272->28222 28273->28236 28275->28241 28277 7ff78ec6a806 28276->28277 28279 7ff78ec6a7ff 28276->28279 28280 7ff78ec7939c 40 API calls 28277->28280 28279->28245 28280->28279 28281->28252 28283->28256 28284->28259 28293 7ff78ec6ab04 SetUnhandledExceptionFilter 28285->28293 28295 7ff78ec78525 28294->28295 28302 7ff78ec78521 28294->28302 28308 7ff78ec81f2c GetEnvironmentStringsW 28295->28308 28298 7ff78ec7853e 28315 7ff78ec7868c 28298->28315 28299 7ff78ec78532 28300 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28299->28300 28300->28302 28302->28093 28307 7ff78ec788cc 12 API calls 3 library calls 28302->28307 28304 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28305 7ff78ec78565 28304->28305 28306 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28305->28306 28306->28302 28307->28093 28309 7ff78ec7852a 28308->28309 28310 7ff78ec81f50 28308->28310 28309->28298 28309->28299 28334 7ff78ec7cfa0 28310->28334 28312 7ff78ec81f87 memcpy_s 28313 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28312->28313 28314 7ff78ec81fa7 FreeEnvironmentStringsW 28313->28314 28314->28309 28316 7ff78ec786b4 28315->28316 28317 7ff78ec7e248 _get_daylight 11 API calls 28316->28317 28328 7ff78ec786ef 28317->28328 28318 7ff78ec786f7 28319 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28318->28319 28320 7ff78ec78546 28319->28320 28320->28304 28321 7ff78ec78771 28322 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28321->28322 28322->28320 28323 7ff78ec7e248 _get_daylight 11 API calls 28323->28328 28324 7ff78ec78760 28344 7ff78ec787a8 11 API calls __free_lconv_mon 28324->28344 28327 7ff78ec78768 28330 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28327->28330 28328->28318 28328->28321 28328->28323 28328->28324 28329 7ff78ec78794 28328->28329 28331 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28328->28331 28343 7ff78ec7fce4 37 API calls 2 library calls 28328->28343 28345 7ff78ec7a270 IsProcessorFeaturePresent 28329->28345 28330->28318 28331->28328 28335 7ff78ec7cfeb 28334->28335 28339 7ff78ec7cfaf _get_daylight 28334->28339 28342 7ff78ec75e08 11 API calls _get_daylight 28335->28342 28336 7ff78ec7cfd2 RtlAllocateHeap 28338 7ff78ec7cfe9 28336->28338 28336->28339 28338->28312 28339->28335 28339->28336 28341 7ff78ec82a40 EnterCriticalSection LeaveCriticalSection _get_daylight 28339->28341 28341->28339 28342->28338 28343->28328 28344->28327 28346 7ff78ec7a283 28345->28346 28349 7ff78ec79f80 14 API calls 2 library calls 28346->28349 28348 7ff78ec7a29e GetCurrentProcess TerminateProcess 28349->28348 28352 7ff78ec6673f 28350->28352 28351 7ff78ec66790 WideCharToMultiByte 28351->28352 28354 7ff78ec66838 28351->28354 28352->28351 28353 7ff78ec667e6 WideCharToMultiByte 28352->28353 28352->28354 28356 7ff78ec66747 __std_exception_copy 28352->28356 28353->28352 28353->28354 28523 7ff78ec61cb0 86 API calls 28354->28523 28356->28097 28360 7ff78ec7f01c 28357->28360 28358 7ff78ec7f06f 28524 7ff78ec7a180 37 API calls 2 library calls 28358->28524 28360->28358 28361 7ff78ec7f0c5 28360->28361 28525 7ff78ec7eef4 71 API calls _fread_nolock 28361->28525 28363 7ff78ec7f098 28363->28099 28365 7ff78ec61b05 28364->28365 28366 7ff78ec61b20 28365->28366 28526 7ff78ec61c10 86 API calls 28365->28526 28366->28169 28368 7ff78ec62cb0 28366->28368 28527 7ff78ec6a070 28368->28527 28371 7ff78ec62ceb 28529 7ff78ec61cb0 86 API calls 28371->28529 28372 7ff78ec62d02 28530 7ff78ec66e20 88 API calls 28372->28530 28375 7ff78ec62d15 28376 7ff78ec61c50 86 API calls 28375->28376 28378 7ff78ec62cfe 28375->28378 28376->28378 28377 7ff78ec6a040 _wfindfirst32i64 8 API calls 28379 7ff78ec62d3f 28377->28379 28378->28377 28379->28105 28381 7ff78ec61b30 49 API calls 28380->28381 28382 7ff78ec62c4d 28381->28382 28382->28107 28384 7ff78ec65aba 28383->28384 28385 7ff78ec66d10 88 API calls 28384->28385 28386 7ff78ec65adc GetEnvironmentVariableW 28385->28386 28387 7ff78ec65af4 ExpandEnvironmentStringsW 28386->28387 28388 7ff78ec65b46 28386->28388 28531 7ff78ec66e20 88 API calls 28387->28531 28389 7ff78ec6a040 _wfindfirst32i64 8 API calls 28388->28389 28391 7ff78ec65b58 28389->28391 28391->28109 28392 7ff78ec65b1c 28392->28388 28393 7ff78ec65b26 28392->28393 28532 7ff78ec795bc 37 API calls 2 library calls 28393->28532 28395 7ff78ec65b2e 28396 7ff78ec6a040 _wfindfirst32i64 8 API calls 28395->28396 28397 7ff78ec65b3e 28396->28397 28397->28109 28399 7ff78ec66d10 88 API calls 28398->28399 28400 7ff78ec66067 SetEnvironmentVariableW 28399->28400 28401 7ff78ec6607f __std_exception_copy 28400->28401 28401->28113 28403 7ff78ec61b30 49 API calls 28402->28403 28404 7ff78ec61a00 28403->28404 28405 7ff78ec61b30 49 API calls 28404->28405 28411 7ff78ec61a7a 28404->28411 28406 7ff78ec61a22 28405->28406 28407 7ff78ec62c30 49 API calls 28406->28407 28406->28411 28408 7ff78ec61a3b 28407->28408 28533 7ff78ec617b0 28408->28533 28411->28117 28411->28119 28412 7ff78ec6e528 74 API calls 28412->28411 28414 7ff78ec66db7 MultiByteToWideChar 28413->28414 28415 7ff78ec66d31 MultiByteToWideChar 28413->28415 28418 7ff78ec66dda 28414->28418 28419 7ff78ec66dff 28414->28419 28416 7ff78ec66d7c 28415->28416 28417 7ff78ec66d57 28415->28417 28416->28414 28424 7ff78ec66d92 28416->28424 28614 7ff78ec61cb0 86 API calls 28417->28614 28616 7ff78ec61cb0 86 API calls 28418->28616 28419->28124 28422 7ff78ec66ded 28422->28124 28423 7ff78ec66d6a 28423->28124 28615 7ff78ec61cb0 86 API calls 28424->28615 28426 7ff78ec66da5 28426->28124 28428 7ff78ec64f95 28427->28428 28429 7ff78ec629c0 28428->28429 28617 7ff78ec61c10 86 API calls 28428->28617 28429->28136 28508 7ff78ec64c20 120 API calls 2 library calls 28429->28508 28618 7ff78ec63aa0 28431->28618 28434 7ff78ec622fd 28434->28165 28436 7ff78ec622d4 28436->28434 28674 7ff78ec63820 28436->28674 28438 7ff78ec622e0 28438->28434 28684 7ff78ec63980 28438->28684 28440 7ff78ec622ec 28440->28434 28441 7ff78ec6253c 28440->28441 28442 7ff78ec62527 28440->28442 28444 7ff78ec6255c 28441->28444 28456 7ff78ec62572 __std_exception_copy 28441->28456 28443 7ff78ec61c50 86 API calls 28442->28443 28448 7ff78ec62533 28443->28448 28446 7ff78ec61c50 86 API calls 28444->28446 28445 7ff78ec6a040 _wfindfirst32i64 8 API calls 28447 7ff78ec626ca 28445->28447 28446->28448 28447->28165 28448->28445 28451 7ff78ec61b30 49 API calls 28451->28456 28452 7ff78ec6271f 28453 7ff78ec61c50 86 API calls 28452->28453 28453->28448 28454 7ff78ec626f9 28455 7ff78ec61c50 86 API calls 28454->28455 28455->28448 28456->28448 28456->28451 28456->28452 28456->28454 28457 7ff78ec626d6 28456->28457 28689 7ff78ec612b0 28456->28689 28715 7ff78ec61780 86 API calls 28456->28715 28458 7ff78ec61c50 86 API calls 28457->28458 28458->28448 28460 7ff78ec623c4 28459->28460 28466 7ff78ec62383 28459->28466 28461 7ff78ec62403 28460->28461 28854 7ff78ec61ab0 74 API calls __std_exception_copy 28460->28854 28463 7ff78ec6a040 _wfindfirst32i64 8 API calls 28461->28463 28464 7ff78ec62415 28463->28464 28464->28169 28518 7ff78ec65fe0 88 API calls __std_exception_copy 28464->28518 28466->28460 28799 7ff78ec61dc0 28466->28799 28853 7ff78ec61440 158 API calls 2 library calls 28466->28853 28855 7ff78ec61780 86 API calls 28466->28855 28470 7ff78ec61c6e 28469->28470 28994 7ff78ec61b90 28470->28994 28476 7ff78ec6a049 28475->28476 28477 7ff78ec628be 28476->28477 28478 7ff78ec6a380 IsProcessorFeaturePresent 28476->28478 28477->28179 28479 7ff78ec6a398 28478->28479 29043 7ff78ec6a574 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 28479->29043 28481 7ff78ec6a3ab 29044 7ff78ec6a344 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 28481->29044 28485 7ff78ec62dcc 28484->28485 28486 7ff78ec66d10 88 API calls 28485->28486 28487 7ff78ec62df7 28486->28487 28488 7ff78ec66d10 88 API calls 28487->28488 28489 7ff78ec62e0a 28488->28489 29045 7ff78ec752d8 28489->29045 28492 7ff78ec6a040 _wfindfirst32i64 8 API calls 28493 7ff78ec628ea 28492->28493 28493->28137 28494 7ff78ec662c0 28493->28494 28495 7ff78ec662e4 28494->28495 28496 7ff78ec6eb90 73 API calls 28495->28496 28501 7ff78ec663bb __std_exception_copy 28495->28501 28497 7ff78ec662fe 28496->28497 28497->28501 29211 7ff78ec77de4 28497->29211 28499 7ff78ec6eb90 73 API calls 28502 7ff78ec66313 28499->28502 28500 7ff78ec6e878 _fread_nolock 53 API calls 28500->28502 28501->28141 28502->28499 28502->28500 28502->28501 28504 7ff78ec6e558 28503->28504 29227 7ff78ec6e308 28504->29227 28506 7ff78ec6e571 28506->28137 28507->28118 28508->28140 28509->28148 28510->28158 28511->28166 28512->28136 28514 7ff78ec61b55 28513->28514 28515 7ff78ec73a20 49 API calls 28514->28515 28516 7ff78ec61b78 28515->28516 28516->28157 28517->28169 28518->28159 28519->28171 28520->28173 28521->28174 28522->28177 28523->28356 28524->28363 28525->28363 28526->28366 28528 7ff78ec62cbc GetModuleFileNameW 28527->28528 28528->28371 28528->28372 28529->28378 28530->28375 28531->28392 28532->28395 28534 7ff78ec617d4 28533->28534 28535 7ff78ec617e4 28533->28535 28536 7ff78ec62dc0 120 API calls 28534->28536 28537 7ff78ec662c0 83 API calls 28535->28537 28565 7ff78ec61842 28535->28565 28536->28535 28538 7ff78ec61815 28537->28538 28538->28565 28567 7ff78ec6eb90 28538->28567 28540 7ff78ec6a040 _wfindfirst32i64 8 API calls 28542 7ff78ec619c0 28540->28542 28541 7ff78ec6182b 28543 7ff78ec6184c 28541->28543 28544 7ff78ec6182f 28541->28544 28542->28411 28542->28412 28571 7ff78ec6e878 28543->28571 28580 7ff78ec61c10 86 API calls 28544->28580 28548 7ff78ec61867 28581 7ff78ec61c10 86 API calls 28548->28581 28549 7ff78ec6eb90 73 API calls 28551 7ff78ec618d1 28549->28551 28552 7ff78ec618fe 28551->28552 28553 7ff78ec618e3 28551->28553 28555 7ff78ec6e878 _fread_nolock 53 API calls 28552->28555 28582 7ff78ec61c10 86 API calls 28553->28582 28556 7ff78ec61913 28555->28556 28556->28548 28557 7ff78ec61925 28556->28557 28574 7ff78ec6e5ec 28557->28574 28560 7ff78ec6193d 28561 7ff78ec61c50 86 API calls 28560->28561 28561->28565 28562 7ff78ec61993 28563 7ff78ec6e528 74 API calls 28562->28563 28562->28565 28563->28565 28564 7ff78ec61950 28564->28562 28566 7ff78ec61c50 86 API calls 28564->28566 28565->28540 28566->28562 28568 7ff78ec6ebc0 28567->28568 28583 7ff78ec6e940 28568->28583 28570 7ff78ec6ebd9 28570->28541 28596 7ff78ec6e898 28571->28596 28575 7ff78ec61939 28574->28575 28576 7ff78ec6e5f5 28574->28576 28575->28560 28575->28564 28612 7ff78ec75e08 11 API calls _get_daylight 28576->28612 28578 7ff78ec6e5fa 28613 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 28578->28613 28580->28565 28581->28565 28582->28565 28584 7ff78ec6e9aa 28583->28584 28585 7ff78ec6e96a 28583->28585 28584->28585 28587 7ff78ec6e9af 28584->28587 28595 7ff78ec7a180 37 API calls 2 library calls 28585->28595 28594 7ff78ec7412c EnterCriticalSection 28587->28594 28589 7ff78ec6e9b4 28590 7ff78ec6eab8 71 API calls 28589->28590 28591 7ff78ec6e9c6 28590->28591 28592 7ff78ec74138 _fread_nolock LeaveCriticalSection 28591->28592 28593 7ff78ec6e991 28592->28593 28593->28570 28595->28593 28597 7ff78ec61861 28596->28597 28598 7ff78ec6e8c2 28596->28598 28597->28548 28597->28549 28598->28597 28599 7ff78ec6e90e 28598->28599 28600 7ff78ec6e8d1 memcpy_s 28598->28600 28609 7ff78ec7412c EnterCriticalSection 28599->28609 28610 7ff78ec75e08 11 API calls _get_daylight 28600->28610 28603 7ff78ec6e916 28604 7ff78ec6e618 _fread_nolock 51 API calls 28603->28604 28606 7ff78ec6e92d 28604->28606 28605 7ff78ec6e8e6 28611 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 28605->28611 28608 7ff78ec74138 _fread_nolock LeaveCriticalSection 28606->28608 28608->28597 28610->28605 28612->28578 28614->28423 28615->28426 28616->28422 28617->28429 28619 7ff78ec63ab0 28618->28619 28620 7ff78ec61b30 49 API calls 28619->28620 28621 7ff78ec63ae2 28620->28621 28622 7ff78ec63b0b 28621->28622 28623 7ff78ec63aeb 28621->28623 28625 7ff78ec63b62 28622->28625 28716 7ff78ec62e40 28622->28716 28624 7ff78ec61c50 86 API calls 28623->28624 28629 7ff78ec63b01 28624->28629 28626 7ff78ec62e40 49 API calls 28625->28626 28628 7ff78ec63b7b 28626->28628 28632 7ff78ec63b99 28628->28632 28637 7ff78ec61c50 86 API calls 28628->28637 28631 7ff78ec6a040 _wfindfirst32i64 8 API calls 28629->28631 28630 7ff78ec63b2c 28633 7ff78ec63b4a 28630->28633 28634 7ff78ec61c50 86 API calls 28630->28634 28636 7ff78ec622be 28631->28636 28638 7ff78ec66270 89 API calls 28632->28638 28719 7ff78ec62d50 28633->28719 28634->28633 28636->28434 28646 7ff78ec63e20 28636->28646 28637->28632 28640 7ff78ec63ba6 28638->28640 28641 7ff78ec63bab 28640->28641 28642 7ff78ec63bcd 28640->28642 28729 7ff78ec61cb0 86 API calls 28641->28729 28730 7ff78ec62f00 141 API calls 28642->28730 28647 7ff78ec65ab0 92 API calls 28646->28647 28649 7ff78ec63e35 28647->28649 28648 7ff78ec63e50 28650 7ff78ec66d10 88 API calls 28648->28650 28649->28648 28651 7ff78ec61c50 86 API calls 28649->28651 28652 7ff78ec63e94 28650->28652 28651->28648 28653 7ff78ec63e99 28652->28653 28654 7ff78ec63eb0 28652->28654 28655 7ff78ec61c50 86 API calls 28653->28655 28657 7ff78ec66d10 88 API calls 28654->28657 28656 7ff78ec63ea5 28655->28656 28656->28436 28658 7ff78ec63ee5 28657->28658 28660 7ff78ec61b30 49 API calls 28658->28660 28673 7ff78ec63eea __std_exception_copy 28658->28673 28659 7ff78ec61c50 86 API calls 28661 7ff78ec64091 28659->28661 28662 7ff78ec63f67 28660->28662 28661->28436 28663 7ff78ec63f6e 28662->28663 28664 7ff78ec63f93 28662->28664 28665 7ff78ec61c50 86 API calls 28663->28665 28666 7ff78ec66d10 88 API calls 28664->28666 28667 7ff78ec63f83 28665->28667 28668 7ff78ec63fac 28666->28668 28667->28436 28668->28673 28731 7ff78ec63c00 28668->28731 28672 7ff78ec6407a 28672->28436 28673->28659 28673->28672 28675 7ff78ec63837 28674->28675 28675->28675 28676 7ff78ec63860 28675->28676 28680 7ff78ec63877 __std_exception_copy 28675->28680 28677 7ff78ec61c50 86 API calls 28676->28677 28678 7ff78ec6386c 28677->28678 28678->28438 28679 7ff78ec6395f 28679->28438 28680->28679 28681 7ff78ec612b0 120 API calls 28680->28681 28683 7ff78ec61c50 86 API calls 28680->28683 28773 7ff78ec61780 86 API calls 28680->28773 28681->28680 28683->28680 28685 7ff78ec63a87 28684->28685 28687 7ff78ec6399b 28684->28687 28685->28440 28687->28685 28688 7ff78ec61c50 86 API calls 28687->28688 28774 7ff78ec61780 86 API calls 28687->28774 28688->28687 28690 7ff78ec612f8 28689->28690 28691 7ff78ec612c6 28689->28691 28692 7ff78ec6eb90 73 API calls 28690->28692 28693 7ff78ec62dc0 120 API calls 28691->28693 28695 7ff78ec6130a 28692->28695 28694 7ff78ec612d6 28693->28694 28694->28690 28696 7ff78ec612de 28694->28696 28697 7ff78ec6130e 28695->28697 28698 7ff78ec6132f 28695->28698 28699 7ff78ec61c50 86 API calls 28696->28699 28793 7ff78ec61c10 86 API calls 28697->28793 28703 7ff78ec61364 28698->28703 28704 7ff78ec61344 28698->28704 28701 7ff78ec612ee 28699->28701 28701->28456 28702 7ff78ec61325 28702->28456 28705 7ff78ec6137e 28703->28705 28712 7ff78ec61395 28703->28712 28794 7ff78ec61c10 86 API calls 28704->28794 28775 7ff78ec61050 28705->28775 28708 7ff78ec61421 28708->28456 28709 7ff78ec6e878 _fread_nolock 53 API calls 28709->28712 28710 7ff78ec6e528 74 API calls 28710->28708 28711 7ff78ec6135f __std_exception_copy 28711->28708 28711->28710 28712->28709 28712->28711 28713 7ff78ec613de 28712->28713 28795 7ff78ec61c10 86 API calls 28713->28795 28715->28456 28717 7ff78ec61b30 49 API calls 28716->28717 28718 7ff78ec62e70 28717->28718 28718->28630 28720 7ff78ec62d5a 28719->28720 28721 7ff78ec66d10 88 API calls 28720->28721 28722 7ff78ec62d82 28721->28722 28723 7ff78ec6a040 _wfindfirst32i64 8 API calls 28722->28723 28724 7ff78ec62daa 28723->28724 28724->28625 28725 7ff78ec66270 28724->28725 28726 7ff78ec66d10 88 API calls 28725->28726 28727 7ff78ec66287 LoadLibraryW 28726->28727 28728 7ff78ec662a4 __std_exception_copy 28727->28728 28728->28625 28729->28629 28730->28629 28739 7ff78ec63c1a 28731->28739 28732 7ff78ec63dd1 28733 7ff78ec6a040 _wfindfirst32i64 8 API calls 28732->28733 28734 7ff78ec63df0 28733->28734 28758 7ff78ec66f10 88 API calls __std_exception_copy 28734->28758 28736 7ff78ec63d33 28736->28732 28761 7ff78ec79634 28736->28761 28739->28732 28739->28736 28741 7ff78ec63e09 28739->28741 28759 7ff78ec754e0 47 API calls 28739->28759 28760 7ff78ec61780 86 API calls 28739->28760 28743 7ff78ec61c50 86 API calls 28741->28743 28743->28732 28744 7ff78ec63d56 28745 7ff78ec79634 _fread_nolock 37 API calls 28744->28745 28746 7ff78ec63d68 28745->28746 28768 7ff78ec755ec 39 API calls 3 library calls 28746->28768 28748 7ff78ec63d74 28769 7ff78ec75b54 73 API calls 28748->28769 28750 7ff78ec63d86 28770 7ff78ec75b54 73 API calls 28750->28770 28752 7ff78ec63d98 28753 7ff78ec74d20 71 API calls 28752->28753 28754 7ff78ec63da9 28753->28754 28755 7ff78ec74d20 71 API calls 28754->28755 28756 7ff78ec63dbd 28755->28756 28757 7ff78ec74d20 71 API calls 28756->28757 28757->28732 28758->28673 28759->28739 28760->28739 28762 7ff78ec7963d 28761->28762 28763 7ff78ec63d4a 28761->28763 28771 7ff78ec75e08 11 API calls _get_daylight 28762->28771 28767 7ff78ec755ec 39 API calls 3 library calls 28763->28767 28765 7ff78ec79642 28772 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 28765->28772 28767->28744 28768->28748 28769->28750 28770->28752 28771->28765 28773->28680 28774->28687 28776 7ff78ec610a6 28775->28776 28777 7ff78ec610ad 28776->28777 28778 7ff78ec610d3 28776->28778 28779 7ff78ec61c50 86 API calls 28777->28779 28781 7ff78ec610ed 28778->28781 28782 7ff78ec61109 28778->28782 28780 7ff78ec610c0 28779->28780 28780->28711 28796 7ff78ec61c10 86 API calls 28781->28796 28784 7ff78ec6111b 28782->28784 28791 7ff78ec61137 memcpy_s 28782->28791 28797 7ff78ec61c10 86 API calls 28784->28797 28786 7ff78ec6e878 _fread_nolock 53 API calls 28786->28791 28787 7ff78ec61104 __std_exception_copy 28787->28711 28788 7ff78ec611fe 28789 7ff78ec61c50 86 API calls 28788->28789 28789->28787 28791->28786 28791->28787 28791->28788 28792 7ff78ec6e5ec 37 API calls 28791->28792 28798 7ff78ec6ef84 76 API calls 28791->28798 28792->28791 28793->28702 28794->28711 28795->28711 28796->28787 28797->28787 28798->28791 28800 7ff78ec61dd6 28799->28800 28801 7ff78ec61b30 49 API calls 28800->28801 28803 7ff78ec61e0b 28801->28803 28802 7ff78ec621f9 28803->28802 28804 7ff78ec62c30 49 API calls 28803->28804 28805 7ff78ec61e87 28804->28805 28856 7ff78ec62210 28805->28856 28808 7ff78ec61f17 28864 7ff78ec65840 127 API calls 28808->28864 28809 7ff78ec62210 75 API calls 28811 7ff78ec61f13 28809->28811 28811->28808 28813 7ff78ec61f85 28811->28813 28812 7ff78ec61f1f 28814 7ff78ec61f3c 28812->28814 28865 7ff78ec65720 134 API calls 2 library calls 28812->28865 28815 7ff78ec62210 75 API calls 28813->28815 28817 7ff78ec61c50 86 API calls 28814->28817 28819 7ff78ec61f56 28814->28819 28818 7ff78ec61fae 28815->28818 28817->28819 28820 7ff78ec62008 28818->28820 28821 7ff78ec62210 75 API calls 28818->28821 28823 7ff78ec6a040 _wfindfirst32i64 8 API calls 28819->28823 28820->28814 28866 7ff78ec65840 127 API calls 28820->28866 28824 7ff78ec61fdb 28821->28824 28825 7ff78ec61f7a 28823->28825 28824->28820 28826 7ff78ec62210 75 API calls 28824->28826 28825->28466 28826->28820 28827 7ff78ec62018 28827->28814 28828 7ff78ec61af0 86 API calls 28827->28828 28830 7ff78ec62136 28827->28830 28829 7ff78ec6206f 28828->28829 28829->28814 28831 7ff78ec61b30 49 API calls 28829->28831 28830->28814 28844 7ff78ec6214e 28830->28844 28832 7ff78ec62097 28831->28832 28833 7ff78ec621d2 28832->28833 28835 7ff78ec61b30 49 API calls 28832->28835 28834 7ff78ec61c50 86 API calls 28833->28834 28837 7ff78ec62131 28834->28837 28836 7ff78ec620c4 28835->28836 28836->28833 28839 7ff78ec61b30 49 API calls 28836->28839 28871 7ff78ec61ab0 74 API calls __std_exception_copy 28837->28871 28840 7ff78ec620f1 28839->28840 28840->28833 28843 7ff78ec620fc 28840->28843 28845 7ff78ec617b0 121 API calls 28843->28845 28844->28819 28846 7ff78ec621b4 28844->28846 28868 7ff78ec61440 158 API calls 2 library calls 28844->28868 28869 7ff78ec61780 86 API calls 28844->28869 28847 7ff78ec62113 28845->28847 28848 7ff78ec61c50 86 API calls 28846->28848 28847->28844 28849 7ff78ec62117 28847->28849 28850 7ff78ec621c5 28848->28850 28867 7ff78ec61c10 86 API calls 28849->28867 28870 7ff78ec61ab0 74 API calls __std_exception_copy 28850->28870 28853->28466 28854->28460 28855->28466 28857 7ff78ec62244 28856->28857 28872 7ff78ec73a20 28857->28872 28860 7ff78ec6227b 28862 7ff78ec6a040 _wfindfirst32i64 8 API calls 28860->28862 28863 7ff78ec61ec6 28862->28863 28863->28808 28863->28809 28864->28812 28865->28814 28866->28827 28867->28837 28868->28844 28869->28844 28870->28819 28871->28814 28873 7ff78ec73a7a 28872->28873 28874 7ff78ec73a9f 28873->28874 28875 7ff78ec73adb 28873->28875 28907 7ff78ec7a180 37 API calls 2 library calls 28874->28907 28908 7ff78ec714e8 49 API calls _invalid_parameter_noinfo 28875->28908 28878 7ff78ec73ac9 28881 7ff78ec6a040 _wfindfirst32i64 8 API calls 28878->28881 28879 7ff78ec73bb8 28880 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28879->28880 28880->28878 28883 7ff78ec6226a 28881->28883 28882 7ff78ec73b72 28882->28879 28884 7ff78ec73b8d 28882->28884 28885 7ff78ec73bdc 28882->28885 28886 7ff78ec73b84 28882->28886 28883->28860 28890 7ff78ec74c14 28883->28890 28888 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28884->28888 28885->28879 28887 7ff78ec73be6 28885->28887 28886->28879 28886->28884 28889 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28887->28889 28888->28878 28889->28878 28891 7ff78ec74c3d 28890->28891 28892 7ff78ec74c31 28890->28892 28934 7ff78ec74824 45 API calls __GetCurrentState 28891->28934 28909 7ff78ec74488 28892->28909 28895 7ff78ec74c65 28899 7ff78ec74c75 28895->28899 28935 7ff78ec7e4d8 5 API calls __crtLCMapStringW 28895->28935 28898 7ff78ec74ccd 28900 7ff78ec74ce5 28898->28900 28901 7ff78ec74cd1 28898->28901 28936 7ff78ec7430c 14 API calls 3 library calls 28899->28936 28903 7ff78ec74488 69 API calls 28900->28903 28902 7ff78ec74c36 28901->28902 28904 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28901->28904 28902->28860 28905 7ff78ec74cf1 28903->28905 28904->28902 28905->28902 28906 7ff78ec7a2b8 __free_lconv_mon 11 API calls 28905->28906 28906->28902 28907->28878 28908->28882 28910 7ff78ec744a2 28909->28910 28911 7ff78ec744bf 28909->28911 28963 7ff78ec75de8 11 API calls _get_daylight 28910->28963 28911->28910 28913 7ff78ec744d2 CreateFileW 28911->28913 28915 7ff78ec7453c 28913->28915 28916 7ff78ec74506 28913->28916 28914 7ff78ec744a7 28964 7ff78ec75e08 11 API calls _get_daylight 28914->28964 28966 7ff78ec74b04 46 API calls 3 library calls 28915->28966 28937 7ff78ec745dc GetFileType 28916->28937 28920 7ff78ec74541 28923 7ff78ec74545 28920->28923 28924 7ff78ec74570 28920->28924 28921 7ff78ec744af 28965 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 28921->28965 28967 7ff78ec75d7c 11 API calls 2 library calls 28923->28967 28968 7ff78ec748c0 28924->28968 28926 7ff78ec7451b CloseHandle 28928 7ff78ec744ba 28926->28928 28927 7ff78ec74531 CloseHandle 28927->28928 28928->28902 28933 7ff78ec7454f 28933->28928 28934->28895 28935->28899 28936->28898 28938 7ff78ec7462a 28937->28938 28939 7ff78ec746e7 28937->28939 28942 7ff78ec74656 GetFileInformationByHandle 28938->28942 28986 7ff78ec749fc 21 API calls _fread_nolock 28938->28986 28940 7ff78ec74711 28939->28940 28941 7ff78ec746ef 28939->28941 28946 7ff78ec74734 PeekNamedPipe 28940->28946 28952 7ff78ec746d2 28940->28952 28943 7ff78ec746f3 28941->28943 28944 7ff78ec74702 GetLastError 28941->28944 28942->28944 28945 7ff78ec7467f 28942->28945 28988 7ff78ec75e08 11 API calls _get_daylight 28943->28988 28989 7ff78ec75d7c 11 API calls 2 library calls 28944->28989 28950 7ff78ec748c0 51 API calls 28945->28950 28946->28952 28948 7ff78ec74644 28948->28942 28948->28952 28953 7ff78ec7468a 28950->28953 28954 7ff78ec6a040 _wfindfirst32i64 8 API calls 28952->28954 28979 7ff78ec74784 28953->28979 28955 7ff78ec74514 28954->28955 28955->28926 28955->28927 28958 7ff78ec74784 10 API calls 28959 7ff78ec746a9 28958->28959 28960 7ff78ec74784 10 API calls 28959->28960 28961 7ff78ec746ba 28960->28961 28961->28952 28987 7ff78ec75e08 11 API calls _get_daylight 28961->28987 28963->28914 28964->28921 28966->28920 28967->28933 28970 7ff78ec748e8 28968->28970 28969 7ff78ec7457d 28978 7ff78ec749fc 21 API calls _fread_nolock 28969->28978 28970->28969 28990 7ff78ec7ea94 51 API calls 2 library calls 28970->28990 28972 7ff78ec7497c 28972->28969 28991 7ff78ec7ea94 51 API calls 2 library calls 28972->28991 28974 7ff78ec7498f 28974->28969 28992 7ff78ec7ea94 51 API calls 2 library calls 28974->28992 28976 7ff78ec749a2 28976->28969 28993 7ff78ec7ea94 51 API calls 2 library calls 28976->28993 28978->28933 28980 7ff78ec747ad FileTimeToSystemTime 28979->28980 28981 7ff78ec747a0 28979->28981 28982 7ff78ec747c1 SystemTimeToTzSpecificLocalTime 28980->28982 28983 7ff78ec747a8 28980->28983 28981->28980 28981->28983 28982->28983 28984 7ff78ec6a040 _wfindfirst32i64 8 API calls 28983->28984 28985 7ff78ec74699 28984->28985 28985->28958 28986->28948 28987->28952 28988->28952 28989->28952 28990->28972 28991->28974 28992->28976 28993->28969 28995 7ff78ec61bb6 28994->28995 29008 7ff78ec738fc 28995->29008 28997 7ff78ec61bcc 28998 7ff78ec61d00 28997->28998 28999 7ff78ec61d10 28998->28999 29000 7ff78ec73a20 49 API calls 28999->29000 29001 7ff78ec61d58 29000->29001 29024 7ff78ec66b50 MultiByteToWideChar 29001->29024 29003 7ff78ec61d70 29004 7ff78ec61b90 78 API calls 29003->29004 29005 7ff78ec61d9e 29004->29005 29006 7ff78ec6a040 _wfindfirst32i64 8 API calls 29005->29006 29007 7ff78ec61c9b 29006->29007 29007->28169 29009 7ff78ec73926 29008->29009 29010 7ff78ec7395e 29009->29010 29012 7ff78ec73991 29009->29012 29022 7ff78ec7a180 37 API calls 2 library calls 29010->29022 29015 7ff78ec6f028 29012->29015 29014 7ff78ec73987 29014->28997 29023 7ff78ec7412c EnterCriticalSection 29015->29023 29017 7ff78ec6f045 29018 7ff78ec70eb4 76 API calls 29017->29018 29019 7ff78ec6f04e 29018->29019 29020 7ff78ec74138 _fread_nolock LeaveCriticalSection 29019->29020 29021 7ff78ec6f058 29020->29021 29021->29014 29022->29014 29025 7ff78ec66b99 29024->29025 29026 7ff78ec66bb3 29024->29026 29039 7ff78ec61cb0 86 API calls 29025->29039 29028 7ff78ec66bc9 29026->29028 29029 7ff78ec66be3 MultiByteToWideChar 29026->29029 29040 7ff78ec61cb0 86 API calls 29028->29040 29031 7ff78ec66c06 29029->29031 29032 7ff78ec66c20 WideCharToMultiByte 29029->29032 29041 7ff78ec61cb0 86 API calls 29031->29041 29033 7ff78ec66c56 29032->29033 29036 7ff78ec66c4d 29032->29036 29035 7ff78ec66c7b WideCharToMultiByte 29033->29035 29033->29036 29035->29036 29038 7ff78ec66bac __std_exception_copy 29035->29038 29042 7ff78ec61cb0 86 API calls 29036->29042 29038->29003 29039->29038 29040->29038 29041->29038 29042->29038 29043->28481 29046 7ff78ec7520c 29045->29046 29047 7ff78ec75232 29046->29047 29050 7ff78ec75265 29046->29050 29076 7ff78ec75e08 11 API calls _get_daylight 29047->29076 29049 7ff78ec75237 29077 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 29049->29077 29052 7ff78ec7526b 29050->29052 29053 7ff78ec75278 29050->29053 29078 7ff78ec75e08 11 API calls _get_daylight 29052->29078 29064 7ff78ec7a598 29053->29064 29055 7ff78ec62e19 29055->28492 29058 7ff78ec7528c 29079 7ff78ec75e08 11 API calls _get_daylight 29058->29079 29059 7ff78ec75299 29071 7ff78ec7f858 29059->29071 29062 7ff78ec752ac 29080 7ff78ec74138 LeaveCriticalSection 29062->29080 29081 7ff78ec7fb48 EnterCriticalSection 29064->29081 29066 7ff78ec7a5af 29067 7ff78ec7a60c 19 API calls 29066->29067 29068 7ff78ec7a5ba 29067->29068 29069 7ff78ec7fba8 _isindst LeaveCriticalSection 29068->29069 29070 7ff78ec75282 29069->29070 29070->29058 29070->29059 29082 7ff78ec7f554 29071->29082 29075 7ff78ec7f8b2 29075->29062 29076->29049 29078->29055 29079->29055 29083 7ff78ec7f58f __vcrt_FlsAlloc 29082->29083 29084 7ff78ec7f756 29083->29084 29097 7ff78ec85418 51 API calls 3 library calls 29083->29097 29088 7ff78ec7f75f 29084->29088 29100 7ff78ec75e08 11 API calls _get_daylight 29084->29100 29086 7ff78ec7f82d 29101 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 29086->29101 29088->29075 29094 7ff78ec860f8 29088->29094 29090 7ff78ec7f7c1 29090->29084 29098 7ff78ec85418 51 API calls 3 library calls 29090->29098 29092 7ff78ec7f7e0 29092->29084 29099 7ff78ec85418 51 API calls 3 library calls 29092->29099 29102 7ff78ec856fc 29094->29102 29097->29090 29098->29092 29099->29084 29100->29086 29103 7ff78ec85713 29102->29103 29104 7ff78ec85731 29102->29104 29156 7ff78ec75e08 11 API calls _get_daylight 29103->29156 29104->29103 29107 7ff78ec8574d 29104->29107 29106 7ff78ec85718 29157 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 29106->29157 29113 7ff78ec85d08 29107->29113 29111 7ff78ec85724 29111->29075 29159 7ff78ec85a38 29113->29159 29116 7ff78ec85d7d 29190 7ff78ec75de8 11 API calls _get_daylight 29116->29190 29117 7ff78ec85d95 29178 7ff78ec76be0 29117->29178 29129 7ff78ec85778 29129->29111 29158 7ff78ec76bb8 LeaveCriticalSection 29129->29158 29136 7ff78ec85d82 29191 7ff78ec75e08 11 API calls _get_daylight 29136->29191 29156->29106 29160 7ff78ec85a64 29159->29160 29168 7ff78ec85a7e 29159->29168 29160->29168 29203 7ff78ec75e08 11 API calls _get_daylight 29160->29203 29162 7ff78ec85a73 29204 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 29162->29204 29164 7ff78ec85b52 29176 7ff78ec85bae 29164->29176 29209 7ff78ec7557c 37 API calls 2 library calls 29164->29209 29165 7ff78ec85afe 29165->29164 29207 7ff78ec75e08 11 API calls _get_daylight 29165->29207 29168->29165 29205 7ff78ec75e08 11 API calls _get_daylight 29168->29205 29169 7ff78ec85baa 29174 7ff78ec7a270 _wfindfirst32i64 17 API calls 29169->29174 29169->29176 29170 7ff78ec85b47 29208 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 29170->29208 29173 7ff78ec85af3 29206 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 29173->29206 29177 7ff78ec85c41 29174->29177 29176->29116 29176->29117 29210 7ff78ec7fb48 EnterCriticalSection 29178->29210 29190->29136 29191->29129 29203->29162 29205->29173 29207->29170 29209->29169 29212 7ff78ec77e14 29211->29212 29215 7ff78ec778f8 29212->29215 29214 7ff78ec77e2d 29214->28502 29216 7ff78ec77913 29215->29216 29217 7ff78ec77942 29215->29217 29226 7ff78ec7a180 37 API calls 2 library calls 29216->29226 29225 7ff78ec7412c EnterCriticalSection 29217->29225 29220 7ff78ec77947 29222 7ff78ec77964 38 API calls 29220->29222 29221 7ff78ec77933 29221->29214 29223 7ff78ec77953 29222->29223 29224 7ff78ec74138 _fread_nolock LeaveCriticalSection 29223->29224 29224->29221 29226->29221 29228 7ff78ec6e323 29227->29228 29229 7ff78ec6e351 29227->29229 29238 7ff78ec7a180 37 API calls 2 library calls 29228->29238 29231 7ff78ec6e343 29229->29231 29237 7ff78ec7412c EnterCriticalSection 29229->29237 29231->28506 29233 7ff78ec6e367 29234 7ff78ec6e384 72 API calls 29233->29234 29235 7ff78ec6e373 29234->29235 29236 7ff78ec74138 _fread_nolock LeaveCriticalSection 29235->29236 29236->29231 29238->29231 29239 7ff78ec7ecc0 29240 7ff78ec7eea8 29239->29240 29242 7ff78ec7ed03 _isindst 29239->29242 29285 7ff78ec75e08 11 API calls _get_daylight 29240->29285 29242->29240 29245 7ff78ec7ed7f _isindst 29242->29245 29243 7ff78ec6a040 _wfindfirst32i64 8 API calls 29244 7ff78ec7eec3 29243->29244 29260 7ff78ec8535c 29245->29260 29250 7ff78ec7eed4 29251 7ff78ec7a270 _wfindfirst32i64 17 API calls 29250->29251 29253 7ff78ec7eee8 29251->29253 29257 7ff78ec7ee9a 29257->29243 29258 7ff78ec7eddc 29258->29257 29284 7ff78ec8539c 37 API calls _isindst 29258->29284 29261 7ff78ec8536a 29260->29261 29262 7ff78ec7ed9d 29260->29262 29286 7ff78ec7fb48 EnterCriticalSection 29261->29286 29266 7ff78ec84768 29262->29266 29264 7ff78ec85372 29264->29262 29265 7ff78ec851cc 55 API calls 29264->29265 29265->29262 29267 7ff78ec84771 29266->29267 29271 7ff78ec7edb2 29266->29271 29287 7ff78ec75e08 11 API calls _get_daylight 29267->29287 29269 7ff78ec84776 29288 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 29269->29288 29271->29250 29272 7ff78ec84798 29271->29272 29273 7ff78ec7edc3 29272->29273 29274 7ff78ec847a1 29272->29274 29273->29250 29278 7ff78ec847c8 29273->29278 29289 7ff78ec75e08 11 API calls _get_daylight 29274->29289 29276 7ff78ec847a6 29290 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 29276->29290 29279 7ff78ec7edd4 29278->29279 29280 7ff78ec847d1 29278->29280 29279->29250 29279->29258 29291 7ff78ec75e08 11 API calls _get_daylight 29280->29291 29282 7ff78ec847d6 29292 7ff78ec7a250 37 API calls _invalid_parameter_noinfo 29282->29292 29284->29257 29285->29257 29287->29269 29289->29276 29291->29282 29293 7ff78ec68c30 29294 7ff78ec68c53 29293->29294 29295 7ff78ec68c6f memcpy_s 29293->29295 29296 7ff78ec7cfa0 12 API calls 29294->29296 29296->29295

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00007FF78EC84DC8 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 110 7ff78ec84dc8-7ff78ec84e03 call 7ff78ec84758 call 7ff78ec84760 call 7ff78ec847c8 117 7ff78ec8502d-7ff78ec85079 call 7ff78ec7a270 call 7ff78ec84758 call 7ff78ec84760 call 7ff78ec847c8 110->117 118 7ff78ec84e09-7ff78ec84e14 call 7ff78ec84768 110->118 143 7ff78ec851b7-7ff78ec85225 call 7ff78ec7a270 call 7ff78ec80a68 117->143 144 7ff78ec8507f-7ff78ec8508a call 7ff78ec84768 117->144 118->117 123 7ff78ec84e1a-7ff78ec84e24 118->123 125 7ff78ec84e46-7ff78ec84e4a 123->125 126 7ff78ec84e26-7ff78ec84e29 123->126 130 7ff78ec84e4d-7ff78ec84e55 125->130 128 7ff78ec84e2c-7ff78ec84e37 126->128 131 7ff78ec84e39-7ff78ec84e40 128->131 132 7ff78ec84e42-7ff78ec84e44 128->132 130->130 134 7ff78ec84e57-7ff78ec84e6a call 7ff78ec7cfa0 130->134 131->128 131->132 132->125 136 7ff78ec84e73-7ff78ec84e81 132->136 140 7ff78ec84e6c-7ff78ec84e6e call 7ff78ec7a2b8 134->140 141 7ff78ec84e82-7ff78ec84e8e call 7ff78ec7a2b8 134->141 140->136 152 7ff78ec84e95-7ff78ec84e9d 141->152 163 7ff78ec85227-7ff78ec8522e 143->163 164 7ff78ec85233-7ff78ec85236 143->164 144->143 153 7ff78ec85090-7ff78ec8509b call 7ff78ec84798 144->153 152->152 155 7ff78ec84e9f-7ff78ec84eb0 call 7ff78ec7fce4 152->155 153->143 162 7ff78ec850a1-7ff78ec850c4 call 7ff78ec7a2b8 GetTimeZoneInformation 153->162 155->117 165 7ff78ec84eb6-7ff78ec84f0c call 7ff78ec6b7b0 * 4 call 7ff78ec84ce4 155->165 179 7ff78ec8518c-7ff78ec851b6 call 7ff78ec84750 call 7ff78ec84740 call 7ff78ec84748 162->179 180 7ff78ec850ca-7ff78ec850eb 162->180 169 7ff78ec852c3-7ff78ec852c6 163->169 167 7ff78ec8526d-7ff78ec85280 call 7ff78ec7cfa0 164->167 168 7ff78ec85238 164->168 223 7ff78ec84f0e-7ff78ec84f12 165->223 189 7ff78ec8528b-7ff78ec852a6 call 7ff78ec80a68 167->189 190 7ff78ec85282 167->190 172 7ff78ec8523b 168->172 171 7ff78ec852cc-7ff78ec852d4 call 7ff78ec84dc8 169->171 169->172 177 7ff78ec85240-7ff78ec8526c call 7ff78ec7a2b8 call 7ff78ec6a040 171->177 172->177 178 7ff78ec8523b call 7ff78ec85044 172->178 178->177 185 7ff78ec850ed-7ff78ec850f3 180->185 186 7ff78ec850f6-7ff78ec850fd 180->186 185->186 194 7ff78ec85111 186->194 195 7ff78ec850ff-7ff78ec85107 186->195 208 7ff78ec852ad-7ff78ec852bf call 7ff78ec7a2b8 189->208 209 7ff78ec852a8-7ff78ec852ab 189->209 191 7ff78ec85284-7ff78ec85289 call 7ff78ec7a2b8 190->191 191->168 200 7ff78ec85113-7ff78ec85187 call 7ff78ec6b7b0 * 4 call 7ff78ec82004 call 7ff78ec852dc * 2 194->200 195->194 202 7ff78ec85109-7ff78ec8510f 195->202 200->179 202->200 208->169 209->191 225 7ff78ec84f18-7ff78ec84f1c 223->225 226 7ff78ec84f14 223->226 225->223 228 7ff78ec84f1e-7ff78ec84f43 call 7ff78ec87be8 225->228 226->225 234 7ff78ec84f46-7ff78ec84f4a 228->234 236 7ff78ec84f4c-7ff78ec84f57 234->236 237 7ff78ec84f59-7ff78ec84f5d 234->237 236->237 239 7ff78ec84f5f-7ff78ec84f63 236->239 237->234 240 7ff78ec84f65-7ff78ec84f8d call 7ff78ec87be8 239->240 241 7ff78ec84fe4-7ff78ec84fe8 239->241 250 7ff78ec84fab-7ff78ec84faf 240->250 251 7ff78ec84f8f 240->251 244 7ff78ec84fea-7ff78ec84fec 241->244 245 7ff78ec84fef-7ff78ec84ffc 241->245 244->245 246 7ff78ec84ffe-7ff78ec85014 call 7ff78ec84ce4 245->246 247 7ff78ec85017-7ff78ec85026 call 7ff78ec84750 call 7ff78ec84740 245->247 246->247 247->117 250->241 256 7ff78ec84fb1-7ff78ec84fcf call 7ff78ec87be8 250->256 254 7ff78ec84f92-7ff78ec84f99 251->254 254->250 257 7ff78ec84f9b-7ff78ec84fa9 254->257 262 7ff78ec84fdb-7ff78ec84fe2 256->262 257->250 257->254 262->241 263 7ff78ec84fd1-7ff78ec84fd5 262->263 263->241 264 7ff78ec84fd7 263->264 264->262
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC84DC8(void* __ecx, void* __edx, void* __rax, signed short* __rcx, void* __rdx, char _a16, char _a24) {
				void* _t10;
				intOrPtr _t24;
				void* _t30;
				intOrPtr _t37;
				signed long long _t44;

				_t30 = __rax;
				E00007FF77FF78EC84760(E00007FF77FF78EC84758(_t10));
				r12d = 0;
				_a16 = r12d;
				_a24 = r12d;
				if (E00007FF77FF78EC847C8(_t30,  &_a16) != 0) goto 0x8ec8502d;
				if (E00007FF77FF78EC84768(__ecx, _t30,  &_a24, __rdx) != 0) goto 0x8ec8502d;
				_t37 =  *0x8ecad2b0; // 0x0
				_t24 = _t37;
				if (_t24 == 0) goto 0x8ec84e46;
				r8d =  *(__rcx + _t37 - __rcx) & 0x0000ffff;
				if (_t24 != 0) goto 0x8ec84e42;
				if (r8d != 0) goto 0x8ec84e2c;
				if (( *__rcx & 0x0000ffff) - r8d == 0) goto 0x8ec84e73;
				if (__rcx[(_t44 | 0xffffffff) + 1] != r12w) goto 0x8ec84e4d;
				E00007FF77FF78EC7CFA0(2 + ((_t44 | 0xffffffff) + 1) * 2);
				if ( &(__rcx[1]) != 0) goto 0x8ec84e82;
				return E00007FF77FF78EC7A2B8( &(__rcx[1]), 2 + ((_t44 | 0xffffffff) + 1) * 2);
			}








                                                                                                                                                              0x7ff78ec84dc8
                                                                                                                                                              0x7ff78ec84de5
                                                                                                                                                              0x7ff78ec84dea
                                                                                                                                                              0x7ff78ec84df1
                                                                                                                                                              0x7ff78ec84df8
                                                                                                                                                              0x7ff78ec84e03
                                                                                                                                                              0x7ff78ec84e14
                                                                                                                                                              0x7ff78ec84e1a
                                                                                                                                                              0x7ff78ec84e21
                                                                                                                                                              0x7ff78ec84e24
                                                                                                                                                              0x7ff78ec84e2f
                                                                                                                                                              0x7ff78ec84e37
                                                                                                                                                              0x7ff78ec84e40
                                                                                                                                                              0x7ff78ec84e44
                                                                                                                                                              0x7ff78ec84e55
                                                                                                                                                              0x7ff78ec84e5f
                                                                                                                                                              0x7ff78ec84e6a
                                                                                                                                                              0x7ff78ec84e81

                                                                                                                                                              APIs
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC84E0D
                                                                                                                                                                • Part of subcall function 00007FF78EC84768: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC8477C
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: HeapFree.KERNEL32(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2CE
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: GetLastError.KERNEL32(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2D8
                                                                                                                                                                • Part of subcall function 00007FF78EC7A270: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF78EC7A24E,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7A279
                                                                                                                                                                • Part of subcall function 00007FF78EC7A270: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF78EC7A24E,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7A29E
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC84DFC
                                                                                                                                                                • Part of subcall function 00007FF78EC847C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC847DC
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85072
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85083
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85094
                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF78EC852D4), ref: 00007FF78EC850BB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                              • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                              • API String ID: 4070488512-1154798116
                                                                                                                                                              • Opcode ID: 2494953d1b832f5a496c55b0950eaa226ec48a204b3d07cb4835463613e5dafd
                                                                                                                                                              • Instruction ID: 5535eb9061149e0e3922831b8618c00c0c2a8b2eb683e7496a05aaa4b4f9b4ff
                                                                                                                                                              • Opcode Fuzzy Hash: 2494953d1b832f5a496c55b0950eaa226ec48a204b3d07cb4835463613e5dafd
                                                                                                                                                              • Instruction Fuzzy Hash: 8DD1D226E0826286E720FFA6DA405B9E761FF44784FE18139EA4D47795EF3CE841C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7B3DC Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODECrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 662 7ff78ec7b3dc-7ff78ec7b3fd 663 7ff78ec7b417-7ff78ec7b419 662->663 664 7ff78ec7b3ff-7ff78ec7b412 call 7ff78ec75de8 call 7ff78ec75e08 662->664 666 7ff78ec7b7fb-7ff78ec7b808 call 7ff78ec75de8 call 7ff78ec75e08 663->666 667 7ff78ec7b41f-7ff78ec7b426 663->667 682 7ff78ec7b813 664->682 685 7ff78ec7b80e call 7ff78ec7a250 666->685 667->666 668 7ff78ec7b42c-7ff78ec7b460 667->668 668->666 671 7ff78ec7b466-7ff78ec7b46d 668->671 674 7ff78ec7b487-7ff78ec7b48a 671->674 675 7ff78ec7b46f-7ff78ec7b482 call 7ff78ec75de8 call 7ff78ec75e08 671->675 680 7ff78ec7b7f7-7ff78ec7b7f9 674->680 681 7ff78ec7b490-7ff78ec7b492 674->681 675->685 683 7ff78ec7b816-7ff78ec7b825 680->683 681->680 686 7ff78ec7b498-7ff78ec7b49b 681->686 682->683 685->682 686->675 689 7ff78ec7b49d-7ff78ec7b4c1 686->689 691 7ff78ec7b4f6-7ff78ec7b4fe 689->691 692 7ff78ec7b4c3-7ff78ec7b4c6 689->692 693 7ff78ec7b4d2-7ff78ec7b4e9 call 7ff78ec75de8 call 7ff78ec75e08 call 7ff78ec7a250 691->693 694 7ff78ec7b500-7ff78ec7b52a call 7ff78ec7cfa0 call 7ff78ec7a2b8 * 2 691->694 695 7ff78ec7b4ee-7ff78ec7b4f4 692->695 696 7ff78ec7b4c8-7ff78ec7b4d0 692->696 725 7ff78ec7b685 693->725 727 7ff78ec7b52c-7ff78ec7b542 call 7ff78ec75e08 call 7ff78ec75de8 694->727 728 7ff78ec7b547-7ff78ec7b571 call 7ff78ec7bc0c 694->728 697 7ff78ec7b575-7ff78ec7b586 695->697 696->693 696->695 700 7ff78ec7b60d-7ff78ec7b617 call 7ff78ec82ab0 697->700 701 7ff78ec7b58c-7ff78ec7b594 697->701 712 7ff78ec7b61d-7ff78ec7b633 700->712 713 7ff78ec7b6a3 700->713 701->700 706 7ff78ec7b596-7ff78ec7b598 701->706 706->700 710 7ff78ec7b59a-7ff78ec7b5b8 706->710 710->700 715 7ff78ec7b5ba-7ff78ec7b5c6 710->715 712->713 717 7ff78ec7b635-7ff78ec7b647 GetConsoleMode 712->717 721 7ff78ec7b6a8-7ff78ec7b6c9 ReadFile 713->721 715->700 719 7ff78ec7b5c8-7ff78ec7b5ca 715->719 717->713 724 7ff78ec7b649-7ff78ec7b651 717->724 719->700 726 7ff78ec7b5cc-7ff78ec7b5e4 719->726 722 7ff78ec7b7c1-7ff78ec7b7ca GetLastError 721->722 723 7ff78ec7b6cf-7ff78ec7b6d7 721->723 732 7ff78ec7b7cc-7ff78ec7b7e2 call 7ff78ec75e08 call 7ff78ec75de8 722->732 733 7ff78ec7b7e7-7ff78ec7b7ea 722->733 723->722 729 7ff78ec7b6dd 723->729 724->721 731 7ff78ec7b653-7ff78ec7b676 ReadConsoleW 724->731 734 7ff78ec7b688-7ff78ec7b692 call 7ff78ec7a2b8 725->734 726->700 735 7ff78ec7b5e6-7ff78ec7b5f2 726->735 727->725 728->697 737 7ff78ec7b6e4-7ff78ec7b6fb 729->737 739 7ff78ec7b678 GetLastError 731->739 740 7ff78ec7b697-7ff78ec7b6a1 731->740 732->725 744 7ff78ec7b67e-7ff78ec7b680 call 7ff78ec75d7c 733->744 745 7ff78ec7b7f0-7ff78ec7b7f2 733->745 734->683 735->700 743 7ff78ec7b5f4-7ff78ec7b5f6 735->743 737->734 748 7ff78ec7b6fd-7ff78ec7b708 737->748 739->744 740->737 743->700 752 7ff78ec7b5f8-7ff78ec7b608 743->752 744->725 745->734 754 7ff78ec7b70a-7ff78ec7b723 call 7ff78ec7afec 748->754 755 7ff78ec7b72f-7ff78ec7b737 748->755 752->700 762 7ff78ec7b728-7ff78ec7b72a 754->762 758 7ff78ec7b739-7ff78ec7b74b 755->758 759 7ff78ec7b7af-7ff78ec7b7bc call 7ff78ec7ae14 755->759 763 7ff78ec7b74d 758->763 764 7ff78ec7b7a2-7ff78ec7b7aa 758->764 759->762 762->734 766 7ff78ec7b753-7ff78ec7b75a 763->766 764->734 767 7ff78ec7b75c-7ff78ec7b760 766->767 768 7ff78ec7b797-7ff78ec7b79c 766->768 769 7ff78ec7b77d 767->769 770 7ff78ec7b762-7ff78ec7b769 767->770 768->764 771 7ff78ec7b783-7ff78ec7b793 769->771 770->769 772 7ff78ec7b76b-7ff78ec7b76f 770->772 771->766 773 7ff78ec7b795 771->773 772->769 774 7ff78ec7b771-7ff78ec7b77b 772->774 773->764 774->771
                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                              			E00007FF77FF78EC7B3DC(void* __ebx, signed int __ecx, signed int* __rax, void* __rcx, long long __rdx, long long __r8, void* __r11) {
				void* __rbx;
				void* __rdi;
				signed char _t127;
				signed int _t141;
				int _t150;
				void* _t151;
				void* _t155;
				char _t170;
				char _t171;
				signed int _t175;
				void* _t192;
				void* _t193;
				void* _t194;
				unsigned int _t196;
				void* _t199;
				long long _t204;
				signed int* _t240;
				signed long long _t247;
				signed short* _t251;
				signed int* _t253;
				void* _t254;
				signed int* _t255;
				void* _t257;
				intOrPtr _t265;
				intOrPtr _t266;
				signed long long _t272;
				void* _t274;
				void* _t281;
				void* _t284;
				void* _t285;
				long long _t287;
				unsigned long long _t288;
				signed short* _t290;
				signed long long _t293;
				signed long long _t294;
				signed short* _t298;
				signed short* _t300;
				void* _t301;
				void* _t302;
				void* _t305;
				void* _t307;
				signed long long _t308;
				void* _t310;
				signed int* _t312;
				char* _t313;
				char* _t314;

				_t301 = __r11;
				_t287 = __r8;
				_t257 = __rcx;
				 *((long long*)(_t284 + 0x10)) = __rdx;
				_t285 = _t284 - 0x60;
				r13d = r8d;
				if (r12d != 0xfffffffe) goto 0x8ec7b417;
				E00007FF77FF78EC75DE8(__rax);
				 *__rax =  *__rax & 0x00000000;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 9;
				goto 0x8ec7b813;
				if (__ecx < 0) goto 0x8ec7b7fb;
				_t199 = r12d -  *0x8ecace50; // 0x40
				if (_t199 >= 0) goto 0x8ec7b7fb;
				r8d = 1;
				 *((long long*)(_t285 + 0x48)) = __r8;
				_t293 = __ecx >> 6;
				 *(_t285 + 0x40) = _t293;
				_t308 = __ecx + __ecx * 8;
				_t265 =  *((intOrPtr*)(0x8ecaca50 + _t293 * 8));
				if ((r8b &  *(_t265 + 0x38 + _t308 * 8)) == 0) goto 0x8ec7b7fb;
				if (r13d - 0x7fffffff <= 0) goto 0x8ec7b487;
				E00007FF77FF78EC75DE8(__ecx);
				 *__ecx =  *__ecx & 0x00000000;
				_t127 = E00007FF77FF78EC75E08(__ecx);
				 *__ecx = 0x16;
				goto 0x8ec7b80e;
				if (r13d == 0) goto 0x8ec7b7f7;
				if ((_t127 & 0x00000002) != 0) goto 0x8ec7b7f7;
				_t204 = __rdx;
				if (_t204 == 0) goto 0x8ec7b46f;
				r11d =  *((char*)(_t265 + 0x39 + _t308 * 8));
				_t240 =  *((intOrPtr*)(_t265 + 0x28 + _t308 * 8));
				 *(_t285 + 0x38) = _t240;
				 *((intOrPtr*)(_t285 + 0xa0)) = r11b;
				_t23 = _t254 + 4; // 0x4
				r15d = _t23;
				if (_t204 == 0) goto 0x8ec7b4f6;
				if (r11d - r8d != r8d) goto 0x8ec7b4ee;
				if ((r8b &  !r13d) != 0) goto 0x8ec7b4ee;
				E00007FF77FF78EC75DE8(_t240);
				 *_t240 =  *_t240 & 0;
				E00007FF77FF78EC75E08(_t240);
				 *_t240 = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec7b685;
				goto 0x8ec7b575;
				if ((r8b &  !r13d) == 0) goto 0x8ec7b4d2;
				_t192 =  <  ? r15d : r13d >> 1;
				E00007FF77FF78EC7CFA0(_t257);
				_t255 = _t240;
				E00007FF77FF78EC7A2B8(_t240, _t257);
				E00007FF77FF78EC7A2B8(_t240, _t257);
				_t312 = _t255;
				if (_t255 != 0) goto 0x8ec7b547;
				E00007FF77FF78EC75E08(_t240);
				 *_t240 = 0xc;
				E00007FF77FF78EC75DE8(_t240);
				 *_t240 = 8;
				goto 0x8ec7b685;
				_t28 = _t265 + 1; // 0x1
				r8d = _t28;
				E00007FF77FF78EC7BC0C(_t240, _t255, 0x8ecaca50, _t310, _t307);
				_t294 =  *(_t285 + 0x40);
				r8d = 1;
				r11b =  *((intOrPtr*)(_t285 + 0xa0));
				 *( *((intOrPtr*)(0x8ecaca50 + _t294 * 8)) + 0x30 + _t308 * 8) = _t240;
				_t266 =  *((intOrPtr*)(0x8ecaca50 + _t294 * 8));
				 *(_t285 + 0x50) = _t312;
				r10d = 0x7ff78ecaca5a;
				if (( *(_t266 + 0x38 + _t308 * 8) & 0x00000048) == 0) goto 0x8ec7b60d;
				_t141 =  *((intOrPtr*)(_t266 + 0x3a + _t308 * 8));
				if (_t141 == r10b) goto 0x8ec7b60d;
				if (_t192 == 0) goto 0x8ec7b60d;
				 *_t312 = _t141;
				_t313 = _t312 + _t287;
				_t193 = _t192 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _t294 * 8)) + 0x3a + _t308 * 8)) = r10b;
				if (r11b == 0) goto 0x8ec7b60d;
				_t170 =  *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _t294 * 8)) + 0x3b + _t308 * 8));
				if (_t170 == r10b) goto 0x8ec7b60d;
				if (_t193 == 0) goto 0x8ec7b60d;
				 *_t313 = _t170;
				_t314 = _t313 + _t287;
				_t194 = _t193 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _t294 * 8)) + 0x3b + _t308 * 8)) = r10b;
				if (r11b != r8b) goto 0x8ec7b60d;
				_t171 =  *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _t294 * 8)) + 0x3c + _t308 * 8));
				if (_t171 == r10b) goto 0x8ec7b60d;
				if (_t194 == 0) goto 0x8ec7b60d;
				 *_t314 = _t171;
				 *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _t294 * 8)) + 0x3c + _t308 * 8)) = r10b;
				if (E00007FF77FF78EC82AB0(r12d,  *((intOrPtr*)(0x8ecaca50 + _t294 * 8)),  *((intOrPtr*)(0x8ecaca50 + _t294 * 8))) == 0) goto 0x8ec7b6a3;
				_t247 =  *((intOrPtr*)(0x8ecaca50 +  *(_t285 + 0x40) * 8));
				if ( *((char*)(_t247 + 0x38 + _t308 * 8)) >= 0) goto 0x8ec7b6a3;
				if (GetConsoleMode(_t305) == 0) goto 0x8ec7b6a3;
				if ( *((char*)(_t285 + 0xa0)) != 2) goto 0x8ec7b6a8;
				 *(_t285 + 0x20) =  *(_t285 + 0x20) & 0x00000000;
				_t196 = _t194 - 1 >> 1;
				r8d = _t196;
				if (ReadConsoleW(??, ??, ??, ??, ??) != 0) goto 0x8ec7b697;
				GetLastError();
				E00007FF77FF78EC75D7C(_t247,  *(_t285 + 0x38));
				E00007FF77FF78EC7A2B8(_t247, _t255);
				goto 0x8ec7b816;
				goto 0x8ec7b6e4;
				 *((char*)(_t285 + 0x48)) = 0;
				 *(_t285 + 0x20) =  *(_t285 + 0x20) & 0x00000000;
				r8d = _t196;
				_t150 = ReadFile(??, ??, ??, ??, ??); // executed
				if (_t150 == 0) goto 0x8ec7b7c1;
				if ( *((intOrPtr*)(_t285 + 0xb8)) - r13d > 0) goto 0x8ec7b7c1;
				if ( *((char*)( *((intOrPtr*)(0x8ecaca50 +  *(_t285 + 0x40) * 8)) + 0x38 + _t308 * 8)) >= 0) goto 0x8ec7b688;
				_t288 = 0x8ecaca50 + _t247 * 2 +  *((intOrPtr*)(_t285 + 0xb8));
				if ( *((char*)(_t285 + 0xa0)) == 2) goto 0x8ec7b72f;
				_t272 = _t314 + _t287;
				 *(_t285 + 0x20) = _t305 >> 1;
				_t151 = E00007FF77FF78EC7AFEC(0, r12d, _t255, _t272, _t288,  *((intOrPtr*)(_t285 + 0xa8)), _t302, _t274);
				goto 0x8ec7b688;
				if ( *((char*)(_t285 + 0x48)) == 0) goto 0x8ec7b7af;
				_t300 =  *(_t285 + 0x50);
				_t251 = _t300;
				_t298 =  &(_t300[_t288 >> 1]);
				if (_t300 - _t298 >= 0) goto 0x8ec7b7a2;
				r11d = 0xa;
				_t175 =  *_t251 & 0x0000ffff;
				if (_t175 == 0x1a) goto 0x8ec7b797;
				if (_t175 != 0xd) goto 0x8ec7b77d;
				_t290 =  &(_t251[1]);
				if (_t290 - _t298 >= 0) goto 0x8ec7b77d;
				if ( *_t290 != r11w) goto 0x8ec7b77d;
				r8d = 4;
				goto 0x8ec7b783;
				r8d = 2;
				 *_t300 = r11w & 0xffffffff;
				if (_t251 + _t290 - _t298 < 0) goto 0x8ec7b753;
				goto 0x8ec7b7a2;
				_t253 =  *((intOrPtr*)(0x8ecaca50 + _t272 * 8));
				 *(_t253 + 0x38 + _t308 * 8) =  *(_t253 + 0x38 + _t308 * 8) | 0x00000002;
				goto 0x8ec7b688;
				E00007FF77FF78EC7AE14(_t151, r12d, _t251 + _t290 - _t298,  *(_t285 + 0x50),  &(_t300[1]), _t301, _t281, _t254);
				goto 0x8ec7b728;
				if (GetLastError() != 5) goto 0x8ec7b7e7;
				E00007FF77FF78EC75E08(_t253);
				 *_t253 = 9;
				_t155 = E00007FF77FF78EC75DE8(_t253);
				 *_t253 = 5;
				goto 0x8ec7b685;
				if (_t155 != 0x6d) goto 0x8ec7b67e;
				goto 0x8ec7b688;
				goto 0x8ec7b816;
				E00007FF77FF78EC75DE8(_t253);
				 *_t253 =  *_t253 & 0x00000000;
				E00007FF77FF78EC75E08(_t253);
				 *_t253 = 9;
				return E00007FF77FF78EC7A250() | 0xffffffff;
			}

















































                                                                                                                                                              0x7ff78ec7b3dc
                                                                                                                                                              0x7ff78ec7b3dc
                                                                                                                                                              0x7ff78ec7b3dc
                                                                                                                                                              0x7ff78ec7b3dc
                                                                                                                                                              0x7ff78ec7b3ec
                                                                                                                                                              0x7ff78ec7b3f6
                                                                                                                                                              0x7ff78ec7b3fd
                                                                                                                                                              0x7ff78ec7b3ff
                                                                                                                                                              0x7ff78ec7b404
                                                                                                                                                              0x7ff78ec7b407
                                                                                                                                                              0x7ff78ec7b40c
                                                                                                                                                              0x7ff78ec7b412
                                                                                                                                                              0x7ff78ec7b419
                                                                                                                                                              0x7ff78ec7b41f
                                                                                                                                                              0x7ff78ec7b426
                                                                                                                                                              0x7ff78ec7b439
                                                                                                                                                              0x7ff78ec7b442
                                                                                                                                                              0x7ff78ec7b447
                                                                                                                                                              0x7ff78ec7b44b
                                                                                                                                                              0x7ff78ec7b450
                                                                                                                                                              0x7ff78ec7b454
                                                                                                                                                              0x7ff78ec7b460
                                                                                                                                                              0x7ff78ec7b46d
                                                                                                                                                              0x7ff78ec7b46f
                                                                                                                                                              0x7ff78ec7b474
                                                                                                                                                              0x7ff78ec7b477
                                                                                                                                                              0x7ff78ec7b47c
                                                                                                                                                              0x7ff78ec7b482
                                                                                                                                                              0x7ff78ec7b48a
                                                                                                                                                              0x7ff78ec7b492
                                                                                                                                                              0x7ff78ec7b498
                                                                                                                                                              0x7ff78ec7b49b
                                                                                                                                                              0x7ff78ec7b49d
                                                                                                                                                              0x7ff78ec7b4a5
                                                                                                                                                              0x7ff78ec7b4ad
                                                                                                                                                              0x7ff78ec7b4b2
                                                                                                                                                              0x7ff78ec7b4ba
                                                                                                                                                              0x7ff78ec7b4ba
                                                                                                                                                              0x7ff78ec7b4c1
                                                                                                                                                              0x7ff78ec7b4c6
                                                                                                                                                              0x7ff78ec7b4d0
                                                                                                                                                              0x7ff78ec7b4d2
                                                                                                                                                              0x7ff78ec7b4d7
                                                                                                                                                              0x7ff78ec7b4d9
                                                                                                                                                              0x7ff78ec7b4de
                                                                                                                                                              0x7ff78ec7b4e4
                                                                                                                                                              0x7ff78ec7b4e9
                                                                                                                                                              0x7ff78ec7b4f4
                                                                                                                                                              0x7ff78ec7b4fe
                                                                                                                                                              0x7ff78ec7b508
                                                                                                                                                              0x7ff78ec7b50e
                                                                                                                                                              0x7ff78ec7b515
                                                                                                                                                              0x7ff78ec7b518
                                                                                                                                                              0x7ff78ec7b51f
                                                                                                                                                              0x7ff78ec7b524
                                                                                                                                                              0x7ff78ec7b52a
                                                                                                                                                              0x7ff78ec7b52c
                                                                                                                                                              0x7ff78ec7b531
                                                                                                                                                              0x7ff78ec7b537
                                                                                                                                                              0x7ff78ec7b53c
                                                                                                                                                              0x7ff78ec7b542
                                                                                                                                                              0x7ff78ec7b54c
                                                                                                                                                              0x7ff78ec7b54c
                                                                                                                                                              0x7ff78ec7b550
                                                                                                                                                              0x7ff78ec7b555
                                                                                                                                                              0x7ff78ec7b55a
                                                                                                                                                              0x7ff78ec7b560
                                                                                                                                                              0x7ff78ec7b56c
                                                                                                                                                              0x7ff78ec7b571
                                                                                                                                                              0x7ff78ec7b577
                                                                                                                                                              0x7ff78ec7b582
                                                                                                                                                              0x7ff78ec7b586
                                                                                                                                                              0x7ff78ec7b58c
                                                                                                                                                              0x7ff78ec7b594
                                                                                                                                                              0x7ff78ec7b598
                                                                                                                                                              0x7ff78ec7b59a
                                                                                                                                                              0x7ff78ec7b5a8
                                                                                                                                                              0x7ff78ec7b5ab
                                                                                                                                                              0x7ff78ec7b5b0
                                                                                                                                                              0x7ff78ec7b5b8
                                                                                                                                                              0x7ff78ec7b5be
                                                                                                                                                              0x7ff78ec7b5c6
                                                                                                                                                              0x7ff78ec7b5ca
                                                                                                                                                              0x7ff78ec7b5cc
                                                                                                                                                              0x7ff78ec7b5d7
                                                                                                                                                              0x7ff78ec7b5da
                                                                                                                                                              0x7ff78ec7b5dc
                                                                                                                                                              0x7ff78ec7b5e4
                                                                                                                                                              0x7ff78ec7b5ea
                                                                                                                                                              0x7ff78ec7b5f2
                                                                                                                                                              0x7ff78ec7b5f6
                                                                                                                                                              0x7ff78ec7b5f8
                                                                                                                                                              0x7ff78ec7b608
                                                                                                                                                              0x7ff78ec7b617
                                                                                                                                                              0x7ff78ec7b629
                                                                                                                                                              0x7ff78ec7b633
                                                                                                                                                              0x7ff78ec7b647
                                                                                                                                                              0x7ff78ec7b651
                                                                                                                                                              0x7ff78ec7b660
                                                                                                                                                              0x7ff78ec7b669
                                                                                                                                                              0x7ff78ec7b66b
                                                                                                                                                              0x7ff78ec7b676
                                                                                                                                                              0x7ff78ec7b678
                                                                                                                                                              0x7ff78ec7b680
                                                                                                                                                              0x7ff78ec7b68b
                                                                                                                                                              0x7ff78ec7b692
                                                                                                                                                              0x7ff78ec7b6a1
                                                                                                                                                              0x7ff78ec7b6a3
                                                                                                                                                              0x7ff78ec7b6b5
                                                                                                                                                              0x7ff78ec7b6bb
                                                                                                                                                              0x7ff78ec7b6c1
                                                                                                                                                              0x7ff78ec7b6c9
                                                                                                                                                              0x7ff78ec7b6d7
                                                                                                                                                              0x7ff78ec7b6fb
                                                                                                                                                              0x7ff78ec7b705
                                                                                                                                                              0x7ff78ec7b708
                                                                                                                                                              0x7ff78ec7b718
                                                                                                                                                              0x7ff78ec7b71e
                                                                                                                                                              0x7ff78ec7b723
                                                                                                                                                              0x7ff78ec7b72a
                                                                                                                                                              0x7ff78ec7b737
                                                                                                                                                              0x7ff78ec7b739
                                                                                                                                                              0x7ff78ec7b73e
                                                                                                                                                              0x7ff78ec7b744
                                                                                                                                                              0x7ff78ec7b74b
                                                                                                                                                              0x7ff78ec7b74d
                                                                                                                                                              0x7ff78ec7b753
                                                                                                                                                              0x7ff78ec7b75a
                                                                                                                                                              0x7ff78ec7b760
                                                                                                                                                              0x7ff78ec7b762
                                                                                                                                                              0x7ff78ec7b769
                                                                                                                                                              0x7ff78ec7b76f
                                                                                                                                                              0x7ff78ec7b775
                                                                                                                                                              0x7ff78ec7b77b
                                                                                                                                                              0x7ff78ec7b77d
                                                                                                                                                              0x7ff78ec7b786
                                                                                                                                                              0x7ff78ec7b793
                                                                                                                                                              0x7ff78ec7b795
                                                                                                                                                              0x7ff78ec7b797
                                                                                                                                                              0x7ff78ec7b79c
                                                                                                                                                              0x7ff78ec7b7aa
                                                                                                                                                              0x7ff78ec7b7b7
                                                                                                                                                              0x7ff78ec7b7bc
                                                                                                                                                              0x7ff78ec7b7ca
                                                                                                                                                              0x7ff78ec7b7cc
                                                                                                                                                              0x7ff78ec7b7d1
                                                                                                                                                              0x7ff78ec7b7d7
                                                                                                                                                              0x7ff78ec7b7dc
                                                                                                                                                              0x7ff78ec7b7e2
                                                                                                                                                              0x7ff78ec7b7ea
                                                                                                                                                              0x7ff78ec7b7f2
                                                                                                                                                              0x7ff78ec7b7f9
                                                                                                                                                              0x7ff78ec7b7fb
                                                                                                                                                              0x7ff78ec7b800
                                                                                                                                                              0x7ff78ec7b803
                                                                                                                                                              0x7ff78ec7b808
                                                                                                                                                              0x7ff78ec7b825

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 44fae88c1091573a9b01af8aa35dbfdb55e72d0b92066e582df3b0863c5a8abc
                                                                                                                                                              • Instruction ID: 6999dd15cb5d6c4eb6b133b0692a990818259cb1cfae2c7d50163ec844ff332f
                                                                                                                                                              • Opcode Fuzzy Hash: 44fae88c1091573a9b01af8aa35dbfdb55e72d0b92066e582df3b0863c5a8abc
                                                                                                                                                              • Instruction Fuzzy Hash: 3AC1F362E0CA8695E764BB99C8443BDABA2FF81B80FE54131DA4E07791CF7CE454C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC85044 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 775 7ff78ec85044-7ff78ec85079 call 7ff78ec84758 call 7ff78ec84760 call 7ff78ec847c8 782 7ff78ec851b7-7ff78ec85225 call 7ff78ec7a270 call 7ff78ec80a68 775->782 783 7ff78ec8507f-7ff78ec8508a call 7ff78ec84768 775->783 795 7ff78ec85227-7ff78ec8522e 782->795 796 7ff78ec85233-7ff78ec85236 782->796 783->782 788 7ff78ec85090-7ff78ec8509b call 7ff78ec84798 783->788 788->782 794 7ff78ec850a1-7ff78ec850c4 call 7ff78ec7a2b8 GetTimeZoneInformation 788->794 808 7ff78ec8518c-7ff78ec851b6 call 7ff78ec84750 call 7ff78ec84740 call 7ff78ec84748 794->808 809 7ff78ec850ca-7ff78ec850eb 794->809 800 7ff78ec852c3-7ff78ec852c6 795->800 798 7ff78ec8526d-7ff78ec85280 call 7ff78ec7cfa0 796->798 799 7ff78ec85238 796->799 816 7ff78ec8528b-7ff78ec852a6 call 7ff78ec80a68 798->816 817 7ff78ec85282 798->817 802 7ff78ec8523b 799->802 801 7ff78ec852cc-7ff78ec852d4 call 7ff78ec84dc8 800->801 800->802 806 7ff78ec85240-7ff78ec8526c call 7ff78ec7a2b8 call 7ff78ec6a040 801->806 802->806 807 7ff78ec8523b call 7ff78ec85044 802->807 807->806 812 7ff78ec850ed-7ff78ec850f3 809->812 813 7ff78ec850f6-7ff78ec850fd 809->813 812->813 820 7ff78ec85111 813->820 821 7ff78ec850ff-7ff78ec85107 813->821 832 7ff78ec852ad-7ff78ec852bf call 7ff78ec7a2b8 816->832 833 7ff78ec852a8-7ff78ec852ab 816->833 818 7ff78ec85284-7ff78ec85289 call 7ff78ec7a2b8 817->818 818->799 825 7ff78ec85113-7ff78ec85187 call 7ff78ec6b7b0 * 4 call 7ff78ec82004 call 7ff78ec852dc * 2 820->825 821->820 827 7ff78ec85109-7ff78ec8510f 821->827 825->808 827->825 832->800 833->818
                                                                                                                                                              C-Code - Quality: 81%
                                                                                                                                                              			E00007FF77FF78EC85044(void* __ebx, void* __ecx, void* __fp0, signed int* __rax, long long __rbx, void* __rdx, void* __r9, signed int _a8, signed int _a16, signed int _a24, long long _a32) {
				void* __rsi;
				void* _t21;
				long _t28;
				intOrPtr _t31;
				void* _t33;
				void* _t36;
				void* _t37;
				void* _t38;
				signed int _t41;
				signed int _t51;
				intOrPtr _t60;
				intOrPtr _t61;
				signed int* _t65;
				long long _t71;

				_t79 = __rdx;
				_t66 = __rbx;
				_t65 = __rax;
				_a32 = __rbx;
				E00007FF77FF78EC84760(E00007FF77FF78EC84758(_t21));
				_a8 = 0;
				_a16 = 0;
				_a24 = 0;
				if (E00007FF77FF78EC847C8(_t65,  &_a8) != 0) goto 0x8ec851b7;
				if (E00007FF77FF78EC84768(__ecx, _t65,  &_a16, __rdx) != 0) goto 0x8ec851b7;
				if (E00007FF77FF78EC84798(_t65,  &_a24) != 0) goto 0x8ec851b7;
				_t71 =  *0x8ecad2b0; // 0x0
				E00007FF77FF78EC7A2B8(_t65, _t71);
				 *0x8ecad2b0 = __rbx; // executed
				_t28 = GetTimeZoneInformation(??); // executed
				if (_t28 == 0xffffffff) goto 0x8ec8518c;
				_t51 =  *0x8ecad2d0 * 0x3c;
				_t8 = _t66 + 1; // 0x1
				_t60 =  *0x8ecad316; // 0xb
				r8d =  *0x8ecad324; // 0x0
				 *0x8ecad2c0 = _t8;
				_a8 = _t51;
				if (_t60 == 0) goto 0x8ec850f6;
				_a8 = r8d * 0x3c + _t51;
				_t61 =  *0x8ecad36a; // 0x3
				if (_t61 == 0) goto 0x8ec85111;
				_t31 =  *0x8ecad378; // 0xffffffc4
				if (_t31 == 0) goto 0x8ec85111;
				_t41 = (_t31 - r8d) * 0x3c;
				goto 0x8ec85113;
				_a24 = _t41;
				_a16 = _t41;
				r8d = 0x80;
				E00007FF77FF78EC6B7B0();
				r8d = 0x80;
				E00007FF77FF78EC6B7B0();
				r8d = 0x40;
				E00007FF77FF78EC6B7B0();
				r8d = 0x40;
				E00007FF77FF78EC6B7B0();
				_t33 = E00007FF77FF78EC82004(_t41, __fp0, _t65, __rbx, _t65[2], _t79, _t65, __r9);
				r9d = _t33;
				E00007FF77FF78EC852DC(__rbx, 0x8ecad2d4,  *_t65, _t65,  *_t65, __r9);
				r9d = _t33;
				_t36 = E00007FF77FF78EC84750(E00007FF77FF78EC852DC(_t66, 0x8ecad328, _t65[2], _t65, _t65[2], __r9));
				 *_t65 = _a8;
				_t37 = E00007FF77FF78EC84740(_t36);
				 *_t65 = _a16;
				_t38 = E00007FF77FF78EC84748(_t37);
				 *_t65 = _a24;
				return _t38;
			}

















                                                                                                                                                              0x7ff78ec85044
                                                                                                                                                              0x7ff78ec85044
                                                                                                                                                              0x7ff78ec85044
                                                                                                                                                              0x7ff78ec85044
                                                                                                                                                              0x7ff78ec8505b
                                                                                                                                                              0x7ff78ec85066
                                                                                                                                                              0x7ff78ec8506c
                                                                                                                                                              0x7ff78ec8506f
                                                                                                                                                              0x7ff78ec85079
                                                                                                                                                              0x7ff78ec8508a
                                                                                                                                                              0x7ff78ec8509b
                                                                                                                                                              0x7ff78ec850a1
                                                                                                                                                              0x7ff78ec850a8
                                                                                                                                                              0x7ff78ec850b4
                                                                                                                                                              0x7ff78ec850bb
                                                                                                                                                              0x7ff78ec850c4
                                                                                                                                                              0x7ff78ec850ca
                                                                                                                                                              0x7ff78ec850d1
                                                                                                                                                              0x7ff78ec850d4
                                                                                                                                                              0x7ff78ec850db
                                                                                                                                                              0x7ff78ec850e2
                                                                                                                                                              0x7ff78ec850e8
                                                                                                                                                              0x7ff78ec850eb
                                                                                                                                                              0x7ff78ec850f3
                                                                                                                                                              0x7ff78ec850f6
                                                                                                                                                              0x7ff78ec850fd
                                                                                                                                                              0x7ff78ec850ff
                                                                                                                                                              0x7ff78ec85107
                                                                                                                                                              0x7ff78ec8510c
                                                                                                                                                              0x7ff78ec8510f
                                                                                                                                                              0x7ff78ec85113
                                                                                                                                                              0x7ff78ec85118
                                                                                                                                                              0x7ff78ec85123
                                                                                                                                                              0x7ff78ec85126
                                                                                                                                                              0x7ff78ec8512f
                                                                                                                                                              0x7ff78ec85134
                                                                                                                                                              0x7ff78ec85141
                                                                                                                                                              0x7ff78ec85146
                                                                                                                                                              0x7ff78ec8514f
                                                                                                                                                              0x7ff78ec85154
                                                                                                                                                              0x7ff78ec85159
                                                                                                                                                              0x7ff78ec8516b
                                                                                                                                                              0x7ff78ec85170
                                                                                                                                                              0x7ff78ec85184
                                                                                                                                                              0x7ff78ec8518f
                                                                                                                                                              0x7ff78ec85194
                                                                                                                                                              0x7ff78ec85199
                                                                                                                                                              0x7ff78ec8519e
                                                                                                                                                              0x7ff78ec851a3
                                                                                                                                                              0x7ff78ec851a8
                                                                                                                                                              0x7ff78ec851b6

                                                                                                                                                              APIs
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85072
                                                                                                                                                                • Part of subcall function 00007FF78EC847C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC847DC
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85083
                                                                                                                                                                • Part of subcall function 00007FF78EC84768: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC8477C
                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF78EC85094
                                                                                                                                                                • Part of subcall function 00007FF78EC84798: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC847AC
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: HeapFree.KERNEL32(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2CE
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: GetLastError.KERNEL32(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2D8
                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF78EC852D4), ref: 00007FF78EC850BB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                              • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                              • API String ID: 3458911817-1154798116
                                                                                                                                                              • Opcode ID: 4b6cf6c198d1af93dfc16845684c63b6b141d184cdbe86ca7dd08087524948a8
                                                                                                                                                              • Instruction ID: c6aeaf64c3180fd4f61bd97a0ed121bcf72628d0fa884087c1fa6ad5bd190d27
                                                                                                                                                              • Opcode Fuzzy Hash: 4b6cf6c198d1af93dfc16845684c63b6b141d184cdbe86ca7dd08087524948a8
                                                                                                                                                              • Instruction Fuzzy Hash: BF519F72E0865286E710FFA2EA815A9FB61FB48784FE14139EA4D47B95DF3CE400C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6A190 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00007FF77FF78EC6A190(void* __ecx, intOrPtr* __rax, long long __rbx, long long __rsi, void* __r8, long long _a8, long long _a16) {
				char _v24;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t23;
				void* _t25;
				void* _t29;
				void* _t33;
				intOrPtr _t40;
				intOrPtr* _t59;
				intOrPtr* _t60;
				void* _t66;
				void* _t75;

				_t61 = __rbx;
				_t59 = __rax;
				E00007FF77FF78EC6AB04(); // executed
				SetUnhandledExceptionFilter(??);
				goto 0x8ec78fa4;
				asm("int3");
				asm("int3");
				asm("int3");
				_a8 = __rbx;
				_a16 = __rsi;
				_t10 = E00007FF77FF78EC6A62C(_t33, _t66); // executed
				if (_t10 == 0) goto 0x8ec6a303;
				sil = 0;
				_v24 = sil;
				_t11 = E00007FF77FF78EC6A5F0(_t59);
				_t40 =  *0x8ecac560; // 0x2
				if (_t40 == 1) goto 0x8ec6a30e;
				if (_t40 != 0) goto 0x8ec6a239;
				 *0x8ecac560 = 1;
				_t12 = E00007FF77FF78EC78B18(__rbx, 0x8ec8a3a0, 0x8ec8a3e0); // executed
				if (_t12 == 0) goto 0x8ec6a21a;
				goto 0x8ec6a2f3;
				E00007FF77FF78EC78AD4(_t61, 0x8ec8a388, 0x8ec8a398); // executed
				 *0x8ecac560 = 2;
				goto 0x8ec6a241;
				sil = 1;
				_v24 = sil;
				E00007FF77FF78EC6A944(E00007FF77FF78EC6A79C(_t11, _t59));
				if ( *_t59 == 0) goto 0x8ec6a274;
				if (E00007FF77FF78EC6A704( *_t59, _t59) == 0) goto 0x8ec6a274;
				r8d = 0;
				_t60 =  *_t59;
				E00007FF77FF78EC6A94C( *0x8ec8a360(_t75));
				if ( *_t60 == 0) goto 0x8ec6a296;
				if (E00007FF77FF78EC6A704( *_t60, _t60) == 0) goto 0x8ec6a296;
				E00007FF77FF78EC78E34(_t20,  *_t60);
				_t23 = E00007FF77FF78EC6E300(E00007FF77FF78EC78A7C( *_t60, __rsi));
				_t64 =  *_t60;
				E00007FF77FF78EC6E2F8(_t23);
				_t86 = _t60;
				_t25 = E00007FF77FF78EC61000(_t60,  *_t60,  *_t60); // executed
				if (E00007FF77FF78EC6AAB0(_t60) == 0) goto 0x8ec6a318;
				if (sil != 0) goto 0x8ec6a2cd;
				E00007FF77FF78EC78E18(_t26, _t60);
				E00007FF77FF78EC6A7C0(1, 0);
				_t29 = _t25;
				if (E00007FF77FF78EC6AAB0(_t60) == 0) goto 0x8ec6a320;
				if (_v24 != 0) goto 0x8ec6a2f1;
				E00007FF77FF78EC78E08(_t30, _t64, _t86);
				return _t29;
			}
















                                                                                                                                                              0x7ff78ec6a190
                                                                                                                                                              0x7ff78ec6a190
                                                                                                                                                              0x7ff78ec6a194
                                                                                                                                                              0x7ff78ec6a199
                                                                                                                                                              0x7ff78ec6a1a4
                                                                                                                                                              0x7ff78ec6a1a9
                                                                                                                                                              0x7ff78ec6a1aa
                                                                                                                                                              0x7ff78ec6a1ab
                                                                                                                                                              0x7ff78ec6a1ac
                                                                                                                                                              0x7ff78ec6a1b1
                                                                                                                                                              0x7ff78ec6a1c0
                                                                                                                                                              0x7ff78ec6a1c7
                                                                                                                                                              0x7ff78ec6a1cd
                                                                                                                                                              0x7ff78ec6a1d0
                                                                                                                                                              0x7ff78ec6a1d5
                                                                                                                                                              0x7ff78ec6a1dc
                                                                                                                                                              0x7ff78ec6a1e5
                                                                                                                                                              0x7ff78ec6a1ed
                                                                                                                                                              0x7ff78ec6a1ef
                                                                                                                                                              0x7ff78ec6a207
                                                                                                                                                              0x7ff78ec6a20e
                                                                                                                                                              0x7ff78ec6a215
                                                                                                                                                              0x7ff78ec6a228
                                                                                                                                                              0x7ff78ec6a22d
                                                                                                                                                              0x7ff78ec6a237
                                                                                                                                                              0x7ff78ec6a239
                                                                                                                                                              0x7ff78ec6a23c
                                                                                                                                                              0x7ff78ec6a248
                                                                                                                                                              0x7ff78ec6a254
                                                                                                                                                              0x7ff78ec6a260
                                                                                                                                                              0x7ff78ec6a262
                                                                                                                                                              0x7ff78ec6a26b
                                                                                                                                                              0x7ff78ec6a274
                                                                                                                                                              0x7ff78ec6a280
                                                                                                                                                              0x7ff78ec6a28c
                                                                                                                                                              0x7ff78ec6a291
                                                                                                                                                              0x7ff78ec6a29e
                                                                                                                                                              0x7ff78ec6a2a3
                                                                                                                                                              0x7ff78ec6a2a6
                                                                                                                                                              0x7ff78ec6a2ab
                                                                                                                                                              0x7ff78ec6a2b3
                                                                                                                                                              0x7ff78ec6a2c1
                                                                                                                                                              0x7ff78ec6a2c6
                                                                                                                                                              0x7ff78ec6a2c8
                                                                                                                                                              0x7ff78ec6a2d1
                                                                                                                                                              0x7ff78ec6a2d6
                                                                                                                                                              0x7ff78ec6a2e3
                                                                                                                                                              0x7ff78ec6a2ea
                                                                                                                                                              0x7ff78ec6a2ec
                                                                                                                                                              0x7ff78ec6a302

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 59578552-0
                                                                                                                                                              • Opcode ID: 89476163297b1986c36223162515cabc13cdfddbe3f763e035948e907b44b7ef
                                                                                                                                                              • Instruction ID: 39a1c7123d302a11fc99ecb6de640bc173d8833e8a65e6748128781e151e15b6
                                                                                                                                                              • Opcode Fuzzy Hash: 89476163297b1986c36223162515cabc13cdfddbe3f763e035948e907b44b7ef
                                                                                                                                                              • Instruction Fuzzy Hash: 30E0B631E1D11385E61876EADC820B990917F55360FF0023AE21D816D2CF3D6591C672
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC617B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 38%
                                                                                                                                                              			E00007FF77FF78EC617B0(void* __ecx, void* __edx, long long __rbx, signed long long* __rcx, void* __r15, long long _a16) {
				signed int _v16;
				char _v21;
				unsigned long long _v24;
				void* __rdi;
				void* _t40;
				void* _t43;
				intOrPtr _t51;
				intOrPtr _t71;
				void* _t86;
				signed long long _t87;
				signed long long _t88;
				unsigned long long _t89;
				unsigned long long _t90;
				intOrPtr* _t93;
				long long* _t96;
				void* _t105;
				void* _t113;
				char* _t121;
				void* _t127;
				unsigned long long _t128;
				long long _t130;
				void* _t131;
				void* _t134;
				void* _t135;

				_a16 = __rbx;
				_t87 =  *0x8ec9d000; // 0x5e06c6841c27
				_t88 = _t87 ^ _t131 - 0x00000030;
				_v16 = _t88;
				_t96 = __rcx;
				if ( *__rcx != 0) goto 0x8ec617ef;
				_t3 = _t96 + 0x78; // 0x78
				_t40 = E00007FF77FF78EC62DC0(__ecx, _t3, "rb"); // executed
				 *__rcx = _t88;
				if (_t88 == 0) goto 0x8ec61842;
				_t89 = "MEI"; // 0xe0b0a0b0049454d
				_v24 = _t89;
				r8d = 8;
				_t90 = _t89 >> 0x18;
				_v21 = _t40 + 0xc;
				E00007FF77FF78EC662C0(_t90, __rcx, _t88, _t127, _t134); // executed
				_t128 = _t90;
				if (_t90 == 0) goto 0x8ec61842;
				r8d = 0;
				_t43 = E00007FF77FF78EC6EB90(_t90, _t96,  *_t96, _t128); // executed
				if (_t43 >= 0) goto 0x8ec6184c;
				_t121 = "Failed to seek to cookie position!\n";
				E00007FF77FF78EC61C10("fseek", _t121, _t134, _t135);
				goto 0x8ec619b3;
				_t8 = _t121 - 0x57; // 0x1, executed
				r8d = _t8;
				E00007FF77FF78EC6E878(_t121, _t134,  *_t96); // executed
				if (_t90 - 1 >= 0) goto 0x8ec61884;
				_t105 = "fread";
				E00007FF77FF78EC61C10(_t105, "Failed to read cookie!\n", _t134,  *_t96);
				goto 0x8ec619b3;
				r8d = 0;
				asm("bswap eax");
				asm("bswap eax");
				_t51 =  *((intOrPtr*)(_t96 + 0x34));
				asm("bswap ecx");
				asm("bswap eax");
				_t130 = _t128 - _t105 + 0x58;
				 *((intOrPtr*)(_t96 + 0x34)) = _t51;
				 *((long long*)(_t96 + 8)) = _t130;
				 *((intOrPtr*)(_t96 + 0x507c)) = 0;
				 *0x8ec9dc74 = _t51;
				E00007FF77FF78EC6EB90(_t90, _t96,  *_t96, _t130); // executed
				0x8ec73eec();
				 *(_t96 + 0x10) = _t90;
				if (_t90 != 0) goto 0x8ec618fe;
				E00007FF77FF78EC61C10("malloc", "Could not allocate buffer for TOC!\n", _t134,  *_t96);
				goto 0x8ec619b3;
				r8d = 1;
				E00007FF77FF78EC6E878( *((intOrPtr*)(_t96 + 0x30)), _t134,  *_t96);
				if (_t90 - 1 >= 0) goto 0x8ec61925;
				goto 0x8ec6186e;
				 *((long long*)(_t96 + 0x18)) =  *((intOrPtr*)(_t96 + 0x30)) +  *(_t96 + 0x10);
				if (E00007FF77FF78EC6E5EC( *((intOrPtr*)(_t96 + 0x30)) +  *(_t96 + 0x10),  *_t96) == 0) goto 0x8ec61950;
				E00007FF77FF78EC61C50(_t56,  *((intOrPtr*)(_t96 + 0x28)), _t86,  *((intOrPtr*)(_t96 + 0x30)) +  *(_t96 + 0x10), "Error on file.\n", "Could not read full TOC!\n", _t134,  *_t96);
				goto 0x8ec619b3;
				_t93 =  *(_t96 + 0x10);
				if (_t93 -  *((intOrPtr*)(_t96 + 0x18)) >= 0) goto 0x8ec619a1;
				asm("o16 nop [eax+eax]");
				_t71 =  *_t93;
				asm("bswap ecx");
				asm("bswap ecx");
				asm("bswap ecx");
				asm("bswap edx");
				 *_t93 = _t71;
				_t113 = _t71 + _t93;
				if (_t113 -  *(_t96 + 0x10) < 0) goto 0x8ec61995;
				if (_t113 -  *((intOrPtr*)(_t96 + 0x18)) < 0) goto 0x8ec61960;
				goto 0x8ec619a1;
				E00007FF77FF78EC61C50(0xffffffff,  *((intOrPtr*)(_t93 + 0xc)), _t86, _t113, "Cannot read Table of Contents.\n", "Could not read full TOC!\n", _t134,  *_t96);
				if ( *_t96 == 0) goto 0x8ec619b1; // executed
				E00007FF77FF78EC6E528(_t113, _t96,  *_t96, _t130); // executed
				 *_t96 = _t130;
				return E00007FF77FF78EC6A040(0,  *((intOrPtr*)(_t93 + 0xc)), _v16 ^ _t131 - 0x00000030);
			}



























                                                                                                                                                              0x7ff78ec617b0
                                                                                                                                                              0x7ff78ec617ba
                                                                                                                                                              0x7ff78ec617c1
                                                                                                                                                              0x7ff78ec617c4
                                                                                                                                                              0x7ff78ec617c9
                                                                                                                                                              0x7ff78ec617d2
                                                                                                                                                              0x7ff78ec617d4
                                                                                                                                                              0x7ff78ec617df
                                                                                                                                                              0x7ff78ec617e4
                                                                                                                                                              0x7ff78ec617ed
                                                                                                                                                              0x7ff78ec617ef
                                                                                                                                                              0x7ff78ec617fb
                                                                                                                                                              0x7ff78ec61800
                                                                                                                                                              0x7ff78ec61806
                                                                                                                                                              0x7ff78ec6180c
                                                                                                                                                              0x7ff78ec61810
                                                                                                                                                              0x7ff78ec61815
                                                                                                                                                              0x7ff78ec6181b
                                                                                                                                                              0x7ff78ec61820
                                                                                                                                                              0x7ff78ec61826
                                                                                                                                                              0x7ff78ec6182d
                                                                                                                                                              0x7ff78ec6182f
                                                                                                                                                              0x7ff78ec6183d
                                                                                                                                                              0x7ff78ec61847
                                                                                                                                                              0x7ff78ec61858
                                                                                                                                                              0x7ff78ec61858
                                                                                                                                                              0x7ff78ec6185c
                                                                                                                                                              0x7ff78ec61865
                                                                                                                                                              0x7ff78ec6186e
                                                                                                                                                              0x7ff78ec61875
                                                                                                                                                              0x7ff78ec6187f
                                                                                                                                                              0x7ff78ec61887
                                                                                                                                                              0x7ff78ec6188d
                                                                                                                                                              0x7ff78ec61895
                                                                                                                                                              0x7ff78ec6189a
                                                                                                                                                              0x7ff78ec6189d
                                                                                                                                                              0x7ff78ec618a7
                                                                                                                                                              0x7ff78ec618a9
                                                                                                                                                              0x7ff78ec618ad
                                                                                                                                                              0x7ff78ec618b0
                                                                                                                                                              0x7ff78ec618b6
                                                                                                                                                              0x7ff78ec618bc
                                                                                                                                                              0x7ff78ec618cc
                                                                                                                                                              0x7ff78ec618d5
                                                                                                                                                              0x7ff78ec618da
                                                                                                                                                              0x7ff78ec618e1
                                                                                                                                                              0x7ff78ec618f1
                                                                                                                                                              0x7ff78ec618f9
                                                                                                                                                              0x7ff78ec61902
                                                                                                                                                              0x7ff78ec6190e
                                                                                                                                                              0x7ff78ec61917
                                                                                                                                                              0x7ff78ec61920
                                                                                                                                                              0x7ff78ec61930
                                                                                                                                                              0x7ff78ec6193b
                                                                                                                                                              0x7ff78ec61944
                                                                                                                                                              0x7ff78ec6194e
                                                                                                                                                              0x7ff78ec61950
                                                                                                                                                              0x7ff78ec61958
                                                                                                                                                              0x7ff78ec6195a
                                                                                                                                                              0x7ff78ec61963
                                                                                                                                                              0x7ff78ec61965
                                                                                                                                                              0x7ff78ec6196d
                                                                                                                                                              0x7ff78ec61975
                                                                                                                                                              0x7ff78ec6197a
                                                                                                                                                              0x7ff78ec6197c
                                                                                                                                                              0x7ff78ec61981
                                                                                                                                                              0x7ff78ec6198b
                                                                                                                                                              0x7ff78ec61991
                                                                                                                                                              0x7ff78ec61993
                                                                                                                                                              0x7ff78ec6199c
                                                                                                                                                              0x7ff78ec619a7
                                                                                                                                                              0x7ff78ec619a9
                                                                                                                                                              0x7ff78ec619ae
                                                                                                                                                              0x7ff78ec619ca

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                                                                                                              • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                              • API String ID: 3405171723-4158440160
                                                                                                                                                              • Opcode ID: dc4cec41c22a027e030fb7f75a8e08531a54f2c8065492ad90cc8fe0a677a5ab
                                                                                                                                                              • Instruction ID: fb311a58e5d64e86b16bb43b0c5678a62a72e8268c61f7b01cd41ca4408b2a46
                                                                                                                                                              • Opcode Fuzzy Hash: dc4cec41c22a027e030fb7f75a8e08531a54f2c8065492ad90cc8fe0a677a5ab
                                                                                                                                                              • Instruction Fuzzy Hash: 1B51A571E1960286EF54EFA5D45017EB3A0FF48B89BA1853AD90D873A9DF3CE540C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC612B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E00007FF77FF78EC612B0(long long* __rcx, void* __rdx) {
				void* _t2;
				void* _t5;
				void* _t9;
				long long _t10;
				void* _t17;
				void* _t18;
				void* _t19;

				_t10 =  *((intOrPtr*)(__rcx));
				_t17 = __rdx;
				if (_t10 != 0) goto 0x8ec612f8;
				_t2 = E00007FF77FF78EC62DC0(_t5, __rcx + 0x78, "rb"); // executed
				 *__rcx = _t10;
				if (_t10 != 0) goto 0x8ec612f8;
				E00007FF77FF78EC61C50(_t2, _t5, _t9, _t10, "Failed to extract %s: failed to open archive file!\n", _t17 + 0x12, _t18, _t19);
				return 0;
			}










                                                                                                                                                              0x7ff78ec612b8
                                                                                                                                                              0x7ff78ec612bb
                                                                                                                                                              0x7ff78ec612c4
                                                                                                                                                              0x7ff78ec612d1
                                                                                                                                                              0x7ff78ec612d6
                                                                                                                                                              0x7ff78ec612dc
                                                                                                                                                              0x7ff78ec612e9
                                                                                                                                                              0x7ff78ec612f7

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                              • API String ID: 0-3659356012
                                                                                                                                                              • Opcode ID: e0596381667230d0180748f78fe345eb3b5132e1a73fc08c6e52303b733a7468
                                                                                                                                                              • Instruction ID: cf4dba1e9c3b9a394d00342bb5df9421f58c057ebb3c81cef11e89181c95f360
                                                                                                                                                              • Opcode Fuzzy Hash: e0596381667230d0180748f78fe345eb3b5132e1a73fc08c6e52303b733a7468
                                                                                                                                                              • Instruction Fuzzy Hash: B8416D22E0865285EE14FB96E5012BAE3A0FB447D5FE44436DE4D47B65EF3CE582C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC85D08 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 307 7ff78ec85d08-7ff78ec85d7b call 7ff78ec85a38 310 7ff78ec85d7d-7ff78ec85d86 call 7ff78ec75de8 307->310 311 7ff78ec85d95-7ff78ec85d9f call 7ff78ec76be0 307->311 316 7ff78ec85d89-7ff78ec85d90 call 7ff78ec75e08 310->316 317 7ff78ec85dba-7ff78ec85e23 CreateFileW 311->317 318 7ff78ec85da1-7ff78ec85db8 call 7ff78ec75de8 call 7ff78ec75e08 311->318 334 7ff78ec860d7-7ff78ec860f7 316->334 320 7ff78ec85e25-7ff78ec85e2b 317->320 321 7ff78ec85ea0-7ff78ec85eab GetFileType 317->321 318->316 324 7ff78ec85e6d-7ff78ec85e9b GetLastError call 7ff78ec75d7c 320->324 325 7ff78ec85e2d-7ff78ec85e31 320->325 327 7ff78ec85efe-7ff78ec85f05 321->327 328 7ff78ec85ead-7ff78ec85ee8 GetLastError call 7ff78ec75d7c CloseHandle 321->328 324->316 325->324 332 7ff78ec85e33-7ff78ec85e6b CreateFileW 325->332 330 7ff78ec85f0d-7ff78ec85f10 327->330 331 7ff78ec85f07-7ff78ec85f0b 327->331 328->316 342 7ff78ec85eee-7ff78ec85ef9 call 7ff78ec75e08 328->342 337 7ff78ec85f16-7ff78ec85f6b call 7ff78ec76af8 330->337 338 7ff78ec85f12 330->338 331->337 332->321 332->324 346 7ff78ec85f6d-7ff78ec85f79 call 7ff78ec85c44 337->346 347 7ff78ec85f8a-7ff78ec85fbb call 7ff78ec857c0 337->347 338->337 342->316 346->347 354 7ff78ec85f7b 346->354 352 7ff78ec85fbd-7ff78ec85fbf 347->352 353 7ff78ec85fc1-7ff78ec86004 347->353 355 7ff78ec85f7d-7ff78ec85f85 call 7ff78ec7a430 352->355 356 7ff78ec86026-7ff78ec86031 353->356 357 7ff78ec86006-7ff78ec8600a 353->357 354->355 355->334 359 7ff78ec86037-7ff78ec8603b 356->359 360 7ff78ec860d5 356->360 357->356 358 7ff78ec8600c-7ff78ec86021 357->358 358->356 359->360 362 7ff78ec86041-7ff78ec86086 CloseHandle CreateFileW 359->362 360->334 364 7ff78ec860bb-7ff78ec860d0 362->364 365 7ff78ec86088-7ff78ec860b6 GetLastError call 7ff78ec75d7c call 7ff78ec76d20 362->365 364->360 365->364
                                                                                                                                                              C-Code - Quality: 42%
                                                                                                                                                              			E00007FF77FF78EC85D08(void* __ebx, void* __ecx, void* __ebp, void* __eflags, long long __rbx, long long __rcx, signed int* __rdx, long long __rdi, long long __rsi, long long __r8, void* __r9, void* __r11) {
				void* __rbp;
				signed int _t151;
				long _t164;
				void* _t168;
				signed int _t170;
				signed int _t188;
				signed int _t189;
				void* _t217;
				intOrPtr* _t238;
				intOrPtr* _t241;
				long long _t253;
				long long _t261;
				signed long long _t267;
				signed long long _t281;
				intOrPtr _t282;
				signed long long _t283;
				signed long long _t302;
				signed int* _t307;
				long long _t310;
				void* _t312;
				void* _t313;
				intOrPtr* _t315;
				void* _t316;
				void* _t326;
				void* _t328;
				void* _t332;
				void* _t336;

				_t318 = __r8;
				_t217 = __ebp;
				_t238 = _t315;
				 *((long long*)(_t238 + 8)) = __rbx;
				 *((long long*)(_t238 + 0x10)) = __rsi;
				 *((long long*)(_t238 + 0x20)) = __rdi;
				 *((long long*)(_t238 + 0x18)) = __r8;
				_t313 = _t238 - 0x47;
				_t316 = _t315 - 0xc0;
				r12d = r9d;
				_t261 = __r8;
				r9d =  *(_t313 + 0x77);
				_t307 = __rdx;
				r8d =  *(_t313 + 0x6f);
				_t310 = __rcx;
				E00007FF77FF78EC85A38(__ebx, __ecx, __eflags, _t238, __r8, _t313 - 1, __rdx, _t313, __r9);
				asm("movups xmm0, [eax]");
				asm("movsd xmm1, [eax+0x10]");
				asm("movups [ebp-0x59], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("dec cx");
				asm("movsd [ebp-0x39], xmm1");
				asm("movsd [ebp-0x49], xmm1");
				 *(_t313 - 0x29) = _t336 >> 0x20;
				if (r15d != 0xffffffff) goto 0x8ec85d95;
				E00007FF77FF78EC75DE8(_t238);
				 *_t238 = 0;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FF77FF78EC75E08(_t238);
				goto 0x8ec860d7;
				_t151 = E00007FF77FF78EC76BE0(__ebx, __ecx, r12d, _t238, __r8, __rdx, __rdx, __rcx);
				 *__rdx = _t151;
				if (_t151 != 0xffffffff) goto 0x8ec85dba;
				E00007FF77FF78EC75DE8(_t238);
				 *_t238 = 0;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FF77FF78EC75E08(_t238);
				 *_t238 = 0x18;
				goto 0x8ec85d89;
				r8d = r15d;
				r14d = r14d |  *(_t313 - 0x49);
				 *_t310 = 1;
				 *((long long*)(_t316 + 0x30)) = _t310;
				 *(_t316 + 0x28) = r14d;
				 *((intOrPtr*)(_t316 + 0x20)) =  *((intOrPtr*)(_t313 - 0x51));
				 *((intOrPtr*)(_t313 - 0x21)) = 0x18;
				 *((long long*)(_t313 - 0x19)) = _t310;
				 *(_t313 - 0x11) =  !(r12d >> 7) & 0x00000001;
				 *(_t313 - 0x31) =  *(_t313 - 0x49) >> 0x20;
				CreateFileW(??, ??, ??, ??, ??, ??, ??); // executed
				_t188 =  *(_t313 - 0x55);
				if (_t238 != 0xffffffff) goto 0x8ec85ea0;
				if ((_t188 & 0xc0000000) != 0xc0000000) goto 0x8ec85e6d;
				if ((r12b & 0x00000001) == 0) goto 0x8ec85e6d;
				 *((long long*)(_t316 + 0x30)) = _t310;
				asm("btr ebx, 0x1f");
				 *(_t313 - 0x55) = _t188;
				r8d = r15d;
				 *(_t316 + 0x28) = r14d;
				 *((intOrPtr*)(_t316 + 0x20)) =  *((intOrPtr*)(_t313 - 0x51));
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t238 != 0xffffffff) goto 0x8ec85ea0;
				_t267 =  *__rdx;
				_t241 =  *((intOrPtr*)(0x8ecaca50 + (_t267 >> 6) * 8));
				 *(_t241 + 0x38 + (_t267 + _t267 * 8) * 8) =  *(_t241 + 0x38 + (_t267 + _t267 * 8) * 8) & 0x000000fe;
				GetLastError();
				E00007FF77FF78EC75D7C(_t241, _t267 + _t267 * 8);
				goto 0x8ec85d89;
				_t164 = GetFileType(_t336); // executed
				if (_t164 != 0) goto 0x8ec85efe;
				_t189 = GetLastError();
				E00007FF77FF78EC75D7C(_t241, _t238);
				 *( *((intOrPtr*)(0x8ecaca50 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) =  *( *((intOrPtr*)(0x8ecaca50 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) & 0x000000fe;
				CloseHandle(_t332);
				if (_t189 != 0) goto 0x8ec85d89;
				_t168 = E00007FF77FF78EC75E08(_t241);
				 *_t241 = 0xd;
				goto 0x8ec85d89;
				r14b =  *(_t313 - 0x59);
				if (_t168 != 2) goto 0x8ec85f0d;
				r14b = r14b | 0x00000040;
				goto 0x8ec85f16;
				if (_t168 != 3) goto 0x8ec85f16;
				r14b = r14b | 0x00000008;
				E00007FF77FF78EC76AF8( *__rdx, _t261, _t238, _t238, __rdx, _t310, _t313, _t328, _t326);
				r14b = r14b | 0x00000001;
				 *(_t313 - 0x41) = r14b;
				 *(_t313 - 0x59) = r14b;
				 *( *((intOrPtr*)(0x8ecaca50 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) = r14b;
				 *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + ( *__rdx >> 6) * 8)) + 0x39 + ( *__rdx +  *__rdx * 8) * 8)) = sil;
				if ((r12b & 0x00000002) == 0) goto 0x8ec85f8a;
				_t170 = E00007FF77FF78EC85C44(_t189,  *__rdx, _t217, _t261, _t318, _t313 - 0x21, __r11);
				r14d = _t170;
				if (_t170 == 0) goto 0x8ec85f8a;
				E00007FF77FF78EC7A430( *((intOrPtr*)(0x8ecaca50 + ( *__rdx >> 6) * 8)), _t261, _t307);
				goto 0x8ec860d7;
				asm("movups xmm0, [ebp-0x59]");
				asm("movsd xmm1, [ebp-0x39]");
				r8d = r12d;
				asm("movaps [ebp-0x1], xmm0");
				 *((intOrPtr*)(_t313 - 0x61)) = sil;
				asm("movsd [ebp+0xf], xmm1");
				r14d = E00007FF77FF78EC857C0(r14d, _t189,  *_t307, _t261, _t313 - 1, _t310, _t313, _t318, _t313 - 0x61);
				if (r14d == 0) goto 0x8ec85fc1;
				goto 0x8ec85f7d;
				 *((char*)( *((intOrPtr*)(0x8ecaca50 + ( *_t307 >> 6) * 8)) + 0x39 + ( *_t307 +  *_t307 * 8) * 8)) =  *((intOrPtr*)(_t313 - 0x61));
				_t281 =  *_t307;
				_t302 = _t281 + _t281 * 8;
				_t282 =  *((intOrPtr*)(0x8ecaca50 + (_t281 >> 6) * 8));
				 *(_t282 + 0x3d + _t302 * 8) =  *(_t282 + 0x3d + _t302 * 8) & 0x000000fe;
				 *(_t282 + 0x3d + _t302 * 8) =  *(_t282 + 0x3d + _t302 * 8) | r12d >> 0x00000010 & 0x00000001;
				if (( *(_t313 - 0x41) & 0x00000048) != 0) goto 0x8ec86026;
				if ((r12b & 0x00000008) == 0) goto 0x8ec86026;
				_t283 =  *_t307;
				_t253 =  *((intOrPtr*)(0x8ecaca50 + (_t283 >> 6) * 8));
				 *(_t253 + 0x38 + (_t283 + _t283 * 8) * 8) =  *(_t253 + 0x38 + (_t283 + _t283 * 8) * 8) | 0x00000020;
				if ((_t189 & 0xc0000000) != 0xc0000000) goto 0x8ec860d5;
				if ((r12b & 0x00000001) == 0) goto 0x8ec860d5;
				CloseHandle(_t312);
				r8d =  *(_t313 - 0x29);
				asm("btr ebx, 0x1f");
				 *((long long*)(_t316 + 0x30)) = _t310;
				 *(_t316 + 0x28) = 0xc0000000;
				 *((intOrPtr*)(_t316 + 0x20)) =  *((intOrPtr*)(_t313 - 0x51));
				 *(_t313 - 0x55) = _t189;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t253 != 0xffffffff) goto 0x8ec860bb;
				GetLastError();
				E00007FF77FF78EC75D7C(_t253,  *((intOrPtr*)(_t313 + 0x5f)));
				 *( *((intOrPtr*)(0x8ecaca50 + ( *_t307 >> 6) * 8)) + 0x38 + ( *_t307 +  *_t307 * 8) * 8) =  *( *((intOrPtr*)(0x8ecaca50 + ( *_t307 >> 6) * 8)) + 0x38 + ( *_t307 +  *_t307 * 8) * 8) & 0x000000fe;
				E00007FF77FF78EC76D20( *_t307, _t261,  *_t307 +  *_t307 * 8, _t307, _t310);
				goto 0x8ec85d89;
				 *((long long*)( *((intOrPtr*)(0x8ecaca50 + ( *_t307 >> 6) * 8)) + 0x28 + ( *_t307 +  *_t307 * 8) * 8)) = _t253;
				return 0;
			}






























                                                                                                                                                              0x7ff78ec85d08
                                                                                                                                                              0x7ff78ec85d08
                                                                                                                                                              0x7ff78ec85d08
                                                                                                                                                              0x7ff78ec85d0b
                                                                                                                                                              0x7ff78ec85d0f
                                                                                                                                                              0x7ff78ec85d13
                                                                                                                                                              0x7ff78ec85d17
                                                                                                                                                              0x7ff78ec85d24
                                                                                                                                                              0x7ff78ec85d28
                                                                                                                                                              0x7ff78ec85d2f
                                                                                                                                                              0x7ff78ec85d32
                                                                                                                                                              0x7ff78ec85d35
                                                                                                                                                              0x7ff78ec85d39
                                                                                                                                                              0x7ff78ec85d3c
                                                                                                                                                              0x7ff78ec85d40
                                                                                                                                                              0x7ff78ec85d4a
                                                                                                                                                              0x7ff78ec85d4f
                                                                                                                                                              0x7ff78ec85d52
                                                                                                                                                              0x7ff78ec85d57
                                                                                                                                                              0x7ff78ec85d5b
                                                                                                                                                              0x7ff78ec85d60
                                                                                                                                                              0x7ff78ec85d65
                                                                                                                                                              0x7ff78ec85d6e
                                                                                                                                                              0x7ff78ec85d73
                                                                                                                                                              0x7ff78ec85d7b
                                                                                                                                                              0x7ff78ec85d7d
                                                                                                                                                              0x7ff78ec85d84
                                                                                                                                                              0x7ff78ec85d86
                                                                                                                                                              0x7ff78ec85d89
                                                                                                                                                              0x7ff78ec85d90
                                                                                                                                                              0x7ff78ec85d95
                                                                                                                                                              0x7ff78ec85d9a
                                                                                                                                                              0x7ff78ec85d9f
                                                                                                                                                              0x7ff78ec85da1
                                                                                                                                                              0x7ff78ec85da8
                                                                                                                                                              0x7ff78ec85daa
                                                                                                                                                              0x7ff78ec85dad
                                                                                                                                                              0x7ff78ec85db2
                                                                                                                                                              0x7ff78ec85db8
                                                                                                                                                              0x7ff78ec85dcc
                                                                                                                                                              0x7ff78ec85dd8
                                                                                                                                                              0x7ff78ec85ddf
                                                                                                                                                              0x7ff78ec85de7
                                                                                                                                                              0x7ff78ec85dec
                                                                                                                                                              0x7ff78ec85df1
                                                                                                                                                              0x7ff78ec85dfc
                                                                                                                                                              0x7ff78ec85e03
                                                                                                                                                              0x7ff78ec85e07
                                                                                                                                                              0x7ff78ec85e0a
                                                                                                                                                              0x7ff78ec85e0e
                                                                                                                                                              0x7ff78ec85e14
                                                                                                                                                              0x7ff78ec85e23
                                                                                                                                                              0x7ff78ec85e2b
                                                                                                                                                              0x7ff78ec85e31
                                                                                                                                                              0x7ff78ec85e3a
                                                                                                                                                              0x7ff78ec85e3f
                                                                                                                                                              0x7ff78ec85e43
                                                                                                                                                              0x7ff78ec85e46
                                                                                                                                                              0x7ff78ec85e4d
                                                                                                                                                              0x7ff78ec85e52
                                                                                                                                                              0x7ff78ec85e5e
                                                                                                                                                              0x7ff78ec85e6b
                                                                                                                                                              0x7ff78ec85e6d
                                                                                                                                                              0x7ff78ec85e85
                                                                                                                                                              0x7ff78ec85e89
                                                                                                                                                              0x7ff78ec85e8e
                                                                                                                                                              0x7ff78ec85e96
                                                                                                                                                              0x7ff78ec85e9b
                                                                                                                                                              0x7ff78ec85ea3
                                                                                                                                                              0x7ff78ec85eab
                                                                                                                                                              0x7ff78ec85eb5
                                                                                                                                                              0x7ff78ec85eb7
                                                                                                                                                              0x7ff78ec85ed8
                                                                                                                                                              0x7ff78ec85ee0
                                                                                                                                                              0x7ff78ec85ee8
                                                                                                                                                              0x7ff78ec85eee
                                                                                                                                                              0x7ff78ec85ef3
                                                                                                                                                              0x7ff78ec85ef9
                                                                                                                                                              0x7ff78ec85efe
                                                                                                                                                              0x7ff78ec85f05
                                                                                                                                                              0x7ff78ec85f07
                                                                                                                                                              0x7ff78ec85f0b
                                                                                                                                                              0x7ff78ec85f10
                                                                                                                                                              0x7ff78ec85f12
                                                                                                                                                              0x7ff78ec85f1b
                                                                                                                                                              0x7ff78ec85f2d
                                                                                                                                                              0x7ff78ec85f38
                                                                                                                                                              0x7ff78ec85f3c
                                                                                                                                                              0x7ff78ec85f48
                                                                                                                                                              0x7ff78ec85f62
                                                                                                                                                              0x7ff78ec85f6b
                                                                                                                                                              0x7ff78ec85f6f
                                                                                                                                                              0x7ff78ec85f74
                                                                                                                                                              0x7ff78ec85f79
                                                                                                                                                              0x7ff78ec85f7d
                                                                                                                                                              0x7ff78ec85f85
                                                                                                                                                              0x7ff78ec85f8a
                                                                                                                                                              0x7ff78ec85f94
                                                                                                                                                              0x7ff78ec85f9d
                                                                                                                                                              0x7ff78ec85fa0
                                                                                                                                                              0x7ff78ec85fa4
                                                                                                                                                              0x7ff78ec85fa8
                                                                                                                                                              0x7ff78ec85fb2
                                                                                                                                                              0x7ff78ec85fbb
                                                                                                                                                              0x7ff78ec85fbf
                                                                                                                                                              0x7ff78ec85fd6
                                                                                                                                                              0x7ff78ec85fda
                                                                                                                                                              0x7ff78ec85fe7
                                                                                                                                                              0x7ff78ec85feb
                                                                                                                                                              0x7ff78ec85ff7
                                                                                                                                                              0x7ff78ec85ffc
                                                                                                                                                              0x7ff78ec86004
                                                                                                                                                              0x7ff78ec8600a
                                                                                                                                                              0x7ff78ec8600c
                                                                                                                                                              0x7ff78ec8601d
                                                                                                                                                              0x7ff78ec86021
                                                                                                                                                              0x7ff78ec86031
                                                                                                                                                              0x7ff78ec8603b
                                                                                                                                                              0x7ff78ec86044
                                                                                                                                                              0x7ff78ec86052
                                                                                                                                                              0x7ff78ec86056
                                                                                                                                                              0x7ff78ec8605a
                                                                                                                                                              0x7ff78ec8605f
                                                                                                                                                              0x7ff78ec86066
                                                                                                                                                              0x7ff78ec8606e
                                                                                                                                                              0x7ff78ec86079
                                                                                                                                                              0x7ff78ec86086
                                                                                                                                                              0x7ff78ec86088
                                                                                                                                                              0x7ff78ec86090
                                                                                                                                                              0x7ff78ec860aa
                                                                                                                                                              0x7ff78ec860b1
                                                                                                                                                              0x7ff78ec860b6
                                                                                                                                                              0x7ff78ec860d0
                                                                                                                                                              0x7ff78ec860f7

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1330151763-0
                                                                                                                                                              • Opcode ID: 04a4e53e866e31c8fc58a914e80bac258d4f260b364362045a33b3d0c1470eba
                                                                                                                                                              • Instruction ID: d775071bc8e6a2d908e2e4c68589837e9a2a67d838b67725c7826097907c583c
                                                                                                                                                              • Opcode Fuzzy Hash: 04a4e53e866e31c8fc58a914e80bac258d4f260b364362045a33b3d0c1470eba
                                                                                                                                                              • Instruction Fuzzy Hash: 7FC10336F28A5286EB10EFA8C5906AC7761FB48BA8BA00335DE2E573D4CF38D451C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC61000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 433 7ff78ec61000-7ff78ec62796 call 7ff78ec6e300 call 7ff78ec6e2f8 call 7ff78ec66720 call 7ff78ec6a070 call 7ff78ec740b0 call 7ff78ec74d20 call 7ff78ec61af0 449 7ff78ec6279c-7ff78ec627ab call 7ff78ec62cb0 433->449 450 7ff78ec628aa 433->450 449->450 455 7ff78ec627b1-7ff78ec627c4 call 7ff78ec62b80 449->455 452 7ff78ec628af-7ff78ec628cf call 7ff78ec6a040 450->452 455->450 459 7ff78ec627ca-7ff78ec627dd call 7ff78ec62c30 455->459 459->450 462 7ff78ec627e3-7ff78ec6280a call 7ff78ec65ab0 459->462 465 7ff78ec6284c-7ff78ec62874 call 7ff78ec66050 call 7ff78ec619d0 462->465 466 7ff78ec6280c-7ff78ec6281b call 7ff78ec65ab0 462->466 477 7ff78ec6295d-7ff78ec6296e 465->477 478 7ff78ec6287a-7ff78ec62890 call 7ff78ec619d0 465->478 466->465 472 7ff78ec6281d-7ff78ec62823 466->472 474 7ff78ec62825-7ff78ec6282d 472->474 475 7ff78ec6282f-7ff78ec62849 call 7ff78ec73ed8 call 7ff78ec66050 472->475 474->475 475->465 480 7ff78ec62983-7ff78ec6299b call 7ff78ec66d10 477->480 481 7ff78ec62970-7ff78ec6297a call 7ff78ec62480 477->481 490 7ff78ec628d0-7ff78ec628d3 478->490 491 7ff78ec62892-7ff78ec628a5 call 7ff78ec61c50 478->491 495 7ff78ec629ae-7ff78ec629b5 SetDllDirectoryW 480->495 496 7ff78ec6299d-7ff78ec629a9 call 7ff78ec61c50 480->496 493 7ff78ec6297c 481->493 494 7ff78ec629bb-7ff78ec629c8 call 7ff78ec64f80 481->494 490->477 492 7ff78ec628d9-7ff78ec628f0 call 7ff78ec62dc0 490->492 491->450 506 7ff78ec628f7-7ff78ec62923 call 7ff78ec662c0 492->506 507 7ff78ec628f2-7ff78ec628f5 492->507 493->480 504 7ff78ec629ca-7ff78ec629da call 7ff78ec64c20 494->504 505 7ff78ec62a16-7ff78ec62a1b call 7ff78ec64f00 494->505 495->494 496->450 504->505 519 7ff78ec629dc-7ff78ec629eb call 7ff78ec64780 504->519 512 7ff78ec62a20-7ff78ec62a23 505->512 520 7ff78ec6294d-7ff78ec6295b 506->520 521 7ff78ec62925-7ff78ec6292d call 7ff78ec6e528 506->521 510 7ff78ec62932-7ff78ec62948 call 7ff78ec61c50 507->510 510->450 517 7ff78ec62a29-7ff78ec62a36 512->517 518 7ff78ec62ad6-7ff78ec62ade call 7ff78ec62310 512->518 522 7ff78ec62a40-7ff78ec62a4a 517->522 529 7ff78ec62ae3-7ff78ec62ae5 518->529 533 7ff78ec62a0c-7ff78ec62a11 call 7ff78ec649d0 519->533 534 7ff78ec629ed-7ff78ec629f9 call 7ff78ec64710 519->534 520->481 521->510 526 7ff78ec62a4c-7ff78ec62a51 522->526 527 7ff78ec62a53-7ff78ec62a55 522->527 526->522 526->527 531 7ff78ec62a57-7ff78ec62a7a call 7ff78ec61b30 527->531 532 7ff78ec62aa1-7ff78ec62ab6 call 7ff78ec62470 call 7ff78ec622b0 call 7ff78ec62460 527->532 529->450 535 7ff78ec62aeb-7ff78ec62b22 call 7ff78ec65fe0 call 7ff78ec65ab0 call 7ff78ec64520 529->535 531->450 545 7ff78ec62a80-7ff78ec62a8b 531->545 556 7ff78ec62abb-7ff78ec62ad1 call 7ff78ec649d0 call 7ff78ec64f00 532->556 533->505 534->533 546 7ff78ec629fb-7ff78ec62a0a call 7ff78ec64dd0 534->546 535->450 558 7ff78ec62b28-7ff78ec62b5d call 7ff78ec62470 call 7ff78ec66090 call 7ff78ec649d0 call 7ff78ec64f00 535->558 549 7ff78ec62a90-7ff78ec62a9f 545->549 546->512 549->532 549->549 556->452 571 7ff78ec62b67-7ff78ec62b71 call 7ff78ec61ab0 558->571 572 7ff78ec62b5f-7ff78ec62b62 call 7ff78ec65d50 558->572 571->452 572->571
                                                                                                                                                              C-Code - Quality: 19%
                                                                                                                                                              			E00007FF77FF78EC61000(intOrPtr* __rax, long long __rbx, void* __rcx, long long _a8) {
				void* _t3;
				void* _t6;
				intOrPtr* _t11;

				_t11 = __rax;
				_a8 = __rbx;
				_t6 = E00007FF77FF78EC66720(E00007FF77FF78EC6E2F8(E00007FF77FF78EC6E300(_t3)),  *_t11, _t11, __rcx,  *_t11);
				goto 0x8ec62740;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				return _t6;
			}






                                                                                                                                                              0x7ff78ec61000
                                                                                                                                                              0x7ff78ec61000
                                                                                                                                                              0x7ff78ec6101e
                                                                                                                                                              0x7ff78ec61032
                                                                                                                                                              0x7ff78ec61037
                                                                                                                                                              0x7ff78ec61038
                                                                                                                                                              0x7ff78ec61039
                                                                                                                                                              0x7ff78ec6103a
                                                                                                                                                              0x7ff78ec6103b
                                                                                                                                                              0x7ff78ec6103c
                                                                                                                                                              0x7ff78ec6103d
                                                                                                                                                              0x7ff78ec6103e
                                                                                                                                                              0x7ff78ec6103f
                                                                                                                                                              0x7ff78ec61047

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF78EC62CB0: GetModuleFileNameW.KERNEL32(?,00007FF78EC627A9,?,?,?,?,?,?), ref: 00007FF78EC62CE1
                                                                                                                                                              • SetDllDirectoryW.KERNEL32 ref: 00007FF78EC629B5
                                                                                                                                                                • Part of subcall function 00007FF78EC65AB0: GetEnvironmentVariableW.KERNEL32(00007FF78EC627F7,?,?,?,?,?,?), ref: 00007FF78EC65AEA
                                                                                                                                                                • Part of subcall function 00007FF78EC65AB0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC65B07
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                              • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                              • API String ID: 2344891160-3602715111
                                                                                                                                                              • Opcode ID: 6c871e667245027d2ee8e60b2af35e90addf3774915f0eb9eee0176ed780d8e0
                                                                                                                                                              • Instruction ID: fb5e1ccecd5a7f731c03c7878f64c7eb1650fd21fd0e904efda532b1ba874a16
                                                                                                                                                              • Opcode Fuzzy Hash: 6c871e667245027d2ee8e60b2af35e90addf3774915f0eb9eee0176ed780d8e0
                                                                                                                                                              • Instruction Fuzzy Hash: 21C18521E1C64351EA68BBA1D9502FFA390BF847C4FE44039EA4D476AAEF3CE515C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC61050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 576 7ff78ec61050-7ff78ec610ab call 7ff78ec68c20 579 7ff78ec610ad-7ff78ec610d2 call 7ff78ec61c50 576->579 580 7ff78ec610d3-7ff78ec610eb call 7ff78ec73eec 576->580 585 7ff78ec610ed-7ff78ec61104 call 7ff78ec61c10 580->585 586 7ff78ec61109-7ff78ec61119 call 7ff78ec73eec 580->586 591 7ff78ec6126c-7ff78ec612a0 call 7ff78ec68910 call 7ff78ec73ed8 * 2 585->591 592 7ff78ec6111b-7ff78ec61132 call 7ff78ec61c10 586->592 593 7ff78ec61137-7ff78ec61147 586->593 592->591 595 7ff78ec61150-7ff78ec61175 call 7ff78ec6e878 593->595 603 7ff78ec6117b-7ff78ec61185 call 7ff78ec6e5ec 595->603 604 7ff78ec6125e 595->604 603->604 610 7ff78ec6118b-7ff78ec61197 603->610 606 7ff78ec61264 604->606 606->591 611 7ff78ec611a0-7ff78ec611b5 call 7ff78ec67090 610->611 613 7ff78ec611ba-7ff78ec611c8 611->613 614 7ff78ec611ca-7ff78ec611cd 613->614 615 7ff78ec61241-7ff78ec6125c call 7ff78ec61c50 613->615 616 7ff78ec6123c 614->616 617 7ff78ec611cf-7ff78ec611d9 614->617 615->606 616->615 619 7ff78ec611db-7ff78ec611f0 call 7ff78ec6ef84 617->619 620 7ff78ec61203-7ff78ec61206 617->620 631 7ff78ec611fe-7ff78ec61201 619->631 632 7ff78ec611f2-7ff78ec611fc call 7ff78ec6e5ec 619->632 623 7ff78ec61208-7ff78ec61216 call 7ff78ec6adf0 620->623 624 7ff78ec61219-7ff78ec6121e 620->624 623->624 624->611 625 7ff78ec61220-7ff78ec61223 624->625 629 7ff78ec61237-7ff78ec6123a 625->629 630 7ff78ec61225-7ff78ec61228 625->630 629->606 630->615 633 7ff78ec6122a-7ff78ec61232 630->633 631->615 632->624 632->631 633->595
                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                              			E00007FF77FF78EC61050(long long __rcx, long long __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* _t13;
				void* _t16;
				void* _t19;
				long long _t20;
				long long _t22;
				void* _t36;
				void* _t38;
				void* _t39;
				void* _t43;
				void* _t46;

				_t42 = __r9;
				_t41 = __r8;
				 *((long long*)(_t38 + 0x10)) = __rdx;
				 *((long long*)(_t38 + 8)) = __rcx;
				_push(_t36);
				_t39 = _t38 - 0x88;
				_t22 = __rdx;
				 *((long long*)(_t39 + 0x50)) = _t20;
				 *((long long*)(_t39 + 0x58)) = _t20;
				 *((long long*)(_t39 + 0x60)) = _t20;
				_t6 = _t20 + 0x58; // 0x58
				r8d = _t6;
				 *((intOrPtr*)(_t39 + 0x28)) = 0;
				 *((long long*)(_t39 + 0x20)) = _t20;
				_t13 = E00007FF77FF78EC68C20(_t20, __rdx, _t39 + 0x20, "1.2.12");
				r15d = _t13;
				if (_t13 == 0) goto 0x8ec610d3;
				r8d = _t13;
				E00007FF77FF78EC61C50(_t13, _t16, _t19, _t20, "Failed to extract %s: inflateInit() failed with return code %d!\n", _t22 + 0x12, _t41, _t42, _t46, _t43);
				_t11 = _t36 - 1; // -1
				return _t11;
			}














                                                                                                                                                              0x7ff78ec61050
                                                                                                                                                              0x7ff78ec61050
                                                                                                                                                              0x7ff78ec61050
                                                                                                                                                              0x7ff78ec61055
                                                                                                                                                              0x7ff78ec6105b
                                                                                                                                                              0x7ff78ec61062
                                                                                                                                                              0x7ff78ec6106e
                                                                                                                                                              0x7ff78ec61071
                                                                                                                                                              0x7ff78ec61079
                                                                                                                                                              0x7ff78ec61085
                                                                                                                                                              0x7ff78ec6108a
                                                                                                                                                              0x7ff78ec6108a
                                                                                                                                                              0x7ff78ec6108e
                                                                                                                                                              0x7ff78ec61097
                                                                                                                                                              0x7ff78ec610a1
                                                                                                                                                              0x7ff78ec610a6
                                                                                                                                                              0x7ff78ec610ab
                                                                                                                                                              0x7ff78ec610b1
                                                                                                                                                              0x7ff78ec610bb
                                                                                                                                                              0x7ff78ec610c0
                                                                                                                                                              0x7ff78ec610d2

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 1.2.12$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                              • API String ID: 0-1282086711
                                                                                                                                                              • Opcode ID: baf4f4de179d56368bf494cff5457aff3e985c1198a99148779083bb12f8483b
                                                                                                                                                              • Instruction ID: 39124dd5662798df12808b589fba4aeed294afbd56d84886a8dbf7986c7aca7f
                                                                                                                                                              • Opcode Fuzzy Hash: baf4f4de179d56368bf494cff5457aff3e985c1198a99148779083bb12f8483b
                                                                                                                                                              • Instruction Fuzzy Hash: B751D122E0868285EA60BBD5E4403BBA390FF84795FA44139EE4D877A5EF3CE555C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7E2C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                              			E00007FF77FF78EC7E2C0(void* __ebx, void* __ecx, void* __rax, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t38;
				signed long long _t59;
				intOrPtr _t63;
				signed long long _t74;
				signed long long _t77;
				signed long long _t78;
				long long _t84;
				void* _t88;
				signed long long _t92;
				signed long long _t93;
				long _t95;
				void* _t98;
				WCHAR* _t101;
				WCHAR* _t106;

				 *((long long*)(_t88 + 8)) = __rbx;
				 *((long long*)(_t88 + 0x10)) = _t84;
				 *((long long*)(_t88 + 0x18)) = __rsi;
				_push(_t77);
				r15d = __ecx;
				_t92 =  *0x8ec9d000; // 0x5e06c6841c27
				_t78 = _t77 | 0xffffffff;
				_t74 = _t92 ^  *(0x7ff78ec60000 + 0x4cf20 + _t106 * 8);
				asm("dec eax");
				if (_t74 == _t78) goto 0x8ec7e406;
				if (_t74 == 0) goto 0x8ec7e329;
				_t59 = _t74;
				goto 0x8ec7e408;
				if (__r8 == __r9) goto 0x8ec7e3eb;
				_t63 =  *((intOrPtr*)(0x7ff78ec60000 + 0x4ce80 + __rsi * 8));
				if (_t63 == 0) goto 0x8ec7e350;
				if (_t63 != _t78) goto 0x8ec7e445;
				goto 0x8ec7e3d7;
				r8d = 0x800; // executed
				LoadLibraryW(_t106); // executed
				if (_t59 != 0) goto 0x8ec7e425;
				if (GetLastError() != 0x57) goto 0x8ec7e3c5;
				_t14 = _t59 - 0x50; // -80
				_t38 = _t14;
				r8d = _t38;
				if (E00007FF77FF78EC79E9C(_t30, _t92) == 0) goto 0x8ec7e3c5;
				r8d = _t38;
				if (E00007FF77FF78EC79E9C(_t31, _t92) == 0) goto 0x8ec7e3c5;
				r8d = 0;
				LoadLibraryExW(_t101, _t98, _t95);
				if (_t59 != 0) goto 0x8ec7e425;
				 *((intOrPtr*)(0x7ff78ec60000 + 0x4ce80 + __rsi * 8)) = _t78;
				if (__r8 + 4 != __r9) goto 0x8ec7e332;
				_t93 =  *0x8ec9d000; // 0x5e06c6841c27
				asm("dec eax");
				 *(0x7ff78ec60000 + 0x4cf20 + _t106 * 8) = _t78 ^ _t93;
				return 0;
			}

















                                                                                                                                                              0x7ff78ec7e2c0
                                                                                                                                                              0x7ff78ec7e2c5
                                                                                                                                                              0x7ff78ec7e2ca
                                                                                                                                                              0x7ff78ec7e2cf
                                                                                                                                                              0x7ff78ec7e2dc
                                                                                                                                                              0x7ff78ec7e2f7
                                                                                                                                                              0x7ff78ec7e2fe
                                                                                                                                                              0x7ff78ec7e308
                                                                                                                                                              0x7ff78ec7e310
                                                                                                                                                              0x7ff78ec7e316
                                                                                                                                                              0x7ff78ec7e31f
                                                                                                                                                              0x7ff78ec7e321
                                                                                                                                                              0x7ff78ec7e324
                                                                                                                                                              0x7ff78ec7e32c
                                                                                                                                                              0x7ff78ec7e335
                                                                                                                                                              0x7ff78ec7e340
                                                                                                                                                              0x7ff78ec7e345
                                                                                                                                                              0x7ff78ec7e34b
                                                                                                                                                              0x7ff78ec7e35d
                                                                                                                                                              0x7ff78ec7e363
                                                                                                                                                              0x7ff78ec7e36f
                                                                                                                                                              0x7ff78ec7e37e
                                                                                                                                                              0x7ff78ec7e380
                                                                                                                                                              0x7ff78ec7e380
                                                                                                                                                              0x7ff78ec7e386
                                                                                                                                                              0x7ff78ec7e397
                                                                                                                                                              0x7ff78ec7e399
                                                                                                                                                              0x7ff78ec7e3ad
                                                                                                                                                              0x7ff78ec7e3af
                                                                                                                                                              0x7ff78ec7e3b7
                                                                                                                                                              0x7ff78ec7e3c3
                                                                                                                                                              0x7ff78ec7e3cf
                                                                                                                                                              0x7ff78ec7e3de
                                                                                                                                                              0x7ff78ec7e3e4
                                                                                                                                                              0x7ff78ec7e3f8
                                                                                                                                                              0x7ff78ec7e3fe
                                                                                                                                                              0x7ff78ec7e424

                                                                                                                                                              APIs
                                                                                                                                                              • FreeLibrary.KERNEL32(?,00000000,?,00007FF78EC7E65E,?,?,-00000018,00007FF78EC7A6C2,?,?,?,00007FF78EC7A5BA,?,?,?,00007FF78EC75282), ref: 00007FF78EC7E43F
                                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000,?,00007FF78EC7E65E,?,?,-00000018,00007FF78EC7A6C2,?,?,?,00007FF78EC7A5BA,?,?,?,00007FF78EC75282), ref: 00007FF78EC7E44B
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                              • Opcode ID: b632b23fbcbe9268c0735088e310e511c0fd73288f0276e0b877c3c5202d005e
                                                                                                                                                              • Instruction ID: 5c6499b42bbade3e7b405221895b049090c03eb0a786c22921a57de834e11637
                                                                                                                                                              • Opcode Fuzzy Hash: b632b23fbcbe9268c0735088e310e511c0fd73288f0276e0b877c3c5202d005e
                                                                                                                                                              • Instruction Fuzzy Hash: 3D41E462F0960285FA51BF9AED04579A396BF45BD0FA84139DD1E4B784EF3CE045C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7C90C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 917 7ff78ec7c90c-7ff78ec7c931 918 7ff78ec7cc09 917->918 919 7ff78ec7c937-7ff78ec7c93a 917->919 920 7ff78ec7cc0b-7ff78ec7cc1b 918->920 921 7ff78ec7c93c-7ff78ec7c96e call 7ff78ec7a180 919->921 922 7ff78ec7c973-7ff78ec7c99e 919->922 921->920 924 7ff78ec7c9a9-7ff78ec7c9af 922->924 925 7ff78ec7c9a0-7ff78ec7c9a7 922->925 927 7ff78ec7c9b1-7ff78ec7c9ba call 7ff78ec7bca8 924->927 928 7ff78ec7c9bf-7ff78ec7c9d8 call 7ff78ec82ab0 924->928 925->921 925->924 927->928 932 7ff78ec7c9de-7ff78ec7c9e7 928->932 933 7ff78ec7caf5-7ff78ec7cafe 928->933 932->933 936 7ff78ec7c9ed-7ff78ec7c9f1 932->936 934 7ff78ec7cb51-7ff78ec7cb76 WriteFile 933->934 935 7ff78ec7cb00-7ff78ec7cb05 933->935 937 7ff78ec7cb78-7ff78ec7cb7e GetLastError 934->937 938 7ff78ec7cb81 934->938 939 7ff78ec7cb3d-7ff78ec7cb4a call 7ff78ec7c3bc 935->939 940 7ff78ec7cb07-7ff78ec7cb0a 935->940 941 7ff78ec7ca06-7ff78ec7ca11 936->941 942 7ff78ec7c9f3-7ff78ec7c9ff call 7ff78ec735d0 936->942 937->938 946 7ff78ec7cb84 938->946 950 7ff78ec7cb4f 939->950 947 7ff78ec7cb0c-7ff78ec7cb0f 940->947 948 7ff78ec7cb29-7ff78ec7cb3b call 7ff78ec7c5dc 940->948 944 7ff78ec7ca13-7ff78ec7ca1c 941->944 945 7ff78ec7ca22-7ff78ec7ca37 GetConsoleMode 941->945 942->941 944->933 944->945 951 7ff78ec7ca3d-7ff78ec7ca40 945->951 952 7ff78ec7caea-7ff78ec7caee 945->952 953 7ff78ec7cb89 946->953 954 7ff78ec7cb99-7ff78ec7cba3 947->954 955 7ff78ec7cb15-7ff78ec7cb27 call 7ff78ec7c4c0 947->955 958 7ff78ec7cade-7ff78ec7cae5 948->958 950->958 959 7ff78ec7cac7-7ff78ec7cad9 call 7ff78ec7bf30 951->959 960 7ff78ec7ca46-7ff78ec7ca4d 951->960 952->933 961 7ff78ec7cb8e-7ff78ec7cb92 953->961 962 7ff78ec7cba5-7ff78ec7cbaa 954->962 963 7ff78ec7cc02-7ff78ec7cc07 954->963 955->958 958->953 959->958 960->961 967 7ff78ec7ca53-7ff78ec7ca61 960->967 961->954 968 7ff78ec7cbac-7ff78ec7cbaf 962->968 969 7ff78ec7cbd8-7ff78ec7cbe2 962->969 963->920 967->946 973 7ff78ec7ca67 967->973 974 7ff78ec7cbc8-7ff78ec7cbd3 call 7ff78ec75dc4 968->974 975 7ff78ec7cbb1-7ff78ec7cbc0 968->975 971 7ff78ec7cbea-7ff78ec7cbf9 969->971 972 7ff78ec7cbe4-7ff78ec7cbe8 969->972 971->963 972->918 972->971 976 7ff78ec7ca6a-7ff78ec7ca81 call 7ff78ec82b7c 973->976 974->969 975->974 981 7ff78ec7cab9-7ff78ec7cac2 GetLastError 976->981 982 7ff78ec7ca83-7ff78ec7ca8d 976->982 981->946 983 7ff78ec7caaa-7ff78ec7cab1 982->983 984 7ff78ec7ca8f-7ff78ec7caa1 call 7ff78ec82b7c 982->984 983->946 986 7ff78ec7cab7 983->986 984->981 988 7ff78ec7caa3-7ff78ec7caa8 984->988 986->976 988->983
                                                                                                                                                              C-Code - Quality: 33%
                                                                                                                                                              			E00007FF77FF78EC7C90C(void* __ebx, signed int __ecx, void* __edi, void* __ebp, void* __rax, signed short* __rdx, void* __r8, signed int __r9, void* __r10) {
				signed short _v80;
				void* _v92;
				unsigned int _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				signed int _v120;
				long long _v128;
				signed int _v136;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t107;
				void* _t110;
				void* _t111;
				long _t116;
				signed int _t117;
				void* _t122;
				signed int _t128;
				intOrPtr _t147;
				intOrPtr _t148;
				void* _t149;
				void* _t169;
				signed long long _t182;
				signed long long _t186;
				void* _t187;
				signed long long _t189;
				signed long long _t208;
				unsigned int _t209;
				void* _t210;
				void* _t212;
				void* _t228;
				signed long long _t229;
				signed short* _t230;
				void* _t231;
				signed short* _t232;

				_t149 = __ebp;
				_t122 = __ebx;
				r15d = r8d;
				_t186 = __r9;
				_t230 = __rdx;
				if (r8d == 0) goto 0x8ec7cc09;
				if (__rdx != 0) goto 0x8ec7c973;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v128 = __r9;
				_v136 = _t209;
				E00007FF77FF78EC7A180(__rax, __r9, _t187, __rdx, _t210, _t212, __r8);
				goto 0x8ec7cc0b;
				_t189 = __ecx >> 6;
				_v120 = _t189;
				_t229 = __ecx + __ecx * 8;
				if (_t210 - 1 - 1 > 0) goto 0x8ec7c9a9;
				if (( !r15d & 0x00000001) == 0) goto 0x8ec7c93c;
				if (( *( *((intOrPtr*)(0x8ecaca50 + _t189 * 8)) + 0x38 + _t229 * 8) & 0x00000020) == 0) goto 0x8ec7c9bf;
				r8d = 0x7ff78ecaca52;
				0x8ec7bca8();
				_v96 = _t209;
				if (E00007FF77FF78EC82AB0(r12d, __ecx,  *((intOrPtr*)(0x8ecaca50 + _t189 * 8))) == 0) goto 0x8ec7caf5;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0x8ec7caf5;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0x8ec7ca06;
				E00007FF77FF78EC735D0( *((intOrPtr*)(0x8ecaca50 + _v120 * 8)), __r9, __r9, _t210);
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t209) goto 0x8ec7ca22;
				_t182 =  *((intOrPtr*)(0x8ecaca50 + _v120 * 8));
				if ( *((intOrPtr*)(_t182 + 0x39 + _t229 * 8)) == dil) goto 0x8ec7caf5;
				if (GetConsoleMode(??, ??) == 0) goto 0x8ec7caea;
				if (sil == 0) goto 0x8ec7cac7;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0x8ec7cb8e;
				_t228 = _t230 + _t231;
				_v112 = _t209;
				_t232 = _t230;
				if (_t230 - _t228 >= 0) goto 0x8ec7cb84;
				_v80 =  *_t232 & 0x0000ffff;
				_t107 = E00007FF77FF78EC82B7C( *_t232 & 0xffff, _t182);
				_t128 = _v80 & 0x0000ffff;
				if (_t107 != _t128) goto 0x8ec7cab9;
				_t147 = _v108 + 2;
				_v108 = _t147;
				if (_t128 != 0xa) goto 0x8ec7caaa;
				if (E00007FF77FF78EC82B7C(0xd, _t182) != 0xd) goto 0x8ec7cab9;
				_t148 = _t147 + 1;
				_v108 = _t148;
				if ( &(_t232[1]) - _t228 >= 0) goto 0x8ec7cb84;
				goto 0x8ec7ca6a;
				_v112 = GetLastError();
				goto 0x8ec7cb84;
				r9d = r15d;
				_v136 = __r9;
				_t110 = E00007FF77FF78EC7BF30(r12d, 1, __r9,  &_v112, _t230);
				asm("movsd xmm0, [eax]");
				goto 0x8ec7cb89;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x8ecaca50 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0x8ec7cb51;
				_t169 = sil;
				if (_t169 == 0) goto 0x8ec7cb3d;
				if (_t169 == 0) goto 0x8ec7cb29;
				if (_t148 - 1 != 1) goto 0x8ec7cb99;
				r9d = r15d;
				_t111 = E00007FF77FF78EC7C4C0(_t110, _t122, r12d, _t186,  &_v112, _t212, _t230);
				goto 0x8ec7cade;
				r9d = r15d;
				E00007FF77FF78EC7C5DC(_t111, _t148 - 1, r12d, _t148, _t149, _t186,  &_v112, _t212, _t230);
				goto 0x8ec7cade;
				r9d = r15d;
				E00007FF77FF78EC7C3BC(_t122, r12d, _t186,  &_v112, _t212, _t230); // executed
				goto 0x8ec7cade;
				r8d = r15d;
				_v136 = _v136 & _t182;
				_v112 = _t182;
				_v104 = 0;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0x8ec7cb81;
				_t116 = GetLastError();
				_v112 = _t116;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_t116 != 0) goto 0x8ec7cc02;
				_t117 = _v96;
				if (_t117 == 0) goto 0x8ec7cbd8;
				if (_t117 != 5) goto 0x8ec7cbc8;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 9;
				 *((char*)(_t186 + 0x38)) = 1;
				 *(_t186 + 0x34) = _t117;
				goto 0x8ec7c96b;
				_t208 = _t186;
				E00007FF77FF78EC75DC4(_t117, _v96 >> 0x20,  *((intOrPtr*)( &_v112 + 0x28 + _t229 * 8)), _t208);
				goto 0x8ec7c96b;
				if (( *( *((intOrPtr*)(0x8ecaca50 + _t208 * 8)) + 0x38 + _t229 * 8) & 0x00000040) == 0) goto 0x8ec7cbea;
				if ( *_t230 == 0x1a) goto 0x8ec7cc09;
				 *(_t186 + 0x34) =  *(_t186 + 0x34) & 0x00000000;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 0x1c;
				 *((char*)(_t186 + 0x38)) = 1;
				goto 0x8ec7c96b;
				goto 0x8ec7cc0b;
				return 0;
			}







































                                                                                                                                                              0x7ff78ec7c90c
                                                                                                                                                              0x7ff78ec7c90c
                                                                                                                                                              0x7ff78ec7c922
                                                                                                                                                              0x7ff78ec7c928
                                                                                                                                                              0x7ff78ec7c92b
                                                                                                                                                              0x7ff78ec7c931
                                                                                                                                                              0x7ff78ec7c93a
                                                                                                                                                              0x7ff78ec7c93c
                                                                                                                                                              0x7ff78ec7c941
                                                                                                                                                              0x7ff78ec7c944
                                                                                                                                                              0x7ff78ec7c94a
                                                                                                                                                              0x7ff78ec7c951
                                                                                                                                                              0x7ff78ec7c959
                                                                                                                                                              0x7ff78ec7c95c
                                                                                                                                                              0x7ff78ec7c961
                                                                                                                                                              0x7ff78ec7c966
                                                                                                                                                              0x7ff78ec7c96e
                                                                                                                                                              0x7ff78ec7c983
                                                                                                                                                              0x7ff78ec7c987
                                                                                                                                                              0x7ff78ec7c98b
                                                                                                                                                              0x7ff78ec7c99e
                                                                                                                                                              0x7ff78ec7c9a7
                                                                                                                                                              0x7ff78ec7c9af
                                                                                                                                                              0x7ff78ec7c9b6
                                                                                                                                                              0x7ff78ec7c9ba
                                                                                                                                                              0x7ff78ec7c9c2
                                                                                                                                                              0x7ff78ec7c9d8
                                                                                                                                                              0x7ff78ec7c9e7
                                                                                                                                                              0x7ff78ec7c9f1
                                                                                                                                                              0x7ff78ec7c9f6
                                                                                                                                                              0x7ff78ec7ca11
                                                                                                                                                              0x7ff78ec7ca13
                                                                                                                                                              0x7ff78ec7ca1c
                                                                                                                                                              0x7ff78ec7ca37
                                                                                                                                                              0x7ff78ec7ca40
                                                                                                                                                              0x7ff78ec7ca46
                                                                                                                                                              0x7ff78ec7ca4d
                                                                                                                                                              0x7ff78ec7ca53
                                                                                                                                                              0x7ff78ec7ca57
                                                                                                                                                              0x7ff78ec7ca5b
                                                                                                                                                              0x7ff78ec7ca61
                                                                                                                                                              0x7ff78ec7ca71
                                                                                                                                                              0x7ff78ec7ca75
                                                                                                                                                              0x7ff78ec7ca7a
                                                                                                                                                              0x7ff78ec7ca81
                                                                                                                                                              0x7ff78ec7ca83
                                                                                                                                                              0x7ff78ec7ca86
                                                                                                                                                              0x7ff78ec7ca8d
                                                                                                                                                              0x7ff78ec7caa1
                                                                                                                                                              0x7ff78ec7caa3
                                                                                                                                                              0x7ff78ec7caa5
                                                                                                                                                              0x7ff78ec7cab1
                                                                                                                                                              0x7ff78ec7cab7
                                                                                                                                                              0x7ff78ec7cabf
                                                                                                                                                              0x7ff78ec7cac2
                                                                                                                                                              0x7ff78ec7cac7
                                                                                                                                                              0x7ff78ec7caca
                                                                                                                                                              0x7ff78ec7cad9
                                                                                                                                                              0x7ff78ec7cade
                                                                                                                                                              0x7ff78ec7cae5
                                                                                                                                                              0x7ff78ec7cafe
                                                                                                                                                              0x7ff78ec7cb02
                                                                                                                                                              0x7ff78ec7cb05
                                                                                                                                                              0x7ff78ec7cb0a
                                                                                                                                                              0x7ff78ec7cb0f
                                                                                                                                                              0x7ff78ec7cb15
                                                                                                                                                              0x7ff78ec7cb22
                                                                                                                                                              0x7ff78ec7cb27
                                                                                                                                                              0x7ff78ec7cb29
                                                                                                                                                              0x7ff78ec7cb36
                                                                                                                                                              0x7ff78ec7cb3b
                                                                                                                                                              0x7ff78ec7cb3d
                                                                                                                                                              0x7ff78ec7cb4a
                                                                                                                                                              0x7ff78ec7cb4f
                                                                                                                                                              0x7ff78ec7cb5c
                                                                                                                                                              0x7ff78ec7cb5f
                                                                                                                                                              0x7ff78ec7cb67
                                                                                                                                                              0x7ff78ec7cb6b
                                                                                                                                                              0x7ff78ec7cb76
                                                                                                                                                              0x7ff78ec7cb78
                                                                                                                                                              0x7ff78ec7cb7e
                                                                                                                                                              0x7ff78ec7cb84
                                                                                                                                                              0x7ff78ec7cb89
                                                                                                                                                              0x7ff78ec7cba3
                                                                                                                                                              0x7ff78ec7cba5
                                                                                                                                                              0x7ff78ec7cbaa
                                                                                                                                                              0x7ff78ec7cbaf
                                                                                                                                                              0x7ff78ec7cbb1
                                                                                                                                                              0x7ff78ec7cbb5
                                                                                                                                                              0x7ff78ec7cbbc
                                                                                                                                                              0x7ff78ec7cbc0
                                                                                                                                                              0x7ff78ec7cbc3
                                                                                                                                                              0x7ff78ec7cbcb
                                                                                                                                                              0x7ff78ec7cbce
                                                                                                                                                              0x7ff78ec7cbd3
                                                                                                                                                              0x7ff78ec7cbe2
                                                                                                                                                              0x7ff78ec7cbe8
                                                                                                                                                              0x7ff78ec7cbea
                                                                                                                                                              0x7ff78ec7cbee
                                                                                                                                                              0x7ff78ec7cbf2
                                                                                                                                                              0x7ff78ec7cbf9
                                                                                                                                                              0x7ff78ec7cbfd
                                                                                                                                                              0x7ff78ec7cc07
                                                                                                                                                              0x7ff78ec7cc1b

                                                                                                                                                              APIs
                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF78EC7C8AC), ref: 00007FF78EC7CA2F
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF78EC7C8AC), ref: 00007FF78EC7CAB9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 953036326-0
                                                                                                                                                              • Opcode ID: df05b39e20d6b4a305b54bd5c45073e258c55b21ec4cfff64fadfea93fa7a073
                                                                                                                                                              • Instruction ID: 143c5ee49d4b80e635efe00ad525881e07d830d1ac65c7ec1cc26c676e5775ca
                                                                                                                                                              • Opcode Fuzzy Hash: df05b39e20d6b4a305b54bd5c45073e258c55b21ec4cfff64fadfea93fa7a073
                                                                                                                                                              • Instruction Fuzzy Hash: 65910662E18653A9F750EFA9DC80ABDABA0FB48798FA44135DE4E13694DF38D441C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7ECC0 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 989 7ff78ec7ecc0-7ff78ec7ecfd 990 7ff78ec7eea8-7ff78ec7eeb3 call 7ff78ec75e08 989->990 991 7ff78ec7ed03-7ff78ec7ed09 989->991 997 7ff78ec7eeb7-7ff78ec7eed3 call 7ff78ec6a040 990->997 991->990 992 7ff78ec7ed0f-7ff78ec7ed17 991->992 992->990 994 7ff78ec7ed1d-7ff78ec7ed20 992->994 994->990 996 7ff78ec7ed26-7ff78ec7ed37 994->996 998 7ff78ec7ed39-7ff78ec7ed42 call 7ff78ec7ec60 996->998 999 7ff78ec7ed61-7ff78ec7ed65 996->999 998->990 1007 7ff78ec7ed48-7ff78ec7ed4b 998->1007 999->990 1003 7ff78ec7ed6b-7ff78ec7ed6f 999->1003 1003->990 1004 7ff78ec7ed75-7ff78ec7ed79 1003->1004 1004->990 1006 7ff78ec7ed7f-7ff78ec7ed8f call 7ff78ec7ec60 1004->1006 1012 7ff78ec7ed98 call 7ff78ec8535c 1006->1012 1013 7ff78ec7ed91-7ff78ec7ed94 1006->1013 1007->990 1009 7ff78ec7ed51-7ff78ec7ed54 1007->1009 1009->990 1011 7ff78ec7ed5a 1009->1011 1011->999 1016 7ff78ec7ed9d-7ff78ec7edb4 call 7ff78ec84768 1012->1016 1013->1012 1014 7ff78ec7ed96 1013->1014 1014->1012 1019 7ff78ec7edba-7ff78ec7edc5 call 7ff78ec84798 1016->1019 1020 7ff78ec7eed4-7ff78ec7eeeb call 7ff78ec7a270 1016->1020 1019->1020 1025 7ff78ec7edcb-7ff78ec7edd6 call 7ff78ec847c8 1019->1025 1025->1020 1028 7ff78ec7eddc-7ff78ec7ee6d 1025->1028 1029 7ff78ec7eea3-7ff78ec7eea6 1028->1029 1030 7ff78ec7ee6f-7ff78ec7ee89 1028->1030 1029->997 1031 7ff78ec7ee9e-7ff78ec7eea1 1030->1031 1032 7ff78ec7ee8b-7ff78ec7ee8f 1030->1032 1031->997 1032->1031 1033 7ff78ec7ee91-7ff78ec7ee9c call 7ff78ec8539c 1032->1033 1033->1029 1033->1031
                                                                                                                                                              C-Code - Quality: 97%
                                                                                                                                                              			E00007FF77FF78EC7ECC0(void* __eax, void* __ebx, void* __ecx, signed int __edx, void* __rcx, void* __rdx, intOrPtr _a40, intOrPtr _a48, intOrPtr _a56) {
				signed int _v80;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v104;
				signed long long _v112;
				intOrPtr _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				unsigned int _v136;
				void* __rbx;
				void* _t55;
				void* _t66;
				intOrPtr _t69;
				void* _t88;
				signed long long _t89;
				intOrPtr _t91;
				signed long long _t113;
				signed long long _t114;
				intOrPtr* _t121;
				void* _t123;
				signed long long _t141;
				void* _t146;

				_t113 =  *0x8ec9d000; // 0x5e06c6841c27
				_t114 = _t113 ^ _t146 - 0x00000078;
				_v80 = _t114;
				_t69 = __rcx - 0x76c;
				_t89 = r8d;
				_v136 = r9d;
				_t141 = __edx;
				if (_t69 - 0x46 < 0) goto 0x8ec7eea8;
				if (_t69 - 0x44d > 0) goto 0x8ec7eea8;
				r15d = __edx - 1;
				if (r15d - 0xb > 0) goto 0x8ec7eea8;
				if (r8d <= 0) goto 0x8ec7eea8;
				if (r8d -  *((intOrPtr*)(0x8ec97640 + __edx * 4)) -  *((intOrPtr*)(0x8ec97640 + __edx * 4 - 4)) <= 0) goto 0x8ec7ed61;
				if (E00007FF77FF78EC7EC60(_t69, r8d -  *((intOrPtr*)(0x8ec97640 + __edx * 4)) -  *((intOrPtr*)(0x8ec97640 + __edx * 4 - 4)), 0x8ec97640, __rdx) == 0) goto 0x8ec7eea8;
				if (_t88 != 2) goto 0x8ec7eea8;
				if (_t89 - 0x1d > 0) goto 0x8ec7eea8;
				if (_v136 - 0x17 > 0) goto 0x8ec7eea8;
				if (r13d - 0x3b > 0) goto 0x8ec7eea8;
				if (r12d - 0x3b > 0) goto 0x8ec7eea8;
				_t55 = E00007FF77FF78EC7EC60(_t69, r12d - 0x3b, 0x8ec97640, __rdx);
				r14d = 0;
				if (_t55 == 0) goto 0x8ec7ed98;
				if (_t88 - 2 <= 0) goto 0x8ec7ed98;
				_t91 = _t89 +  *((intOrPtr*)(0x8ec97640 + _t141 * 4 - 4)) + 1; // executed
				E00007FF77FF78EC8535C(); // executed
				_v124 = r14d;
				_v128 = r14d;
				_v132 = r14d;
				if (E00007FF77FF78EC84768(_t69, _t114,  &_v124, __rdx) != 0) goto 0x8ec7eed4;
				if (E00007FF77FF78EC84798(_t114,  &_v128) != 0) goto 0x8ec7eed4;
				if (E00007FF77FF78EC847C8(_t114,  &_v132) != 0) goto 0x8ec7eed4;
				r8d = _t123 - 1;
				r10d = 0x51eb851f;
				r9d = r10d * (_t123 + 0x12b) >> 0x20;
				r9d = r9d >> 7;
				r9d = r9d + (r9d >> 0x1f);
				r9d = r9d - (r10d * r8d >> 0x20 >> 5) + (r10d * r8d >> 0x20 >> 5 >> 0x1f);
				asm("cdq");
				if (_a56 == 1) goto 0x8ec7eea3;
				_v92 = _t91;
				_v100 = _t69;
				_v104 = r15d;
				_v112 = r8d;
				_v116 = r13d;
				_v120 = r12d;
				if (_a56 != 0xffffffff) goto 0x8ec7ee9e;
				if (_v124 == 0) goto 0x8ec7ee9e;
				if (E00007FF77FF78EC8539C(_t69, _v132, _t123,  &_v120) != 0) goto 0x8ec7eea3;
				goto 0x8ec7eeb7;
				_t121 = _v128 + ((_v136 + ((__rdx + _t114 >> 2) + 0xffffffef + r9d + (_t69 - 0x46) * 0x16d + _t91 + ((__rdx + _t114 >> 2) + 0xffffffef + r9d + (_t69 - 0x46) * 0x16d + _t91) * 2) * 8) * 0x3c + _a40) * 0x3c + _v132 + _a48;
				goto 0x8ec7eeb7;
				_t66 = E00007FF77FF78EC75E08(_t121);
				 *_t121 = 0x16;
				return E00007FF77FF78EC6A040(_t66, (__rdx + _t114 >> 2) + 0xffffffef + r9d, _v80 ^ _t146 - 0x00000078);
			}



























                                                                                                                                                              0x7ff78ec7ecd4
                                                                                                                                                              0x7ff78ec7ecdb
                                                                                                                                                              0x7ff78ec7ecde
                                                                                                                                                              0x7ff78ec7ece6
                                                                                                                                                              0x7ff78ec7ecf0
                                                                                                                                                              0x7ff78ec7ecf3
                                                                                                                                                              0x7ff78ec7ecf7
                                                                                                                                                              0x7ff78ec7ecfd
                                                                                                                                                              0x7ff78ec7ed09
                                                                                                                                                              0x7ff78ec7ed0f
                                                                                                                                                              0x7ff78ec7ed17
                                                                                                                                                              0x7ff78ec7ed20
                                                                                                                                                              0x7ff78ec7ed37
                                                                                                                                                              0x7ff78ec7ed42
                                                                                                                                                              0x7ff78ec7ed4b
                                                                                                                                                              0x7ff78ec7ed54
                                                                                                                                                              0x7ff78ec7ed65
                                                                                                                                                              0x7ff78ec7ed6f
                                                                                                                                                              0x7ff78ec7ed79
                                                                                                                                                              0x7ff78ec7ed85
                                                                                                                                                              0x7ff78ec7ed8a
                                                                                                                                                              0x7ff78ec7ed8f
                                                                                                                                                              0x7ff78ec7ed94
                                                                                                                                                              0x7ff78ec7ed96
                                                                                                                                                              0x7ff78ec7ed98
                                                                                                                                                              0x7ff78ec7eda1
                                                                                                                                                              0x7ff78ec7eda5
                                                                                                                                                              0x7ff78ec7eda9
                                                                                                                                                              0x7ff78ec7edb4
                                                                                                                                                              0x7ff78ec7edc5
                                                                                                                                                              0x7ff78ec7edd6
                                                                                                                                                              0x7ff78ec7ede6
                                                                                                                                                              0x7ff78ec7edea
                                                                                                                                                              0x7ff78ec7edf8
                                                                                                                                                              0x7ff78ec7edfe
                                                                                                                                                              0x7ff78ec7ee12
                                                                                                                                                              0x7ff78ec7ee1c
                                                                                                                                                              0x7ff78ec7ee1f
                                                                                                                                                              0x7ff78ec7ee6d
                                                                                                                                                              0x7ff78ec7ee73
                                                                                                                                                              0x7ff78ec7ee76
                                                                                                                                                              0x7ff78ec7ee79
                                                                                                                                                              0x7ff78ec7ee7d
                                                                                                                                                              0x7ff78ec7ee81
                                                                                                                                                              0x7ff78ec7ee85
                                                                                                                                                              0x7ff78ec7ee89
                                                                                                                                                              0x7ff78ec7ee8f
                                                                                                                                                              0x7ff78ec7ee9c
                                                                                                                                                              0x7ff78ec7eea1
                                                                                                                                                              0x7ff78ec7eea3
                                                                                                                                                              0x7ff78ec7eea6
                                                                                                                                                              0x7ff78ec7eea8
                                                                                                                                                              0x7ff78ec7eead
                                                                                                                                                              0x7ff78ec7eed3

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                              • Opcode ID: c3e661dd0a8e72af9d0f52d4d715681398ec2a18bb9594ad95e5ad467ce8c58d
                                                                                                                                                              • Instruction ID: 06ea93badd9026419239e24a7e5f13eac1af4206c3a66164dfd7f9841d7124dd
                                                                                                                                                              • Opcode Fuzzy Hash: c3e661dd0a8e72af9d0f52d4d715681398ec2a18bb9594ad95e5ad467ce8c58d
                                                                                                                                                              • Instruction Fuzzy Hash: 3251B573F042228EFB24EFA8DD456BCA7A1BB51398FA0053DDE1D56AD5DB38A402C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F75A30 Relevance: 6.1, APIs: 4, Instructions: 129COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$__security_init_cookie
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2222513578-0
                                                                                                                                                              • Opcode ID: cc27e716cf3bdf85bd4c0a7f4153a8ed71bdbc51b4d7b2ddf286053f4db488f7
                                                                                                                                                              • Instruction ID: c7452f331b80009cde9c03b4b34116f31ee279a75fe7b271647e011708673599
                                                                                                                                                              • Opcode Fuzzy Hash: cc27e716cf3bdf85bd4c0a7f4153a8ed71bdbc51b4d7b2ddf286053f4db488f7
                                                                                                                                                              • Instruction Fuzzy Hash: 6A51B420E8C23FC2FA5467A9B5911791385AF84FA2F164234D81E277D6DEACF840C633
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC745DC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 52%
                                                                                                                                                              			E00007FF77FF78EC745DC(void* __ecx, intOrPtr __edx, long long __rbx, void* __rcx, void* __r8, intOrPtr* __r9, long long _a16) {
				signed int _v56;
				intOrPtr _v64;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v120;
				signed long long _v128;
				long long _v136;
				void* __rsi;
				void* __rbp;
				long _t37;
				intOrPtr _t40;
				int _t42;
				signed int _t47;
				long _t52;
				void* _t59;
				intOrPtr _t62;
				void* _t69;
				signed long long _t81;
				signed long long _t82;
				intOrPtr _t92;
				void* _t105;

				_a16 = __rbx;
				_t81 =  *0x8ec9d000; // 0x5e06c6841c27
				_t82 = _t81 ^ _t105 - 0x00000080;
				_v56 = _t82;
				r14d = __edx; // executed
				_t37 = GetFileType(??); // executed
				r15d = 1;
				asm("btr ecx, 0xf");
				if (_t37 != r15d) goto 0x8ec746e7;
				 *((intOrPtr*)(__r9 + 8)) = r15w;
				if (__rcx == 0) goto 0x8ec74656;
				_v120 = _v120 & 0x00000000;
				if (E00007FF77FF78EC749FC(_t59, __edx, _t82, __rcx,  &_v120, __r8) == 0) goto 0x8ec746fe;
				_t40 = _v120 - 1;
				 *((intOrPtr*)(__r9 + 0x10)) = _t40;
				 *__r9 = _t40;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x48], xmm0");
				_v64 = 0;
				asm("movups [ebp-0x38], xmm0");
				asm("movups [ebp-0x28], xmm0"); // executed
				_t42 = GetFileInformationByHandle(??, ??); // executed
				if (_t42 == 0) goto 0x8ec74702;
				_t62 = _v112;
				_t99 = __rcx;
				 *((short*)(__r9 + 6)) = E00007FF77FF78EC748C0(_t42, _t59, _t62, _t69, __r9, __r8, __rcx, __r8, _t105);
				E00007FF77FF78EC74784(_v92, _t99); // executed
				 *(__r9 + 0x20) = _t82;
				E00007FF77FF78EC74784(_v100, _t82); // executed
				_t92 = _v108;
				 *(__r9 + 0x18) = _t82;
				E00007FF77FF78EC74784(_t92,  *(__r9 + 0x20)); // executed
				 *(__r9 + 0x28) = _t82;
				 *(__r9 + 0x14) =  *(__r9 + 0x14) & 0x00000000;
				if (_v80 != 0) goto 0x8ec746da;
				_t47 = _v76;
				if (_t47 - 0x7fffffff > 0) goto 0x8ec746da;
				 *(__r9 + 0x14) = _t47;
				goto 0x8ec7475e;
				E00007FF77FF78EC75E08(_t82);
				 *_t82 = 0x84;
				goto 0x8ec746fe;
				_t25 = _t92 - 2; // -2
				if (_t25 - r15d <= 0) goto 0x8ec74711;
				if (_t62 != 0) goto 0x8ec74702;
				E00007FF77FF78EC75E08(_t82);
				 *_t82 = 9;
				goto 0x8ec74761;
				_t52 = GetLastError();
				E00007FF77FF78EC75D7C(_t82, _t92);
				goto 0x8ec746fe;
				 *((intOrPtr*)(__r9 + 8)) = r15w;
				 *((intOrPtr*)(__r9 + 0x10)) = r14d;
				 *__r9 = r14d;
				_t55 =  ==  ? 0x2000 : 0x1000;
				 *((short*)(__r9 + 6)) =  ==  ? 0x2000 : 0x1000;
				if (_t52 == 2) goto 0x8ec7475e;
				_v128 = _v128 & 0x00000000;
				_v136 =  &_v120;
				r9d = 0;
				r8d = 0;
				if (PeekNamedPipe(??, ??, ??, ??, ??, ??) == 0) goto 0x8ec7475e;
				 *(__r9 + 0x14) = _v120;
				return E00007FF77FF78EC6A040(r15b, _v120, _v56 ^ _t105 - 0x00000080);
			}




























                                                                                                                                                              0x7ff78ec745dc
                                                                                                                                                              0x7ff78ec745f2
                                                                                                                                                              0x7ff78ec745f9
                                                                                                                                                              0x7ff78ec745fc
                                                                                                                                                              0x7ff78ec7460c
                                                                                                                                                              0x7ff78ec7460f
                                                                                                                                                              0x7ff78ec74617
                                                                                                                                                              0x7ff78ec7461d
                                                                                                                                                              0x7ff78ec74624
                                                                                                                                                              0x7ff78ec7462a
                                                                                                                                                              0x7ff78ec74632
                                                                                                                                                              0x7ff78ec74634
                                                                                                                                                              0x7ff78ec74646
                                                                                                                                                              0x7ff78ec7464f
                                                                                                                                                              0x7ff78ec74651
                                                                                                                                                              0x7ff78ec74654
                                                                                                                                                              0x7ff78ec74656
                                                                                                                                                              0x7ff78ec74662
                                                                                                                                                              0x7ff78ec74666
                                                                                                                                                              0x7ff78ec74669
                                                                                                                                                              0x7ff78ec7466d
                                                                                                                                                              0x7ff78ec74671
                                                                                                                                                              0x7ff78ec74679
                                                                                                                                                              0x7ff78ec7467f
                                                                                                                                                              0x7ff78ec74682
                                                                                                                                                              0x7ff78ec74690
                                                                                                                                                              0x7ff78ec74694
                                                                                                                                                              0x7ff78ec746a0
                                                                                                                                                              0x7ff78ec746a4
                                                                                                                                                              0x7ff78ec746ad
                                                                                                                                                              0x7ff78ec746b1
                                                                                                                                                              0x7ff78ec746b5
                                                                                                                                                              0x7ff78ec746ba
                                                                                                                                                              0x7ff78ec746be
                                                                                                                                                              0x7ff78ec746c6
                                                                                                                                                              0x7ff78ec746c8
                                                                                                                                                              0x7ff78ec746d0
                                                                                                                                                              0x7ff78ec746d2
                                                                                                                                                              0x7ff78ec746d5
                                                                                                                                                              0x7ff78ec746da
                                                                                                                                                              0x7ff78ec746df
                                                                                                                                                              0x7ff78ec746e5
                                                                                                                                                              0x7ff78ec746e7
                                                                                                                                                              0x7ff78ec746ed
                                                                                                                                                              0x7ff78ec746f1
                                                                                                                                                              0x7ff78ec746f3
                                                                                                                                                              0x7ff78ec746f8
                                                                                                                                                              0x7ff78ec74700
                                                                                                                                                              0x7ff78ec74702
                                                                                                                                                              0x7ff78ec7470a
                                                                                                                                                              0x7ff78ec7470f
                                                                                                                                                              0x7ff78ec74714
                                                                                                                                                              0x7ff78ec7471e
                                                                                                                                                              0x7ff78ec74727
                                                                                                                                                              0x7ff78ec7472a
                                                                                                                                                              0x7ff78ec7472e
                                                                                                                                                              0x7ff78ec74732
                                                                                                                                                              0x7ff78ec74734
                                                                                                                                                              0x7ff78ec7473e
                                                                                                                                                              0x7ff78ec74743
                                                                                                                                                              0x7ff78ec74749
                                                                                                                                                              0x7ff78ec74756
                                                                                                                                                              0x7ff78ec7475b
                                                                                                                                                              0x7ff78ec74783

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                              • Opcode ID: 6eaa4ef96a403fe5916438ab277e3d4369226d7cf89e13e50e0c4077950b2f56
                                                                                                                                                              • Instruction ID: b38cc72efa3c2a6e092326ef99578d394c361f2534a5f1e98c43cf08dc122f6a
                                                                                                                                                              • Opcode Fuzzy Hash: 6eaa4ef96a403fe5916438ab277e3d4369226d7cf89e13e50e0c4077950b2f56
                                                                                                                                                              • Instruction Fuzzy Hash: 56519A22E086418AFB10EFF5D8513BDA7B5BB48B88FA08534DE0D5B689DF38D481C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC74488 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                              • Opcode ID: 390b95db17affa4f208a6eb99fe2f87c4499dc450baf817df354288345797a4a
                                                                                                                                                              • Instruction ID: f2cf2d6351d62502ccdba2e68ebe3eacc76c4566abdf5f664deac7cd727edc8f
                                                                                                                                                              • Opcode Fuzzy Hash: 390b95db17affa4f208a6eb99fe2f87c4499dc450baf817df354288345797a4a
                                                                                                                                                              • Instruction Fuzzy Hash: 7D418132E2878183E750ABE4D940379A260FB957A4F609334EA6C03AD1DF7CE5E4C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6A1AC Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                              			E00007FF77FF78EC6A1AC(void* __eax, void* __ecx, intOrPtr* __rax, long long __rbx, long long __rsi, void* __r8, long long _a8, long long _a16) {
				char _v24;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t23;
				void* _t25;
				void* _t29;
				void* _t33;
				intOrPtr _t39;
				intOrPtr* _t58;
				intOrPtr* _t59;
				void* _t65;

				_t60 = __rbx;
				_t58 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_t10 = E00007FF77FF78EC6A62C(_t33, _t65); // executed
				if (_t10 == 0) goto 0x8ec6a303;
				sil = 0;
				_v24 = sil;
				_t11 = E00007FF77FF78EC6A5F0(_t58);
				_t39 =  *0x8ecac560; // 0x2
				if (_t39 == 1) goto 0x8ec6a30e;
				if (_t39 != 0) goto 0x8ec6a239;
				 *0x8ecac560 = 1;
				_t12 = E00007FF77FF78EC78B18(__rbx, 0x8ec8a3a0, 0x8ec8a3e0); // executed
				if (_t12 == 0) goto 0x8ec6a21a;
				goto 0x8ec6a2f3;
				E00007FF77FF78EC78AD4(_t60, 0x8ec8a388, 0x8ec8a398); // executed
				 *0x8ecac560 = 2;
				goto 0x8ec6a241;
				sil = 1;
				_v24 = sil;
				E00007FF77FF78EC6A944(E00007FF77FF78EC6A79C(_t11, _t58));
				if ( *_t58 == 0) goto 0x8ec6a274;
				if (E00007FF77FF78EC6A704( *_t58, _t58) == 0) goto 0x8ec6a274;
				r8d = 0;
				_t59 =  *_t58;
				E00007FF77FF78EC6A94C( *0x8ec8a360());
				if ( *_t59 == 0) goto 0x8ec6a296;
				if (E00007FF77FF78EC6A704( *_t59, _t59) == 0) goto 0x8ec6a296;
				E00007FF77FF78EC78E34(_t20,  *_t59);
				_t23 = E00007FF77FF78EC6E300(E00007FF77FF78EC78A7C( *_t59, __rsi));
				_t63 =  *_t59;
				E00007FF77FF78EC6E2F8(_t23);
				_t81 = _t59;
				_t25 = E00007FF77FF78EC61000(_t59,  *_t59,  *_t59); // executed
				if (E00007FF77FF78EC6AAB0(_t59) == 0) goto 0x8ec6a318;
				if (sil != 0) goto 0x8ec6a2cd;
				E00007FF77FF78EC78E18(_t26, _t59);
				E00007FF77FF78EC6A7C0(1, 0);
				_t29 = _t25;
				if (E00007FF77FF78EC6AAB0(_t59) == 0) goto 0x8ec6a320;
				if (_v24 != 0) goto 0x8ec6a2f1;
				E00007FF77FF78EC78E08(_t30, _t63, _t81);
				return _t29;
			}















                                                                                                                                                              0x7ff78ec6a1ac
                                                                                                                                                              0x7ff78ec6a1ac
                                                                                                                                                              0x7ff78ec6a1ac
                                                                                                                                                              0x7ff78ec6a1b1
                                                                                                                                                              0x7ff78ec6a1c0
                                                                                                                                                              0x7ff78ec6a1c7
                                                                                                                                                              0x7ff78ec6a1cd
                                                                                                                                                              0x7ff78ec6a1d0
                                                                                                                                                              0x7ff78ec6a1d5
                                                                                                                                                              0x7ff78ec6a1dc
                                                                                                                                                              0x7ff78ec6a1e5
                                                                                                                                                              0x7ff78ec6a1ed
                                                                                                                                                              0x7ff78ec6a1ef
                                                                                                                                                              0x7ff78ec6a207
                                                                                                                                                              0x7ff78ec6a20e
                                                                                                                                                              0x7ff78ec6a215
                                                                                                                                                              0x7ff78ec6a228
                                                                                                                                                              0x7ff78ec6a22d
                                                                                                                                                              0x7ff78ec6a237
                                                                                                                                                              0x7ff78ec6a239
                                                                                                                                                              0x7ff78ec6a23c
                                                                                                                                                              0x7ff78ec6a248
                                                                                                                                                              0x7ff78ec6a254
                                                                                                                                                              0x7ff78ec6a260
                                                                                                                                                              0x7ff78ec6a262
                                                                                                                                                              0x7ff78ec6a26b
                                                                                                                                                              0x7ff78ec6a274
                                                                                                                                                              0x7ff78ec6a280
                                                                                                                                                              0x7ff78ec6a28c
                                                                                                                                                              0x7ff78ec6a291
                                                                                                                                                              0x7ff78ec6a29e
                                                                                                                                                              0x7ff78ec6a2a3
                                                                                                                                                              0x7ff78ec6a2a6
                                                                                                                                                              0x7ff78ec6a2ab
                                                                                                                                                              0x7ff78ec6a2b3
                                                                                                                                                              0x7ff78ec6a2c1
                                                                                                                                                              0x7ff78ec6a2c6
                                                                                                                                                              0x7ff78ec6a2c8
                                                                                                                                                              0x7ff78ec6a2d1
                                                                                                                                                              0x7ff78ec6a2d6
                                                                                                                                                              0x7ff78ec6a2e3
                                                                                                                                                              0x7ff78ec6a2ea
                                                                                                                                                              0x7ff78ec6a2ec
                                                                                                                                                              0x7ff78ec6a302

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3058843127-0
                                                                                                                                                              • Opcode ID: 7d844228c26b892dd08384abece49a91c4127074a55cbcc0a06edf4476ffb943
                                                                                                                                                              • Instruction ID: 1bccb98eeed0e2245a30b4c90416304caacb068387d0280c778d54d4eeaa75aa
                                                                                                                                                              • Opcode Fuzzy Hash: 7d844228c26b892dd08384abece49a91c4127074a55cbcc0a06edf4476ffb943
                                                                                                                                                              • Instruction Fuzzy Hash: B6313621E4865246EA44BBE6D5113BBE391BF45784FE44039EA4E4B2B3DF3DE804C260
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC78D2C Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF78EC78D2C() {
				void* _t1;
				void* _t9;
				void* _t12;

				_t1 = E00007FF77FF78EC78D60(_t9, _t12); // executed
				if (_t1 == 0) goto 0x8ec78d4e;
				GetCurrentProcess();
				TerminateProcess(??, ??);
				E00007FF77FF78EC78D90(_t12, _t12);
				ExitProcess(??);
			}






                                                                                                                                                              0x7ff78ec78d34
                                                                                                                                                              0x7ff78ec78d3b
                                                                                                                                                              0x7ff78ec78d3d
                                                                                                                                                              0x7ff78ec78d48
                                                                                                                                                              0x7ff78ec78d50
                                                                                                                                                              0x7ff78ec78d57

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                              • Opcode ID: 2739020fbf1cdf8a1f36dbda9851b54ada907a9a0b372ffa0afda25bde580b5b
                                                                                                                                                              • Instruction ID: d0d7d13575edee5431aee149a8fca9b5a73ab0deaa2d30ec245bb9c19437616e
                                                                                                                                                              • Opcode Fuzzy Hash: 2739020fbf1cdf8a1f36dbda9851b54ada907a9a0b372ffa0afda25bde580b5b
                                                                                                                                                              • Instruction Fuzzy Hash: F4D01710F0832A42EA983BB19D451BA92517F68740FA01838CE1F06392CF3CE808C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6E618 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC6E618(intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, long long __r9, long long _a8, long long _a32) {

				_a8 = __rbx;
				_a32 = __r9;
				if (__r8 == 0) goto 0x8ec6e659;
				if (__r9 == 0) goto 0x8ec6e659;
				if (__rcx != 0) goto 0x8ec6e670;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				return 0;
			}



                                                                                                                                                              0x7ff78ec6e618
                                                                                                                                                              0x7ff78ec6e61d
                                                                                                                                                              0x7ff78ec6e63d
                                                                                                                                                              0x7ff78ec6e642
                                                                                                                                                              0x7ff78ec6e647
                                                                                                                                                              0x7ff78ec6e649
                                                                                                                                                              0x7ff78ec6e64e
                                                                                                                                                              0x7ff78ec6e654
                                                                                                                                                              0x7ff78ec6e66f

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 1abd23d9731a738e46e66ab9896834f003bf39cc11752d38f86874051f0145a8
                                                                                                                                                              • Instruction ID: 335ce16c8f688a51c9fddb1417128fd6063d694cdeb340d0360e5da273e3b69f
                                                                                                                                                              • Opcode Fuzzy Hash: 1abd23d9731a738e46e66ab9896834f003bf39cc11752d38f86874051f0145a8
                                                                                                                                                              • Instruction Fuzzy Hash: 5A51D831F0924689FE64BEAAD50067BE641BF44BA4FA4423ADD6C077E5DF3CE501C620
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F7C1D8 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FFC7FFC60F7C1D8(void* __ecx, long long __rbx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed char _t30;
				void* _t45;
				long long _t49;
				void* _t65;
				long _t68;

				_t45 = _t65;
				 *((long long*)(_t45 + 8)) = __rbx;
				 *((long long*)(_t45 + 0x10)) = __rbp;
				 *((long long*)(_t45 + 0x18)) = __rsi;
				 *((long long*)(_t45 + 0x20)) = __rdi;
				r14d = 0;
				_t49 =  *((intOrPtr*)(0x7ffc610509a8)) + 2;
				if (_t49 - 1 > 0) goto 0x60fb5ad8;
				 *0x7FFC610509B8 = 0x81;
				if (0 == 0) goto 0x60f7c2a0;
				if (0 != 0) goto 0x60f7c296;
				GetStdHandle(_t68);
				_t15 = _t49 + 1; // 0x1
				if (_t15 - 1 <= 0) goto 0x60f7c2b3;
				_t30 = GetFileType(??); // executed
				if (_t30 == 0) goto 0x60f7c2b7;
				 *((long long*)(0x7ffc610509a8)) = _t49;
				if ((_t30 & 0x000000ff) != 2) goto 0x60f7c2a7;
				 *0x7FFC610509B8 =  *( *0x7FFC66DBE6E8 + 0x38) | 0x00000040;
				if (1 != 3) goto 0x60f7c1f6;
				return _t30;
			}








                                                                                                                                                              0x7ffc60f7c1d8
                                                                                                                                                              0x7ffc60f7c1db
                                                                                                                                                              0x7ffc60f7c1df
                                                                                                                                                              0x7ffc60f7c1e3
                                                                                                                                                              0x7ffc60f7c1e7
                                                                                                                                                              0x7ffc60f7c1f3
                                                                                                                                                              0x7ffc60f7c217
                                                                                                                                                              0x7ffc60f7c21f
                                                                                                                                                              0x7ffc60f7c225
                                                                                                                                                              0x7ffc60f7c22e
                                                                                                                                                              0x7ffc60f7c233
                                                                                                                                                              0x7ffc60f7c23a
                                                                                                                                                              0x7ffc60f7c243
                                                                                                                                                              0x7ffc60f7c24b
                                                                                                                                                              0x7ffc60f7c250
                                                                                                                                                              0x7ffc60f7c258
                                                                                                                                                              0x7ffc60f7c25d
                                                                                                                                                              0x7ffc60f7c265
                                                                                                                                                              0x7ffc60f7c267
                                                                                                                                                              0x7ffc60f7c275
                                                                                                                                                              0x7ffc60f7c295

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                              • Opcode ID: 733ad6542acdd9d1a6a015db71bc182a6561c2827b4cbdf0c1ce9e5f445129ad
                                                                                                                                                              • Instruction ID: 9650c48a1e1511d21504a329ea6d10f17e307436effb476b3db58d16ffd02d0d
                                                                                                                                                              • Opcode Fuzzy Hash: 733ad6542acdd9d1a6a015db71bc182a6561c2827b4cbdf0c1ce9e5f445129ad
                                                                                                                                                              • Instruction Fuzzy Hash: 5C31D221A1CB6AC1EB608B94A5901782750FB45FA1F65073DDBAE237E1CF3CE451C3A2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7C3BC Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 42%
                                                                                                                                                              			E00007FF77FF78EC7C3BC(void* __ebx, signed int __edx, signed long long __rbx, intOrPtr* __rcx, long long __rbp, intOrPtr* __r8, signed long long _a8, long long _a24, char _a40, char _a5159, signed int _a5160, void* _a5176) {
				char _t31;
				int _t32;
				intOrPtr _t33;
				void* _t37;
				void* _t38;
				void* _t49;
				signed long long _t50;
				char* _t59;
				char* _t60;
				void* _t74;
				void* _t76;
				void* _t81;
				void* _t83;

				_a8 = __rbx;
				_a24 = __rbp;
				E00007FF77FF78EC6A070(0x1450, _t49, _t81, _t83);
				_t50 =  *0x8ec9d000; // 0x5e06c6841c27
				_a5160 = _t50 ^ _t76 - _t49;
				r10d = r10d & 0x0000003f;
				_t74 = __rbp + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0x8ecaca50 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t74 >= 0) goto 0x8ec7c493;
				_t59 =  &_a40;
				if (__r8 - _t74 >= 0) goto 0x8ec7c452;
				_t31 =  *((intOrPtr*)(__r8));
				if (_t31 != 0xa) goto 0x8ec7c440;
				 *((intOrPtr*)(__rcx + 8)) =  *((intOrPtr*)(__rcx + 8)) + 1;
				 *_t59 = 0xd;
				_t60 = _t59 + 1;
				 *_t60 = _t31;
				if (_t60 + 1 -  &_a5159 < 0) goto 0x8ec7c429;
				_a8 = _a8 & 0x00000000;
				_t37 = __ebx;
				r8d = _t37;
				_t32 = WriteFile(??, ??, ??, ??, ??); // executed
				if (_t32 == 0) goto 0x8ec7c48b;
				_t33 = _a24;
				 *((intOrPtr*)(__rcx + 4)) =  *((intOrPtr*)(__rcx + 4)) + _t33;
				if (_t33 - _t37 < 0) goto 0x8ec7c493;
				if (__r8 + 1 - _t74 < 0) goto 0x8ec7c424;
				goto 0x8ec7c493;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E00007FF77FF78EC6A040(_t34, _t38, _a5160 ^ _t76 - _t49);
			}
















                                                                                                                                                              0x7ff78ec7c3bc
                                                                                                                                                              0x7ff78ec7c3c1
                                                                                                                                                              0x7ff78ec7c3cf
                                                                                                                                                              0x7ff78ec7c3d7
                                                                                                                                                              0x7ff78ec7c3e1
                                                                                                                                                              0x7ff78ec7c400
                                                                                                                                                              0x7ff78ec7c404
                                                                                                                                                              0x7ff78ec7c419
                                                                                                                                                              0x7ff78ec7c41c
                                                                                                                                                              0x7ff78ec7c422
                                                                                                                                                              0x7ff78ec7c424
                                                                                                                                                              0x7ff78ec7c42c
                                                                                                                                                              0x7ff78ec7c42e
                                                                                                                                                              0x7ff78ec7c435
                                                                                                                                                              0x7ff78ec7c437
                                                                                                                                                              0x7ff78ec7c43a
                                                                                                                                                              0x7ff78ec7c43d
                                                                                                                                                              0x7ff78ec7c440
                                                                                                                                                              0x7ff78ec7c450
                                                                                                                                                              0x7ff78ec7c452
                                                                                                                                                              0x7ff78ec7c45d
                                                                                                                                                              0x7ff78ec7c464
                                                                                                                                                              0x7ff78ec7c46f
                                                                                                                                                              0x7ff78ec7c477
                                                                                                                                                              0x7ff78ec7c479
                                                                                                                                                              0x7ff78ec7c47d
                                                                                                                                                              0x7ff78ec7c482
                                                                                                                                                              0x7ff78ec7c487
                                                                                                                                                              0x7ff78ec7c489
                                                                                                                                                              0x7ff78ec7c491
                                                                                                                                                              0x7ff78ec7c4bd

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 442123175-0
                                                                                                                                                              • Opcode ID: 7df4bf2901ce8261641793f7a982e379c1487b89a95c23ed348065bb3161110c
                                                                                                                                                              • Instruction ID: a8683e955b7321e944a62698205f6bdd6cb9010b93eb614a27fdac85db3c3499
                                                                                                                                                              • Opcode Fuzzy Hash: 7df4bf2901ce8261641793f7a982e379c1487b89a95c23ed348065bb3161110c
                                                                                                                                                              • Instruction Fuzzy Hash: 0131F732E08A829ADB10AF59E8406B9B7A0FB5C780FA44032DF4E83714DF3CD552C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7BDA0 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF78EC7BDA0(void* __esi, long long __rbx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed char _t53;
				signed int _t54;
				void* _t74;
				long long _t78;
				intOrPtr _t79;
				void* _t96;
				long _t99;

				_t74 = _t96;
				 *((long long*)(_t74 + 8)) = __rbx;
				 *((long long*)(_t74 + 0x10)) = __rbp;
				 *((long long*)(_t74 + 0x18)) = __rsi;
				 *((long long*)(_t74 + 0x20)) = __rdi;
				r14d = 0;
				_t78 =  *((intOrPtr*)(0x7ff78ecaca78)) + 2;
				if (_t78 - 1 <= 0) goto 0x8ec7bdf3;
				 *0x7FF78ECACA88 =  *0x7FF78ECACA88 | 0x00000080;
				goto 0x8ec7be7e;
				 *0x7FF78ECACA88 = 0x81;
				if (0 == 0) goto 0x8ec7be14;
				if (0 == 0) goto 0x8ec7be0d;
				goto 0x8ec7be19;
				goto 0x8ec7be19;
				GetStdHandle(_t99);
				_t21 = _t78 + 1; // 0x1
				if (_t21 - 1 <= 0) goto 0x8ec7be59;
				_t53 = GetFileType(??); // executed
				if (_t53 == 0) goto 0x8ec7be59;
				_t54 = _t53 & 0x000000ff;
				 *((long long*)(0x7ff78ecaca78)) = _t78;
				if (_t54 != 2) goto 0x8ec7be4d;
				 *0x7FF78ECACA88 =  *0x7FF78ECACA88 | 0x00000040;
				goto 0x8ec7be7e;
				if (_t54 != 3) goto 0x8ec7be7e;
				 *0x7FF78ECACA88 =  *0x7FF78ECACA88 | 0x00000008;
				goto 0x8ec7be7e;
				 *0x7FF78ECACA88 =  *0x7FF78ECACA88 | 0x00000040;
				 *((long long*)( *0x7FF794A1A7B8 + 0x28)) = 0xfffffffe;
				_t79 =  *0x8ecac778; // 0x0
				if (_t79 == 0) goto 0x8ec7be7e;
				 *((intOrPtr*)( *((intOrPtr*)(_t99 + _t79)) + 0x18)) = 0xfffffffe;
				if (1 != 3) goto 0x8ec7bdbe;
				return _t54;
			}










                                                                                                                                                              0x7ff78ec7bda0
                                                                                                                                                              0x7ff78ec7bda3
                                                                                                                                                              0x7ff78ec7bda7
                                                                                                                                                              0x7ff78ec7bdab
                                                                                                                                                              0x7ff78ec7bdaf
                                                                                                                                                              0x7ff78ec7bdbb
                                                                                                                                                              0x7ff78ec7bddf
                                                                                                                                                              0x7ff78ec7bde7
                                                                                                                                                              0x7ff78ec7bde9
                                                                                                                                                              0x7ff78ec7bdee
                                                                                                                                                              0x7ff78ec7bdf3
                                                                                                                                                              0x7ff78ec7bdfc
                                                                                                                                                              0x7ff78ec7be01
                                                                                                                                                              0x7ff78ec7be0b
                                                                                                                                                              0x7ff78ec7be12
                                                                                                                                                              0x7ff78ec7be19
                                                                                                                                                              0x7ff78ec7be22
                                                                                                                                                              0x7ff78ec7be2a
                                                                                                                                                              0x7ff78ec7be2f
                                                                                                                                                              0x7ff78ec7be37
                                                                                                                                                              0x7ff78ec7be39
                                                                                                                                                              0x7ff78ec7be3c
                                                                                                                                                              0x7ff78ec7be44
                                                                                                                                                              0x7ff78ec7be46
                                                                                                                                                              0x7ff78ec7be4b
                                                                                                                                                              0x7ff78ec7be50
                                                                                                                                                              0x7ff78ec7be52
                                                                                                                                                              0x7ff78ec7be57
                                                                                                                                                              0x7ff78ec7be59
                                                                                                                                                              0x7ff78ec7be5e
                                                                                                                                                              0x7ff78ec7be67
                                                                                                                                                              0x7ff78ec7be71
                                                                                                                                                              0x7ff78ec7be77
                                                                                                                                                              0x7ff78ec7be87
                                                                                                                                                              0x7ff78ec7bea7

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                              • Opcode ID: 94318e8cf8a7b71dcb4138edf811e4b714f185fee6d3a367285caa89e278a853
                                                                                                                                                              • Instruction ID: d02cac84a75c31793aa34ee659382fb19611964e9138f72c9265c94562b87e7f
                                                                                                                                                              • Opcode Fuzzy Hash: 94318e8cf8a7b71dcb4138edf811e4b714f185fee6d3a367285caa89e278a853
                                                                                                                                                              • Instruction Fuzzy Hash: C431C721E18B4591D7609BA9D980178BA51FB45BF0FB8073ADB6E073E0CF38E461D350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6A0C0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                              			E00007FF77FF78EC6A0C0(void* __eax, void* __ecx, void* __eflags, intOrPtr* __rax) {
				void* __rbx;
				intOrPtr _t5;
				void* _t9;
				void* _t18;
				void* _t26;
				void* _t27;
				void* _t28;
				intOrPtr* _t35;
				void* _t36;
				void* _t37;
				void* _t40;

				_t35 = __rax;
				E00007FF77FF78EC78080(__eax, _t37);
				E00007FF77FF78EC6A8F4();
				_t5 = E00007FF77FF78EC64520(E00007FF77FF78EC755AC(_t37));
				E00007FF77FF78EC78FD0(_t5);
				 *_t35 = _t5;
				if (E00007FF77FF78EC6A678(_t35, _t37) == 0) goto 0x8ec6a16b;
				E00007FF77FF78EC6AB7C(_t36);
				_t9 = E00007FF77FF78EC6A828(E00007FF77FF78EC6A678(_t35, _t37), _t35);
				E00007FF77FF78EC6A8EC();
				if (E00007FF77FF78EC78314(_t9, _t26, _t27, _t28, _t36, E00007FF77FF78EC6ABC0, _t40) != 0) goto 0x8ec6a16b;
				E00007FF77FF78EC6A8FC();
				if (E00007FF77FF78EC6A938(_t10) == 0) goto 0x8ec6a133;
				E00007FF77FF78EC64520(E00007FF77FF78EC62470(E00007FF77FF78EC62470(E00007FF77FF78EC780E8(_t11, 0x7ff78ec64520))));
				E00007FF77FF78EC78F30(_t35, 0x7ff78ec64520);
				if (E00007FF77FF78EC6A910() == 0) goto 0x8ec6a157; // executed
				0x8ec78acc(); // executed
				_t18 = E00007FF77FF78EC64520(_t17);
				0x8ec6aaa8();
				if (_t18 != 0) goto 0x8ec6a16b;
				return _t18;
			}














                                                                                                                                                              0x7ff78ec6a0c0
                                                                                                                                                              0x7ff78ec6a0cb
                                                                                                                                                              0x7ff78ec6a0d0
                                                                                                                                                              0x7ff78ec6a0dc
                                                                                                                                                              0x7ff78ec6a0e3
                                                                                                                                                              0x7ff78ec6a0ed
                                                                                                                                                              0x7ff78ec6a0f6
                                                                                                                                                              0x7ff78ec6a0f8
                                                                                                                                                              0x7ff78ec6a104
                                                                                                                                                              0x7ff78ec6a109
                                                                                                                                                              0x7ff78ec6a117
                                                                                                                                                              0x7ff78ec6a119
                                                                                                                                                              0x7ff78ec6a125
                                                                                                                                                              0x7ff78ec6a13d
                                                                                                                                                              0x7ff78ec6a144
                                                                                                                                                              0x7ff78ec6a150
                                                                                                                                                              0x7ff78ec6a152
                                                                                                                                                              0x7ff78ec6a157
                                                                                                                                                              0x7ff78ec6a15c
                                                                                                                                                              0x7ff78ec6a163
                                                                                                                                                              0x7ff78ec6a16a

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3548387204-0
                                                                                                                                                              • Opcode ID: ac4647f365047c21b947ff21438f1dfebbf13be18e0a439c5f7d00969711d5ce
                                                                                                                                                              • Instruction ID: 0aa28afaec50b47277d5f2303e99237a0841f772432d9d68d10850e41a8830d5
                                                                                                                                                              • Opcode Fuzzy Hash: ac4647f365047c21b947ff21438f1dfebbf13be18e0a439c5f7d00969711d5ce
                                                                                                                                                              • Instruction Fuzzy Hash: 52117761E1D20281FA0472F5D8122BB91913F88344FE5143AEA5D862E3EF3CE841C672
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7A4C8 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                              			E00007FF77FF78EC7A4C8(signed int __ecx, void* __eflags, void* __rax, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				void* __rdi;
				int _t22;
				long _t23;
				void* _t24;
				void* _t39;
				intOrPtr _t51;
				void* _t55;
				void* _t66;

				_a8 = __rbx;
				_a16 = __rsi;
				_t66 = __rdx;
				E00007FF77FF78EC76DDC(_t39, __rax, _t55);
				if (__rax != 0xffffffff) goto 0x8ec7a4ee;
				goto 0x8ec7a548;
				_t51 =  *0x8ecaca50; // 0x26c17d489e0
				if (_t39 != 1) goto 0x8ec7a508;
				if (( *(_t51 + 0xc8) & dil) != 0) goto 0x8ec7a515;
				if (_t39 != 2) goto 0x8ec7a52c;
				if (( *(_t51 + 0x80) & 0x00000001) == 0) goto 0x8ec7a52c;
				E00007FF77FF78EC76DDC(2, _t51, _t55);
				E00007FF77FF78EC76DDC(1, _t51, _t55);
				if (_t51 == _t51) goto 0x8ec7a4ea;
				E00007FF77FF78EC76DDC(_t39, _t51, _t55);
				_t22 = FindCloseChangeNotification(??); // executed
				if (_t22 != 0) goto 0x8ec7a4ea;
				_t23 = GetLastError();
				_t24 = E00007FF77FF78EC76D20(_t39, _t51, _t51, __ecx, _t66);
				 *((char*)( *((intOrPtr*)(0x8ecaca50 + (__ecx >> 6) * 8)) + 0x38 + (__ecx + __ecx * 8) * 8)) = 0;
				if (_t23 == 0) goto 0x8ec7a583;
				E00007FF77FF78EC75DC4(_t24, _t51,  *((intOrPtr*)(0x8ecaca50 + (__ecx >> 6) * 8)), _t66);
				goto 0x8ec7a585;
				return 0;
			}











                                                                                                                                                              0x7ff78ec7a4c8
                                                                                                                                                              0x7ff78ec7a4cd
                                                                                                                                                              0x7ff78ec7a4da
                                                                                                                                                              0x7ff78ec7a4df
                                                                                                                                                              0x7ff78ec7a4e8
                                                                                                                                                              0x7ff78ec7a4ec
                                                                                                                                                              0x7ff78ec7a4ee
                                                                                                                                                              0x7ff78ec7a4fd
                                                                                                                                                              0x7ff78ec7a506
                                                                                                                                                              0x7ff78ec7a50a
                                                                                                                                                              0x7ff78ec7a513
                                                                                                                                                              0x7ff78ec7a515
                                                                                                                                                              0x7ff78ec7a522
                                                                                                                                                              0x7ff78ec7a52a
                                                                                                                                                              0x7ff78ec7a52e
                                                                                                                                                              0x7ff78ec7a536
                                                                                                                                                              0x7ff78ec7a53e
                                                                                                                                                              0x7ff78ec7a540
                                                                                                                                                              0x7ff78ec7a54a
                                                                                                                                                              0x7ff78ec7a56b
                                                                                                                                                              0x7ff78ec7a572
                                                                                                                                                              0x7ff78ec7a579
                                                                                                                                                              0x7ff78ec7a581
                                                                                                                                                              0x7ff78ec7a594

                                                                                                                                                              APIs
                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(?,?,?,00007FF78EC7A345,?,?,00000000,00007FF78EC7A3FA), ref: 00007FF78EC7A536
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF78EC7A345,?,?,00000000,00007FF78EC7A3FA), ref: 00007FF78EC7A540
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1687624791-0
                                                                                                                                                              • Opcode ID: 6df09b5d312745fd4b88d0075a89d3a0a87329057c91ac2151b374d90935292b
                                                                                                                                                              • Instruction ID: ab19a64d108ffa79b9c35c6b1f2a2273bd06a5c7c9929570c6e3dbba217cedcc
                                                                                                                                                              • Opcode Fuzzy Hash: 6df09b5d312745fd4b88d0075a89d3a0a87329057c91ac2151b374d90935292b
                                                                                                                                                              • Instruction Fuzzy Hash: 8A21C611F2C64245FF9477A9D9952B99291BF447A0FA44235D92E473C2DF7CE445C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F6D610 Relevance: 3.0, APIs: 2, Instructions: 50memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FFC60F72DE9,?,?,?,00007FFC60FB3A07,?,?,?,?,00007FFC60F7720A,?,?,?), ref: 00007FFC60F6D658
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 560900ddee2451d5e45c4ff8026677af8ac49b4bffbc877e7323e9acd61db466
                                                                                                                                                              • Instruction ID: b197dc89eb0140c3dbbe035a3f63e586de8c5ba0d722efa58919db7c880602db
                                                                                                                                                              • Opcode Fuzzy Hash: 560900ddee2451d5e45c4ff8026677af8ac49b4bffbc877e7323e9acd61db466
                                                                                                                                                              • Instruction Fuzzy Hash: 6311C120F5C6AEC1FE648B51E9002752390AF84F90F0A9634D90EA77C1DF6DA400CB32
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC81F2C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF78EC81F2C(void* __ebp, signed int __rax, long long __rbx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				signed long long _t26;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				GetEnvironmentStringsW(); // executed
				if (__rax == 0) goto 0x8ec81fb3;
				if ( *__rax == 0) goto 0x8ec81f72;
				_t26 = (__rax | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rax + _t26 * 2)) != 0) goto 0x8ec81f5c;
				if ( *((intOrPtr*)(__rax + _t26 * 2 + 2)) != 0) goto 0x8ec81f58;
				E00007FF77FF78EC7CFA0((__rax + _t26 * 2 + 2 - __rax + 2 >> 1) + (__rax + _t26 * 2 + 2 - __rax + 2 >> 1)); // executed
				if (_t26 == 0) goto 0x8ec81fa0;
				E00007FF77FF78EC6ADF0();
				E00007FF77FF78EC7A2B8(_t26, _t26);
				return FreeEnvironmentStringsW(??);
			}




                                                                                                                                                              0x7ff78ec81f2c
                                                                                                                                                              0x7ff78ec81f31
                                                                                                                                                              0x7ff78ec81f36
                                                                                                                                                              0x7ff78ec81f40
                                                                                                                                                              0x7ff78ec81f4e
                                                                                                                                                              0x7ff78ec81f56
                                                                                                                                                              0x7ff78ec81f5c
                                                                                                                                                              0x7ff78ec81f63
                                                                                                                                                              0x7ff78ec81f70
                                                                                                                                                              0x7ff78ec81f82
                                                                                                                                                              0x7ff78ec81f8d
                                                                                                                                                              0x7ff78ec81f98
                                                                                                                                                              0x7ff78ec81fa2
                                                                                                                                                              0x7ff78ec81fc7

                                                                                                                                                              APIs
                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF78EC7852A,?,?,00000000,00007FF78EC78A1E,?,?,?,?,00007FF78EC808D4,?,?,00000000), ref: 00007FF78EC81F40
                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF78EC7852A,?,?,00000000,00007FF78EC78A1E,?,?,?,?,00007FF78EC808D4,?,?,00000000), ref: 00007FF78EC81FAA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: EnvironmentStrings$Free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3328510275-0
                                                                                                                                                              • Opcode ID: 794bfc679f5407b9fb2d1dfc2e22093687a3b349da12dfd1294f1f3f6014a5cc
                                                                                                                                                              • Instruction ID: 4deaddf376df0d224a1e2e10715264c3e627093c1af04966b703097aeed4863e
                                                                                                                                                              • Opcode Fuzzy Hash: 794bfc679f5407b9fb2d1dfc2e22093687a3b349da12dfd1294f1f3f6014a5cc
                                                                                                                                                              • Instruction Fuzzy Hash: D6016521E1876541EA10BF95A51006AE3A0BF59FE0BE84634EF6E137C9DF3CE842C350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7BABC Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 54%
                                                                                                                                                              			E00007FF77FF78EC7BABC(signed int __ecx, void* __eflags, signed int __rax, long long __rbx, void* __rdx, long long __rsi, long long __rbp, void* __r9, long long _a8, long long _a16, long long _a24) {
				intOrPtr _v24;
				int _t22;
				void* _t24;
				void* _t30;
				void* _t43;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				E00007FF77FF78EC76DDC(_t30, __rax, _t43);
				if (__rax != 0xffffffff) goto 0x8ec7bafa;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 9;
				goto 0x8ec7bb50;
				r9d = r8d;
				_t22 = SetFilePointerEx(??, ??, ??, ??); // executed
				if (_t22 != 0) goto 0x8ec7bb24;
				_t24 = E00007FF77FF78EC75DC4(GetLastError(), __rax | 0xffffffff, __rax | 0xffffffff, __r9);
				goto 0x8ec7baf4;
				if (_v24 == 0xffffffff) goto 0x8ec7baf4;
				 *( *((intOrPtr*)(0x8ecaca50 + (__ecx >> 6) * 8)) + 0x38 + (__ecx + __ecx * 8) * 8) =  *( *((intOrPtr*)(0x8ecaca50 + (__ecx >> 6) * 8)) + 0x38 + (__ecx + __ecx * 8) * 8) & 0x000000fd;
				return _t24;
			}








                                                                                                                                                              0x7ff78ec7babc
                                                                                                                                                              0x7ff78ec7bac1
                                                                                                                                                              0x7ff78ec7bac6
                                                                                                                                                              0x7ff78ec7bade
                                                                                                                                                              0x7ff78ec7bae7
                                                                                                                                                              0x7ff78ec7bae9
                                                                                                                                                              0x7ff78ec7baed
                                                                                                                                                              0x7ff78ec7baf8
                                                                                                                                                              0x7ff78ec7bafa
                                                                                                                                                              0x7ff78ec7bb08
                                                                                                                                                              0x7ff78ec7bb10
                                                                                                                                                              0x7ff78ec7bb1d
                                                                                                                                                              0x7ff78ec7bb22
                                                                                                                                                              0x7ff78ec7bb2d
                                                                                                                                                              0x7ff78ec7bb4b
                                                                                                                                                              0x7ff78ec7bb64

                                                                                                                                                              APIs
                                                                                                                                                              • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF78EC7BA5C,?,?,?,?,00000000,?,?,00007FF78EC7BBB1), ref: 00007FF78EC7BB08
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00007FF78EC7BA5C,?,?,?,?,00000000,?,?,00007FF78EC7BBB1), ref: 00007FF78EC7BB12
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                              • Opcode ID: ddacae6aa89976049064c496390e2f418d38dbd4df1d4b0c029dff0bf2143edf
                                                                                                                                                              • Instruction ID: 6c2d04c909bd96f33cb6800f744c9fbf279e590fa41a293701462e30ea00b8d1
                                                                                                                                                              • Opcode Fuzzy Hash: ddacae6aa89976049064c496390e2f418d38dbd4df1d4b0c029dff0bf2143edf
                                                                                                                                                              • Instruction Fuzzy Hash: 8E110461F08A9185DA10AB6AE9441B9A762FB44BF0FA44331EE7D0B7D8DF7CD010C750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC74784 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC74699), ref: 00007FF78EC747B7
                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC74699), ref: 00007FF78EC747CD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                              • Opcode ID: 40cd053a4a77d0828c45793dd0685d93c9fdf8fa582ea42d2a9a6ce314da643c
                                                                                                                                                              • Instruction ID: 0098cd925bb363da4636ee70440334c553ab12efae4d09afffca78242f84923a
                                                                                                                                                              • Opcode Fuzzy Hash: 40cd053a4a77d0828c45793dd0685d93c9fdf8fa582ea42d2a9a6ce314da643c
                                                                                                                                                              • Instruction Fuzzy Hash: 8D117731E0C75281EB54AB99E85117BF7A0FB85765FA0023AFAAD819E4EF3CD054CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F7C190 Relevance: 2.5, APIs: 2, Instructions: 18COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E00007FFC7FFC60F7C190() {
				void* __rbx;
				void* _t9;
				void* _t10;
				void* _t13;
				void* _t14;
				void* _t15;

				EnterCriticalSection();
				if (E00007FFC7FFC60F7C338(0, _t9, _t10, _t13, _t14) != 0) goto 0x60f7c1bc;
				E00007FFC7FFC60F7C2DC(_t1, _t10, _t13, _t14, _t15); // executed
				E00007FFC7FFC60F7C1D8(0, _t10, _t13, _t14, _t15); // executed
				LeaveCriticalSection(??);
				return 1;
			}









                                                                                                                                                              0x7ffc60f7c19d
                                                                                                                                                              0x7ffc60f7c1ae
                                                                                                                                                              0x7ffc60f7c1b0
                                                                                                                                                              0x7ffc60f7c1b5
                                                                                                                                                              0x7ffc60f7c1c3
                                                                                                                                                              0x7ffc60f7c1d0

                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FFC60F7C19D
                                                                                                                                                                • Part of subcall function 00007FFC60F7C338: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFC60F7C1AC), ref: 00007FFC60F7C364
                                                                                                                                                                • Part of subcall function 00007FFC60F7C338: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFC60F7C1AC), ref: 00007FFC60F7C3B9
                                                                                                                                                              • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FFC60F7C1C3
                                                                                                                                                                • Part of subcall function 00007FFC60F7C2DC: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFC60F7C2FC
                                                                                                                                                                • Part of subcall function 00007FFC60F7C1D8: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FFC60F7C23A
                                                                                                                                                                • Part of subcall function 00007FFC60F7C1D8: GetFileType.KERNEL32 ref: 00007FFC60F7C250
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterLeave$FileHandleInfoStartupType
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2762830733-0
                                                                                                                                                              • Opcode ID: b1958a3d3c80921b11d009da87cb4cb7f0dfb4aa1f732cab79520231d9eeb561
                                                                                                                                                              • Instruction ID: 4e16d821b2e6364d97a48f4daab217498b80b41c189f4d6fc300e8a9ecf3f500
                                                                                                                                                              • Opcode Fuzzy Hash: b1958a3d3c80921b11d009da87cb4cb7f0dfb4aa1f732cab79520231d9eeb561
                                                                                                                                                              • Instruction Fuzzy Hash: 9AE0BF20A9C56EC5FB546BE0AC520B823505F29B13F811439D40EE16929E1CA585C773
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7B828 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 63%
                                                                                                                                                              			E00007FF77FF78EC7B828(void* __ebx, void* __ecx, intOrPtr* __rax, long long __rbx, signed char** __rcx, long long __rdi, long long __rsi, void* __r12, long long _a8, long long _a16, long long _a24) {
				void* _t55;
				signed int _t56;
				signed int _t78;
				signed int _t79;
				intOrPtr* _t96;
				signed char* _t98;
				signed char** _t104;
				signed char** _t118;
				void* _t120;

				_t104 = __rcx;
				_t100 = __rbx;
				_t96 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t118 = __rcx;
				if (__rcx != 0) goto 0x8ec7b85a;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec7b979;
				if (( *(_t104 + 0x14) >> 0x0000000d & 0x00000001) == 0) goto 0x8ec7b979;
				if (( *(_t104 + 0x14) >> 0x0000000c & 0x00000001) != 0) goto 0x8ec7b979;
				if (( *(_t104 + 0x14) >> 0x00000001 & 0x00000001) == 0) goto 0x8ec7b889;
				asm("lock or dword [ecx+0x14], 0x10");
				goto 0x8ec7b979;
				asm("lock or dword [ecx+0x14], 0x1");
				if (( *(_t104 + 0x14) & 0x000004c0) != 0) goto 0x8ec7b89d;
				E00007FF77FF78EC82B10( *(_t104 + 0x14), __rax, __rbx, _t104, _t120);
				 *_t118 = _t118[1];
				_t55 = E00007FF77FF78EC79634(__rax, _t118);
				r8d = _t118[4];
				_t56 = E00007FF77FF78EC7B2C0(_t55, _t100, _t118, _t118[1], _t118[1], __r12); // executed
				_t118[2] = _t56;
				_t19 = _t96 + 1; // 0x1
				if (_t19 - 1 <= 0) goto 0x8ec7b967;
				_t79 = _t78 | 0xffffffff;
				if ((_t118[2] & 0x00000006) != 0) goto 0x8ec7b932;
				if (E00007FF77FF78EC79634(_t96, _t118) == _t79) goto 0x8ec7b91d;
				if (E00007FF77FF78EC79634(_t96, _t118) == 0xfffffffe) goto 0x8ec7b91d;
				E00007FF77FF78EC79634(_t96, _t118);
				E00007FF77FF78EC79634(_t96, _t118);
				goto 0x8ec7b924;
				if (( *0x7FF78EC9D408 & 0x00000082) != 0x82) goto 0x8ec7b932;
				asm("lock or dword [esi+0x14], 0x20");
				if (_t118[4] != 0x200) goto 0x8ec7b956;
				if ((_t118[2] >> 0x00000006 & 0x00000001) == 0) goto 0x8ec7b956;
				if ((_t118[2] >> 0x00000008 & 0x00000001) != 0) goto 0x8ec7b956;
				_t118[4] = 0x1000;
				_t98 =  *_t118;
				_t118[2] =  &(_t118[2][_t79]);
				 *_t118 =  &(_t98[1]);
				goto 0x8ec7b97c;
				asm("sbb eax, eax");
				asm("lock or [esi+0x14], eax");
				_t118[2] = _t118[2] & 0x00000000;
				return  *_t98 & 0x000000ff | 0xffffffff;
			}












                                                                                                                                                              0x7ff78ec7b828
                                                                                                                                                              0x7ff78ec7b828
                                                                                                                                                              0x7ff78ec7b828
                                                                                                                                                              0x7ff78ec7b828
                                                                                                                                                              0x7ff78ec7b82d
                                                                                                                                                              0x7ff78ec7b832
                                                                                                                                                              0x7ff78ec7b83d
                                                                                                                                                              0x7ff78ec7b843
                                                                                                                                                              0x7ff78ec7b845
                                                                                                                                                              0x7ff78ec7b84a
                                                                                                                                                              0x7ff78ec7b850
                                                                                                                                                              0x7ff78ec7b855
                                                                                                                                                              0x7ff78ec7b862
                                                                                                                                                              0x7ff78ec7b870
                                                                                                                                                              0x7ff78ec7b87d
                                                                                                                                                              0x7ff78ec7b87f
                                                                                                                                                              0x7ff78ec7b884
                                                                                                                                                              0x7ff78ec7b889
                                                                                                                                                              0x7ff78ec7b896
                                                                                                                                                              0x7ff78ec7b898
                                                                                                                                                              0x7ff78ec7b8a7
                                                                                                                                                              0x7ff78ec7b8aa
                                                                                                                                                              0x7ff78ec7b8af
                                                                                                                                                              0x7ff78ec7b8b7
                                                                                                                                                              0x7ff78ec7b8bc
                                                                                                                                                              0x7ff78ec7b8bf
                                                                                                                                                              0x7ff78ec7b8c5
                                                                                                                                                              0x7ff78ec7b8ce
                                                                                                                                                              0x7ff78ec7b8d3
                                                                                                                                                              0x7ff78ec7b8df
                                                                                                                                                              0x7ff78ec7b8ec
                                                                                                                                                              0x7ff78ec7b8f1
                                                                                                                                                              0x7ff78ec7b907
                                                                                                                                                              0x7ff78ec7b91b
                                                                                                                                                              0x7ff78ec7b92b
                                                                                                                                                              0x7ff78ec7b92d
                                                                                                                                                              0x7ff78ec7b939
                                                                                                                                                              0x7ff78ec7b943
                                                                                                                                                              0x7ff78ec7b94d
                                                                                                                                                              0x7ff78ec7b94f
                                                                                                                                                              0x7ff78ec7b956
                                                                                                                                                              0x7ff78ec7b959
                                                                                                                                                              0x7ff78ec7b962
                                                                                                                                                              0x7ff78ec7b965
                                                                                                                                                              0x7ff78ec7b969
                                                                                                                                                              0x7ff78ec7b971
                                                                                                                                                              0x7ff78ec7b975
                                                                                                                                                              0x7ff78ec7b993

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 63ab4e1e8db6c1bc725082399a54281613d7e7773f9c08b5e7715932d9632827
                                                                                                                                                              • Instruction ID: 75653d98bd7cae596c2fdb1b0944d38d7894fbb794d4d5c9619856700c75b30d
                                                                                                                                                              • Opcode Fuzzy Hash: 63ab4e1e8db6c1bc725082399a54281613d7e7773f9c08b5e7715932d9632827
                                                                                                                                                              • Instruction Fuzzy Hash: 28419332D1920587EA64AA9DE94027DBBB1FF54B94FA40231D69E877D1CF3CE802C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC662C0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 52%
                                                                                                                                                              			E00007FF77FF78EC662C0(void* __rax, long long __rbx, void* __rcx, long long __rdi, void* __r8) {
				void* _t12;
				void* _t14;
				void* _t27;
				void* _t28;
				void* _t31;
				long long _t33;
				void* _t35;
				void* _t49;
				long long _t52;
				void* _t57;
				long long _t58;
				void* _t60;
				void* _t62;
				void* _t67;
				void* _t68;
				void* _t72;

				_t52 = __rdi;
				_t33 = __rbx;
				_t31 = __rax;
				_t67 = __rcx;
				_t57 = __r8;
				r13d = 0;
				0x8ec73eec();
				_t72 = __rax;
				if (__rax == 0) goto 0x8ec663d3;
				_t1 = _t68 + 2; // 0x2
				r8d = _t1;
				_t12 = E00007FF77FF78EC6EB90(__rax, __rbx, __rcx, __rdi); // executed
				if (_t12 < 0) goto 0x8ec663d3;
				 *((long long*)(_t62 + 0x50)) = _t33;
				E00007FF77FF78EC77DE4(_t31, _t33, _t67, _t52); // executed
				_t34 = _t31;
				if (_t31 - __r8 < 0) goto 0x8ec663ce;
				 *((long long*)(_t62 + 0x58)) = _t58;
				 *((long long*)(_t62 + 0x60)) = _t52;
				_t5 = _t34 - 0x2000; // -8192
				_t60 =  <  ? _t68 : _t5;
				_t35 = _t31 - _t60;
				if (_t35 - __r8 < 0) goto 0x8ec663c4;
				r8d = 0;
				_t14 = E00007FF77FF78EC6EB90(_t31, _t35, _t67, _t52); // executed
				if (_t14 < 0) goto 0x8ec663c4;
				E00007FF77FF78EC6E878(_t60, _t35, _t67); // executed
				_t27 = _t31 - _t35;
				if (_t27 != 0) goto 0x8ec663c4;
				if (_t27 == 0) goto 0x8ec663ab;
				_t6 = _t72 - 1; // -1
				_t28 = E00007FF77FF78EC6B6B0(0x2000, _t6 + _t35 - _t57 + 1, _t49, _t57);
				if (_t28 == 0) goto 0x8ec663bd;
				if (_t28 != 0) goto 0x8ec66390;
				if (_t60 != 0) goto 0x8ec66330;
				goto 0x8ec663c4;
				return E00007FF77FF78EC73ED8(_t16, _t72, _t49, _t57);
			}



















                                                                                                                                                              0x7ff78ec662c0
                                                                                                                                                              0x7ff78ec662c0
                                                                                                                                                              0x7ff78ec662c0
                                                                                                                                                              0x7ff78ec662ce
                                                                                                                                                              0x7ff78ec662d1
                                                                                                                                                              0x7ff78ec662dc
                                                                                                                                                              0x7ff78ec662df
                                                                                                                                                              0x7ff78ec662e4
                                                                                                                                                              0x7ff78ec662ea
                                                                                                                                                              0x7ff78ec662f2
                                                                                                                                                              0x7ff78ec662f2
                                                                                                                                                              0x7ff78ec662f9
                                                                                                                                                              0x7ff78ec66300
                                                                                                                                                              0x7ff78ec66309
                                                                                                                                                              0x7ff78ec6630e
                                                                                                                                                              0x7ff78ec66313
                                                                                                                                                              0x7ff78ec66319
                                                                                                                                                              0x7ff78ec6631f
                                                                                                                                                              0x7ff78ec66324
                                                                                                                                                              0x7ff78ec66337
                                                                                                                                                              0x7ff78ec6633e
                                                                                                                                                              0x7ff78ec66342
                                                                                                                                                              0x7ff78ec66348
                                                                                                                                                              0x7ff78ec6634a
                                                                                                                                                              0x7ff78ec66353
                                                                                                                                                              0x7ff78ec6635a
                                                                                                                                                              0x7ff78ec6636a
                                                                                                                                                              0x7ff78ec6636f
                                                                                                                                                              0x7ff78ec66372
                                                                                                                                                              0x7ff78ec6637b
                                                                                                                                                              0x7ff78ec6637d
                                                                                                                                                              0x7ff78ec6639e
                                                                                                                                                              0x7ff78ec663a0
                                                                                                                                                              0x7ff78ec663a9
                                                                                                                                                              0x7ff78ec663b5
                                                                                                                                                              0x7ff78ec663bb
                                                                                                                                                              0x7ff78ec663eb

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                              • Opcode ID: cd528625e5cfbbbb1e0f4c8b5a314dd16083b7f122c4759ee8ba13f7b370dd42
                                                                                                                                                              • Instruction ID: c2ac2c63f04ff8aff98f24426e6f810352edf90e81a65835298cf6457d096c00
                                                                                                                                                              • Opcode Fuzzy Hash: cd528625e5cfbbbb1e0f4c8b5a314dd16083b7f122c4759ee8ba13f7b370dd42
                                                                                                                                                              • Instruction Fuzzy Hash: 7721A021F0829246FA10BB92E9043BBE651BF45BC8FE85435EE1E077A6DF7CE445C250
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7B2C0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC7B2C0(signed int __ecx, signed int __rbx, void* __rcx, void* __rdx, signed int __rdi, signed int __r12, void* _a16, void* _a24, void* _a32) {
				signed int _t37;
				void* _t44;
				void* _t47;
				signed int* _t52;
				signed int* _t54;
				signed int* _t56;
				signed int* _t66;
				void* _t69;
				void* _t70;
				signed long long _t75;
				signed long long _t81;

				_t52 = _t66;
				_t52[4] = __rbx;
				_t52[6] = __rdi;
				_t52[8] = __r12;
				_t52[2] = __ecx;
				r14d = r8d;
				if (_t44 != 0xfffffffe) goto 0x8ec7b302;
				E00007FF77FF78EC75DE8(_t52);
				 *_t52 =  *_t52 & 0x00000000;
				E00007FF77FF78EC75E08(_t52);
				 *_t52 = 9;
				goto 0x8ec7b3bc;
				if (__ecx < 0) goto 0x8ec7b3a4;
				_t47 = _t44 -  *0x8ecace50; // 0x40
				if (_t47 >= 0) goto 0x8ec7b3a4;
				_t81 = __ecx >> 6;
				_t75 = __ecx + __ecx * 8;
				_t54 =  *((intOrPtr*)(0x8ecaca50 + _t81 * 8));
				if (( *(_t54 + 0x38 + _t75 * 8) & 0x00000001) == 0) goto 0x8ec7b3a4;
				if (r14d - 0x7fffffff <= 0) goto 0x8ec7b358;
				E00007FF77FF78EC75DE8(_t54);
				 *_t54 =  *_t54 & 0x00000000;
				E00007FF77FF78EC75E08(_t54);
				 *_t54 = 0x16;
				goto 0x8ec7b3b7;
				E00007FF77FF78EC76AD0();
				_t56 =  *((intOrPtr*)(0x8ecaca50 + _t81 * 8));
				if (( *(0x8ecaca50 + 0x38 + _t75 * 8) & 0x00000001) != 0) goto 0x8ec7b38a;
				E00007FF77FF78EC75E08(_t56);
				 *0x8ecaca50 = 9;
				E00007FF77FF78EC75DE8(_t56);
				 *0x8ecaca50 =  *0x8ecaca50 & 0x00000000;
				goto 0x8ec7b399;
				r8d = r14d;
				E00007FF77FF78EC7B3DC(_t37 | 0xffffffff, _t44, _t56, 0x8ecaca50, __rdx, _t69, _t70); // executed
				E00007FF77FF78EC76BB8();
				goto 0x8ec7b3bf;
				E00007FF77FF78EC75DE8(_t56);
				 *0x8ecaca50 =  *0x8ecaca50 & 0x00000000;
				E00007FF77FF78EC75E08(_t56);
				 *_t56 = 9;
				return E00007FF77FF78EC7A250() | 0xffffffff;
			}














                                                                                                                                                              0x7ff78ec7b2c0
                                                                                                                                                              0x7ff78ec7b2c3
                                                                                                                                                              0x7ff78ec7b2c7
                                                                                                                                                              0x7ff78ec7b2cb
                                                                                                                                                              0x7ff78ec7b2cf
                                                                                                                                                              0x7ff78ec7b2dc
                                                                                                                                                              0x7ff78ec7b2e8
                                                                                                                                                              0x7ff78ec7b2ea
                                                                                                                                                              0x7ff78ec7b2ef
                                                                                                                                                              0x7ff78ec7b2f2
                                                                                                                                                              0x7ff78ec7b2f7
                                                                                                                                                              0x7ff78ec7b2fd
                                                                                                                                                              0x7ff78ec7b304
                                                                                                                                                              0x7ff78ec7b30a
                                                                                                                                                              0x7ff78ec7b310
                                                                                                                                                              0x7ff78ec7b31c
                                                                                                                                                              0x7ff78ec7b32a
                                                                                                                                                              0x7ff78ec7b32e
                                                                                                                                                              0x7ff78ec7b338
                                                                                                                                                              0x7ff78ec7b341
                                                                                                                                                              0x7ff78ec7b343
                                                                                                                                                              0x7ff78ec7b348
                                                                                                                                                              0x7ff78ec7b34b
                                                                                                                                                              0x7ff78ec7b350
                                                                                                                                                              0x7ff78ec7b356
                                                                                                                                                              0x7ff78ec7b35a
                                                                                                                                                              0x7ff78ec7b369
                                                                                                                                                              0x7ff78ec7b373
                                                                                                                                                              0x7ff78ec7b375
                                                                                                                                                              0x7ff78ec7b37a
                                                                                                                                                              0x7ff78ec7b380
                                                                                                                                                              0x7ff78ec7b385
                                                                                                                                                              0x7ff78ec7b388
                                                                                                                                                              0x7ff78ec7b38a
                                                                                                                                                              0x7ff78ec7b392
                                                                                                                                                              0x7ff78ec7b39b
                                                                                                                                                              0x7ff78ec7b3a2
                                                                                                                                                              0x7ff78ec7b3a4
                                                                                                                                                              0x7ff78ec7b3a9
                                                                                                                                                              0x7ff78ec7b3ac
                                                                                                                                                              0x7ff78ec7b3b1
                                                                                                                                                              0x7ff78ec7b3d8

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: a25ceeaa03c675811f887b09a82d804aee4eb3ed887655725e77025cc3145007
                                                                                                                                                              • Instruction ID: 620b2ce8975b472b8825d2f3840de8ae89722ea7b165380196bbb4bdb7e2bd3f
                                                                                                                                                              • Opcode Fuzzy Hash: a25ceeaa03c675811f887b09a82d804aee4eb3ed887655725e77025cc3145007
                                                                                                                                                              • Instruction Fuzzy Hash: 01311622E1864286F611BB99CD4137DAA52BF94BA5FF10235E91D073D2CF7CA481C731
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC78C5D Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00007FF77FF78EC78C5D(void* __fp0, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r13, long long _a8, char _a16, char _a24, char _a32) {
				long long _v16;
				long long _v24;
				char _v32;
				long long _v40;
				char _v48;
				void* _v56;
				void* _t28;
				char _t34;
				intOrPtr* _t52;
				WCHAR* _t56;
				void* _t59;

				E00007FF77FF78EC79588();
				asm("int3");
				_a24 = r8d;
				_a16 = _t34;
				_v40 = 0xfffffffe;
				_a8 = __rbx;
				if (r8d != 0) goto 0x8ec78cd3;
				GetModuleHandleW(_t56);
				if (__rax == 0) goto 0x8ec78cd3;
				if ( *__rax != 0x5a4d) goto 0x8ec78cd3;
				_t52 =  *((intOrPtr*)(__rax + 0x3c)) + __rax;
				if ( *_t52 != 0x4550) goto 0x8ec78cd3;
				if ( *((intOrPtr*)(_t52 + 0x18)) != 0x20b) goto 0x8ec78cd3;
				if ( *((intOrPtr*)(_t52 + 0x84)) - 0xe <= 0) goto 0x8ec78cd3;
				if ( *((intOrPtr*)(_t52 + 0xf8)) == 0) goto 0x8ec78cd3;
				E00007FF77FF78EC78D90(__rax, _t52);
				_a32 = 0;
				_v32 =  &_a16;
				_v24 =  &_a24;
				_v16 =  &_a32;
				 *((intOrPtr*)(_t59 - 0x2c)) = 2;
				_v48 = 2;
				_t28 = E00007FF77FF78EC78B60( &_a32, __rbx,  &_v48,  &_v32, _t59 - 0x2c);
				if (_a24 == 0) goto 0x8ec78d21;
				return _t28;
			}














                                                                                                                                                              0x7ff78ec78c5d
                                                                                                                                                              0x7ff78ec78c63
                                                                                                                                                              0x7ff78ec78c64
                                                                                                                                                              0x7ff78ec78c69
                                                                                                                                                              0x7ff78ec78c75
                                                                                                                                                              0x7ff78ec78c7d
                                                                                                                                                              0x7ff78ec78c87
                                                                                                                                                              0x7ff78ec78c8b
                                                                                                                                                              0x7ff78ec78c94
                                                                                                                                                              0x7ff78ec78c9e
                                                                                                                                                              0x7ff78ec78ca4
                                                                                                                                                              0x7ff78ec78cad
                                                                                                                                                              0x7ff78ec78cb8
                                                                                                                                                              0x7ff78ec78cc1
                                                                                                                                                              0x7ff78ec78cca
                                                                                                                                                              0x7ff78ec78cce
                                                                                                                                                              0x7ff78ec78cd3
                                                                                                                                                              0x7ff78ec78cdb
                                                                                                                                                              0x7ff78ec78ce3
                                                                                                                                                              0x7ff78ec78ceb
                                                                                                                                                              0x7ff78ec78cf4
                                                                                                                                                              0x7ff78ec78cf7
                                                                                                                                                              0x7ff78ec78d0a
                                                                                                                                                              0x7ff78ec78d14
                                                                                                                                                              0x7ff78ec78d20

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3947729631-0
                                                                                                                                                              • Opcode ID: 0bebaf44e8f762645a494b291c5ca6244a17afd98d0e17bd06afa907fe576d93
                                                                                                                                                              • Instruction ID: 8afe7a434fb043a29e9a1243577c8eac9c26eea47c9ca5f39410581d9de11199
                                                                                                                                                              • Opcode Fuzzy Hash: 0bebaf44e8f762645a494b291c5ca6244a17afd98d0e17bd06afa907fe576d93
                                                                                                                                                              • Instruction Fuzzy Hash: C821B032E05B2689EB64AFB9C8412FE77A0FB44718FA44635D71C06AC5EF78D485C7A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC752D8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 66%
                                                                                                                                                              			E00007FF77FF78EC752D8(void* __ecx, intOrPtr __ebp, long long __rbx, short* __rcx, long long __rdx, long long __rbp, void* __r8, long long __r9, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v48;
				long long _v56;
				void* __rsi;
				void* _t43;
				intOrPtr _t58;
				signed long long _t82;
				intOrPtr _t84;
				intOrPtr _t87;
				long long _t90;
				signed long long _t98;
				void* _t99;
				signed long long _t100;
				short* _t106;
				long long _t107;
				void* _t110;
				signed long long _t112;
				intOrPtr* _t118;
				long long _t126;

				r8d = 0x40;
				goto 0x8ec7520c;
				asm("int3");
				_t82 = _t112;
				 *((long long*)(_t82 + 0x10)) = __rdx;
				_push(_t99);
				 *((long long*)(_t82 - 0x28)) = 0xfffffffe;
				 *((long long*)(_t82 + 0x18)) = __rbx;
				 *((long long*)(_t82 + 0x20)) = __rbp;
				_t90 = __r9;
				_t110 = __r8;
				_t106 = __rcx;
				r14d = 0;
				_t58 = r14d;
				if (__rcx == 0) goto 0x8ec75327;
				if (__r8 != 0) goto 0x8ec75323;
				goto 0x8ec754cd;
				 *((intOrPtr*)(__rcx)) = r14w;
				if (__rdx != 0) goto 0x8ec75359;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				_v48 = __r9;
				_v56 = _t126;
				r9d = 0;
				r8d = 0;
				E00007FF77FF78EC7A180(_t82, __r9, __rcx, __rdx, __rcx, __r8, __r8);
				goto 0x8ec754cd;
				if ( *((intOrPtr*)(__r9 + 0x28)) != r14b) goto 0x8ec7536c;
				_t43 = E00007FF77FF78EC735D0(_t82 | 0xffffffff, __r9, __r9, _t106, _t126);
				_t84 =  *((intOrPtr*)(__r9 + 0x18));
				if ( *((intOrPtr*)(_t84 + 0xc)) != 0xfde9) goto 0x8ec7539f;
				_a8 = _t126;
				_v56 = __r9;
				_t98 =  &_a16;
				E00007FF77FF78EC7F938(_t43, __r9, _t106, _t98, _t106, _t110,  &_a8);
				goto 0x8ec754cd;
				if (_t106 == 0) goto 0x8ec7547e;
				if ( *((intOrPtr*)(_t84 + 0x138)) != _t126) goto 0x8ec753d7;
				if (_t110 == 0) goto 0x8ec753cf;
				 *_t106 =  *(_t99 + _t98) & 0x000000ff;
				if ( *(_t99 + _t98) == r14b) goto 0x8ec753cf;
				_t100 = _t99 + 1;
				_t107 = _t106 + 2;
				if (_t100 - _t110 < 0) goto 0x8ec753b6;
				goto 0x8ec754cd;
				_v48 = __ebp;
				_v56 = _t107;
				r9d = _t58;
				E00007FF77FF78EC7EC04();
				if (_t100 != 0) goto 0x8ec754ca;
				if (GetLastError() == 0x7a) goto 0x8ec75419;
				 *((char*)(_t90 + 0x30)) = 1;
				 *((intOrPtr*)(_t90 + 0x2c)) = 0x2a;
				 *_t107 = r14w;
				goto 0x8ec753cf;
				r9d = __ebp;
				_t118 = _a16;
				if (__ebp == 0) goto 0x8ec75452;
				r9d = r9d - 1;
				if ( *_t118 == r14b) goto 0x8ec75452;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t90 + 0x18)))) + _t98 * 2)) - r14w >= 0) goto 0x8ec7544a;
				if ( *((intOrPtr*)(_t118 + 1)) == r14b) goto 0x8ec75408;
				goto 0x8ec75426;
				r8d = r8d - r10d;
				_t87 =  *((intOrPtr*)(_t90 + 0x18));
				_v48 = __ebp;
				_v56 = _t107;
				r9d = r8d;
				E00007FF77FF78EC7EC04();
				if (_t87 != 0) goto 0x8ec754cd;
				goto 0x8ec75408;
				if ( *((intOrPtr*)(_t87 + 0x138)) != _t126) goto 0x8ec75499;
				if ( *((intOrPtr*)(_t98 + (_t100 | 0xffffffffffffffff) + 1)) != r14b) goto 0x8ec7548b;
				goto 0x8ec753cf;
				_v48 = r14d;
				_v56 = _t126;
				r9d = _t58;
				E00007FF77FF78EC7EC04();
				if (_t87 != 0) goto 0x8ec754ca;
				 *((char*)(_t90 + 0x30)) = 1;
				 *((intOrPtr*)(_t90 + 0x2c)) = 0x2a;
				goto 0x8ec753cf;
				return _t87;
			}





















                                                                                                                                                              0x7ff78ec752d8
                                                                                                                                                              0x7ff78ec752de
                                                                                                                                                              0x7ff78ec752e3
                                                                                                                                                              0x7ff78ec752e4
                                                                                                                                                              0x7ff78ec752e7
                                                                                                                                                              0x7ff78ec752ec
                                                                                                                                                              0x7ff78ec752f3
                                                                                                                                                              0x7ff78ec752fb
                                                                                                                                                              0x7ff78ec752ff
                                                                                                                                                              0x7ff78ec75303
                                                                                                                                                              0x7ff78ec75306
                                                                                                                                                              0x7ff78ec75309
                                                                                                                                                              0x7ff78ec7530c
                                                                                                                                                              0x7ff78ec7530f
                                                                                                                                                              0x7ff78ec75315
                                                                                                                                                              0x7ff78ec7531a
                                                                                                                                                              0x7ff78ec7531e
                                                                                                                                                              0x7ff78ec75323
                                                                                                                                                              0x7ff78ec7532a
                                                                                                                                                              0x7ff78ec7532c
                                                                                                                                                              0x7ff78ec75331
                                                                                                                                                              0x7ff78ec75339
                                                                                                                                                              0x7ff78ec7533e
                                                                                                                                                              0x7ff78ec75343
                                                                                                                                                              0x7ff78ec75346
                                                                                                                                                              0x7ff78ec7534b
                                                                                                                                                              0x7ff78ec75354
                                                                                                                                                              0x7ff78ec7535d
                                                                                                                                                              0x7ff78ec75362
                                                                                                                                                              0x7ff78ec7536c
                                                                                                                                                              0x7ff78ec75379
                                                                                                                                                              0x7ff78ec7537b
                                                                                                                                                              0x7ff78ec75380
                                                                                                                                                              0x7ff78ec7538d
                                                                                                                                                              0x7ff78ec75395
                                                                                                                                                              0x7ff78ec7539a
                                                                                                                                                              0x7ff78ec753a2
                                                                                                                                                              0x7ff78ec753af
                                                                                                                                                              0x7ff78ec753b4
                                                                                                                                                              0x7ff78ec753ba
                                                                                                                                                              0x7ff78ec753c1
                                                                                                                                                              0x7ff78ec753c3
                                                                                                                                                              0x7ff78ec753c6
                                                                                                                                                              0x7ff78ec753cd
                                                                                                                                                              0x7ff78ec753d2
                                                                                                                                                              0x7ff78ec753d7
                                                                                                                                                              0x7ff78ec753db
                                                                                                                                                              0x7ff78ec753e4
                                                                                                                                                              0x7ff78ec753ed
                                                                                                                                                              0x7ff78ec753f7
                                                                                                                                                              0x7ff78ec75406
                                                                                                                                                              0x7ff78ec75408
                                                                                                                                                              0x7ff78ec7540c
                                                                                                                                                              0x7ff78ec75413
                                                                                                                                                              0x7ff78ec75417
                                                                                                                                                              0x7ff78ec75419
                                                                                                                                                              0x7ff78ec75421
                                                                                                                                                              0x7ff78ec75426
                                                                                                                                                              0x7ff78ec75428
                                                                                                                                                              0x7ff78ec7542e
                                                                                                                                                              0x7ff78ec75440
                                                                                                                                                              0x7ff78ec75448
                                                                                                                                                              0x7ff78ec75450
                                                                                                                                                              0x7ff78ec75452
                                                                                                                                                              0x7ff78ec75455
                                                                                                                                                              0x7ff78ec75459
                                                                                                                                                              0x7ff78ec7545d
                                                                                                                                                              0x7ff78ec75462
                                                                                                                                                              0x7ff78ec75470
                                                                                                                                                              0x7ff78ec7547a
                                                                                                                                                              0x7ff78ec7547c
                                                                                                                                                              0x7ff78ec75489
                                                                                                                                                              0x7ff78ec75492
                                                                                                                                                              0x7ff78ec75494
                                                                                                                                                              0x7ff78ec75499
                                                                                                                                                              0x7ff78ec7549e
                                                                                                                                                              0x7ff78ec754a3
                                                                                                                                                              0x7ff78ec754ae
                                                                                                                                                              0x7ff78ec754b8
                                                                                                                                                              0x7ff78ec754ba
                                                                                                                                                              0x7ff78ec754be
                                                                                                                                                              0x7ff78ec754c5
                                                                                                                                                              0x7ff78ec754df

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: e90f8ce5764a470f7ee9635705d620940d88810dc673939d3ef575fbcdedae18
                                                                                                                                                              • Instruction ID: 264bffaa3ac7070ae6641fcf4b4b2d150190ebb5a694112a2902172745d23fd3
                                                                                                                                                              • Opcode Fuzzy Hash: e90f8ce5764a470f7ee9635705d620940d88810dc673939d3ef575fbcdedae18
                                                                                                                                                              • Instruction Fuzzy Hash: 37115E62E1C64181EA60BFD9DC0027DE6A4BF8AB80FE44431EA8C57A86DF3DD840C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC856FC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC856FC(intOrPtr* __rax, long long __rbx, long long _a8, intOrPtr _a40) {

				_a8 = __rbx;
				if (_a40 != 0) goto 0x8ec85731;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				return 0x16;
			}



                                                                                                                                                              0x7ff78ec856fc
                                                                                                                                                              0x7ff78ec85711
                                                                                                                                                              0x7ff78ec85713
                                                                                                                                                              0x7ff78ec8571d
                                                                                                                                                              0x7ff78ec8571f
                                                                                                                                                              0x7ff78ec85730

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: c650bf575fa2f7bb189ae025094c64fb66ae43678ec3bfe28347eb49f4fdf436
                                                                                                                                                              • Instruction ID: 52bde30d70b15e3aaf8a8616ff7535cb95629c8af18bd3c11a9ad7ca5761bf98
                                                                                                                                                              • Opcode Fuzzy Hash: c650bf575fa2f7bb189ae025094c64fb66ae43678ec3bfe28347eb49f4fdf436
                                                                                                                                                              • Instruction Fuzzy Hash: FC21A432E28A4187D761AF58D540379B7A0FB84B94FB48234EA9D476D9DF7DD400CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F77010 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __vcrt_initialize_locks__vcrt_initialize_winapi_thunks
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2444027679-0
                                                                                                                                                              • Opcode ID: a4e42398915c39ccef1db72222a49fe218e8e0b8209f178b9b8fd85da4116076
                                                                                                                                                              • Instruction ID: 4e08aea0149e5a922d316f7119861989d855752a72ea4c3a44e19b240e166a61
                                                                                                                                                              • Opcode Fuzzy Hash: a4e42398915c39ccef1db72222a49fe218e8e0b8209f178b9b8fd85da4116076
                                                                                                                                                              • Instruction Fuzzy Hash: B9118C21F9C76AD2FF618B64A1013B82391EF04BA1F5A4636D56D263C5DF6CE841C632
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6E898 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC6E898(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, long long __r14, void* _a8, void* _a16, void* _a24, void* _a32, intOrPtr _a40) {
				intOrPtr* _t19;
				intOrPtr* _t31;

				_t19 = _t31;
				 *((long long*)(_t19 + 8)) = __rbx;
				 *((long long*)(_t19 + 0x10)) = __rsi;
				 *((long long*)(_t19 + 0x18)) = __rdi;
				 *((long long*)(_t19 + 0x20)) = __r14;
				if (__r8 == 0) goto 0x8ec6e8f1;
				if (__r9 == 0) goto 0x8ec6e8f1;
				if (_a40 != 0) goto 0x8ec6e90e;
				if (__rdx == 0xffffffff) goto 0x8ec6e8e1;
				E00007FF77FF78EC6B7B0();
				E00007FF77FF78EC75E08(_t19);
				 *_t19 = 0x16;
				E00007FF77FF78EC7A250();
				return 0;
			}





                                                                                                                                                              0x7ff78ec6e898
                                                                                                                                                              0x7ff78ec6e89b
                                                                                                                                                              0x7ff78ec6e89f
                                                                                                                                                              0x7ff78ec6e8a3
                                                                                                                                                              0x7ff78ec6e8a7
                                                                                                                                                              0x7ff78ec6e8c0
                                                                                                                                                              0x7ff78ec6e8c5
                                                                                                                                                              0x7ff78ec6e8cf
                                                                                                                                                              0x7ff78ec6e8d5
                                                                                                                                                              0x7ff78ec6e8dc
                                                                                                                                                              0x7ff78ec6e8e1
                                                                                                                                                              0x7ff78ec6e8e6
                                                                                                                                                              0x7ff78ec6e8ec
                                                                                                                                                              0x7ff78ec6e90d

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 7ebeecbcdb1d8057a2822b1a152219fbc768fe8e98c4c3a3d681a8446870843b
                                                                                                                                                              • Instruction ID: 040c8e4d0df4753fb26f9fa9a43831ad62c9745a7c6e4fb38730d4f9508f2a96
                                                                                                                                                              • Opcode Fuzzy Hash: 7ebeecbcdb1d8057a2822b1a152219fbc768fe8e98c4c3a3d681a8446870843b
                                                                                                                                                              • Instruction Fuzzy Hash: B101A121E0875145EA04BFDAD90006AE691BF99FE0FA88636EE5C17BE6DF3CE501C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7E248 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                                              			E00007FF77FF78EC7E248(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x8ec7e267;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x8ec7e2aa;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x8ec7e28e;
				if (E00007FF77FF78EC78F9C(1) == 0) goto 0x8ec7e2aa;
				if (E00007FF77FF78EC82A40(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x8ec7e2aa;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x8ec7e279;
				goto 0x8ec7e2b7;
				E00007FF77FF78EC75E08(_t22);
				 *_t22 = 0xc;
				return 0;
			}





                                                                                                                                                              0x7ff78ec7e248
                                                                                                                                                              0x7ff78ec7e257
                                                                                                                                                              0x7ff78ec7e25b
                                                                                                                                                              0x7ff78ec7e25b
                                                                                                                                                              0x7ff78ec7e265
                                                                                                                                                              0x7ff78ec7e273
                                                                                                                                                              0x7ff78ec7e277
                                                                                                                                                              0x7ff78ec7e280
                                                                                                                                                              0x7ff78ec7e28c
                                                                                                                                                              0x7ff78ec7e29d
                                                                                                                                                              0x7ff78ec7e2a6
                                                                                                                                                              0x7ff78ec7e2a8
                                                                                                                                                              0x7ff78ec7e2aa
                                                                                                                                                              0x7ff78ec7e2af
                                                                                                                                                              0x7ff78ec7e2bc

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF78EC7AD46,?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA), ref: 00007FF78EC7E29D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 0e1c66f5bdb0b3596c655908444cb66e6adca1508c0fe937eac4c5b3f6554faa
                                                                                                                                                              • Instruction ID: 331983316b894fa05db3ed7cb37fe83408365d3a053a841291b64b2db23f7411
                                                                                                                                                              • Opcode Fuzzy Hash: 0e1c66f5bdb0b3596c655908444cb66e6adca1508c0fe937eac4c5b3f6554faa
                                                                                                                                                              • Instruction Fuzzy Hash: D9F01452F0921249FE987AEAD9552B593817F89B80FE84538CD0E86292EF3CE480C230
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7CFA0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                                              			E00007FF77FF78EC7CFA0(void* __rcx) {
				intOrPtr* _t14;

				if (__rcx - 0xffffffe0 > 0) goto 0x8ec7cfeb;
				_t16 =  ==  ? _t14 : __rcx;
				goto 0x8ec7cfd2;
				if (E00007FF77FF78EC78F9C(1) == 0) goto 0x8ec7cfeb;
				if (E00007FF77FF78EC82A40(_t14,  ==  ? _t14 : __rcx) == 0) goto 0x8ec7cfeb;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t14 == 0) goto 0x8ec7cfbd;
				goto 0x8ec7cff8;
				E00007FF77FF78EC75E08(_t14);
				 *_t14 = 0xc;
				return 0;
			}




                                                                                                                                                              0x7ff78ec7cfad
                                                                                                                                                              0x7ff78ec7cfb7
                                                                                                                                                              0x7ff78ec7cfbb
                                                                                                                                                              0x7ff78ec7cfc4
                                                                                                                                                              0x7ff78ec7cfd0
                                                                                                                                                              0x7ff78ec7cfde
                                                                                                                                                              0x7ff78ec7cfe7
                                                                                                                                                              0x7ff78ec7cfe9
                                                                                                                                                              0x7ff78ec7cfeb
                                                                                                                                                              0x7ff78ec7cff0
                                                                                                                                                              0x7ff78ec7cffd

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF78EC77378,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FF78EC7CFDE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 421352df23b8ccfc7cd24c307d24daf565dba5e50752b2c898e853f67429b997
                                                                                                                                                              • Instruction ID: d16db2e65b7b34e5dd18c51ba3450631079a0956ea18ace560a707a11713b333
                                                                                                                                                              • Opcode Fuzzy Hash: 421352df23b8ccfc7cd24c307d24daf565dba5e50752b2c898e853f67429b997
                                                                                                                                                              • Instruction Fuzzy Hash: ADF0F861E0920355FA687AEADD41BB992847F887A0FE80730DD2E862C1DF3CE491C634
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66270 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E00007FF77FF78EC66270(void* __rax, long long __rbx, void* __rcx, long long _a8) {
				void* _t4;
				struct HINSTANCE__* _t6;
				void* _t11;
				void* _t19;
				void* _t21;
				void* _t25;

				_t11 = __rax;
				_a8 = __rbx;
				_t19 = __rcx;
				r8d = 0;
				E00007FF77FF78EC66D10(_t4, __rbx, __rcx, __rcx, _t21, _t25);
				_t2 = _t19 + 8; // 0x8, executed
				r8d = _t2;
				_t6 = LoadLibraryW(??); // executed
				return E00007FF77FF78EC73ED8(_t6, _t11, _t19, _t25);
			}









                                                                                                                                                              0x7ff78ec66270
                                                                                                                                                              0x7ff78ec66270
                                                                                                                                                              0x7ff78ec6627a
                                                                                                                                                              0x7ff78ec6627d
                                                                                                                                                              0x7ff78ec66282
                                                                                                                                                              0x7ff78ec6628f
                                                                                                                                                              0x7ff78ec6628f
                                                                                                                                                              0x7ff78ec66293
                                                                                                                                                              0x7ff78ec662b1

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF78EC66D10: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC66D4A
                                                                                                                                                              • LoadLibraryW.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC66293
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2592636585-0
                                                                                                                                                              • Opcode ID: c9d2a7fb35bf8213c9ac79bfb1050d52de3453434e809e27b9fcf340cfd05fa1
                                                                                                                                                              • Instruction ID: c21ac5a31fe91fdf4eb55753274250d2745f0c34d984c9eb232ef97d052b6e3b
                                                                                                                                                              • Opcode Fuzzy Hash: c9d2a7fb35bf8213c9ac79bfb1050d52de3453434e809e27b9fcf340cfd05fa1
                                                                                                                                                              • Instruction Fuzzy Hash: 18E08612F1415542DA58A7ABE90647AE251FF48BC0BA89035DE1E47755DE3CD4918A00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 00007FF78EC658A0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 59%
                                                                                                                                                              			E00007FF77FF78EC658A0(void* __ecx, void* __fp0, long long __rbx, void* __rcx, void* __rdx, long long __rbp, void* __r8, void* __r9, intOrPtr _a8, long long _a24, long long _a32, void* _a48, char _a56, signed int _a8248) {
				void* __rsi;
				void* _t17;
				void* _t18;
				void* _t26;
				void* _t27;
				void* _t38;
				void* _t39;
				void* _t48;
				void* _t72;
				signed long long _t73;
				signed long long _t74;
				intOrPtr _t123;
				void* _t125;
				void* _t127;
				void* _t132;
				void* _t133;
				void* _t134;
				void* _t136;

				_t132 = __r9;
				_t75 = __rbx;
				_a24 = __rbx;
				_a32 = __rbp;
				E00007FF77FF78EC6A070(0x2060, _t72, _t133, _t134);
				_t73 =  *0x8ec9d000; // 0x5e06c6841c27
				_t74 = _t73 ^ _t127 - _t72;
				_a8248 = _t74;
				_t125 = __rdx;
				_t136 = __rcx;
				if (__rdx == 0) goto 0x8ec6592b;
				E00007FF77FF78EC65AB0(__ecx, "TMP");
				E00007FF77FF78EC655A0(__ecx, __rbx, _t125, _t125, __r8);
				if (_t74 == 0) goto 0x8ec659ff;
				_t17 = E00007FF77FF78EC76598(_t48, _t74, _t74);
				_t18 = E00007FF77FF78EC73ED8(_t17, _t74, _t74, __r8);
				if (_t17 == 0) goto 0x8ec65930;
				E00007FF77FF78EC61C50(_t18, __ecx, __fp0, _t74, "LOADER: Failed to set the TMP environment variable.\n", _t74, __r8, _t132);
				goto 0x8ec65a88;
				_t123 = _a8;
				GetTempPathW(??, ??);
				r9d = GetCurrentProcessId();
				_t131 = L"_MEI%d";
				E00007FF77FF78EC66570(_t74, _t127 - _t72 + 0x28,  &_a56, L"_MEI%d", _t132);
				E00007FF77FF78EC7782C(_t132);
				if (E00007FF77FF78EC669C0(0x1000, __fp0, _t75, _t74, _t123) == 0) goto 0x8ec65a06;
				_t26 = E00007FF77FF78EC73ED8(_t25, _t74, _t127 - _t72 + 0x28, L"_MEI%d");
				if (1 - 5 < 0) goto 0x8ec65960;
				if (_t125 == 0) goto 0x8ec659ff;
				r8d = 0;
				_t27 = E00007FF77FF78EC66D10(_t26, _t75, _t74, "TMP", _t123, L"_MEI%d");
				if (_t123 == 0) goto 0x8ec659e9;
				r8d = 0;
				_t120 = _t74;
				E00007FF77FF78EC66D10(_t27, _t75, _t74, _t123, _t123, L"_MEI%d");
				E00007FF77FF78EC73ED8(E00007FF77FF78EC73ED8(E00007FF77FF78EC73ED8(E00007FF77FF78EC76598(1, _t74, _t74), _t74, _t74, L"_MEI%d"), _t74, _t74, L"_MEI%d"), _t123, _t74, L"_MEI%d");
				goto 0x8ec65a88;
				E00007FF77FF78EC73ED8(SetEnvironmentVariableW(??, ??), _t74, _t74, L"_MEI%d");
				goto 0x8ec65a88;
				r8d = 0x1000;
				_t38 = E00007FF77FF78EC73ED8(E00007FF77FF78EC66E20(0, __fp0, _t74, _t136, _t74, _t123, _t125, _t131), _t74, _t74, _t131);
				if (_t125 == 0) goto 0x8ec65a83;
				r8d = 0;
				_t39 = E00007FF77FF78EC66D10(_t38, _t74, _t74, "TMP", _t123, _t131);
				if (_t123 == 0) goto 0x8ec65a6d;
				r8d = 0;
				E00007FF77FF78EC66D10(_t39, _t74, _t120, _t123, _t123, _t131);
				E00007FF77FF78EC73ED8(E00007FF77FF78EC73ED8(E00007FF77FF78EC76598(1, _t74, _t74), _t74, _t74, _t131), _t74, _t74, _t131);
				goto 0x8ec65a7e;
				E00007FF77FF78EC73ED8(SetEnvironmentVariableW(??, ??), _t74, _t74, _t131);
				return E00007FF77FF78EC6A040(1, 0, _a8248 ^ _t127 - _t72);
			}





















                                                                                                                                                              0x7ff78ec658a0
                                                                                                                                                              0x7ff78ec658a0
                                                                                                                                                              0x7ff78ec658a0
                                                                                                                                                              0x7ff78ec658a5
                                                                                                                                                              0x7ff78ec658b3
                                                                                                                                                              0x7ff78ec658bb
                                                                                                                                                              0x7ff78ec658c2
                                                                                                                                                              0x7ff78ec658c5
                                                                                                                                                              0x7ff78ec658cd
                                                                                                                                                              0x7ff78ec658d0
                                                                                                                                                              0x7ff78ec658d6
                                                                                                                                                              0x7ff78ec658df
                                                                                                                                                              0x7ff78ec658ea
                                                                                                                                                              0x7ff78ec658f5
                                                                                                                                                              0x7ff78ec65905
                                                                                                                                                              0x7ff78ec6590f
                                                                                                                                                              0x7ff78ec65916
                                                                                                                                                              0x7ff78ec6591f
                                                                                                                                                              0x7ff78ec65926
                                                                                                                                                              0x7ff78ec6592b
                                                                                                                                                              0x7ff78ec6593a
                                                                                                                                                              0x7ff78ec65945
                                                                                                                                                              0x7ff78ec65948
                                                                                                                                                              0x7ff78ec65959
                                                                                                                                                              0x7ff78ec6596a
                                                                                                                                                              0x7ff78ec6597c
                                                                                                                                                              0x7ff78ec65985
                                                                                                                                                              0x7ff78ec6598f
                                                                                                                                                              0x7ff78ec65994
                                                                                                                                                              0x7ff78ec65996
                                                                                                                                                              0x7ff78ec659a2
                                                                                                                                                              0x7ff78ec659aa
                                                                                                                                                              0x7ff78ec659ac
                                                                                                                                                              0x7ff78ec659b4
                                                                                                                                                              0x7ff78ec659b7
                                                                                                                                                              0x7ff78ec659dd
                                                                                                                                                              0x7ff78ec659e4
                                                                                                                                                              0x7ff78ec659fa
                                                                                                                                                              0x7ff78ec65a01
                                                                                                                                                              0x7ff78ec65a06
                                                                                                                                                              0x7ff78ec65a1a
                                                                                                                                                              0x7ff78ec65a22
                                                                                                                                                              0x7ff78ec65a24
                                                                                                                                                              0x7ff78ec65a30
                                                                                                                                                              0x7ff78ec65a38
                                                                                                                                                              0x7ff78ec65a3a
                                                                                                                                                              0x7ff78ec65a45
                                                                                                                                                              0x7ff78ec65a63
                                                                                                                                                              0x7ff78ec65a6b
                                                                                                                                                              0x7ff78ec65a7e
                                                                                                                                                              0x7ff78ec65aaf

                                                                                                                                                              APIs
                                                                                                                                                              • GetTempPathW.KERNEL32(?,00000000,?,00007FF78EC6586D), ref: 00007FF78EC6593A
                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00007FF78EC6586D), ref: 00007FF78EC65940
                                                                                                                                                                • Part of subcall function 00007FF78EC65AB0: GetEnvironmentVariableW.KERNEL32(00007FF78EC627F7,?,?,?,?,?,?), ref: 00007FF78EC65AEA
                                                                                                                                                                • Part of subcall function 00007FF78EC65AB0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC65B07
                                                                                                                                                                • Part of subcall function 00007FF78EC76598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC765B1
                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF78EC659F1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                                                                                                              • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                              • API String ID: 1556224225-1116378104
                                                                                                                                                              • Opcode ID: a147c7584c56215db1a33d10bfbc1739bc69d026164dce2e119fdba02b9de6dd
                                                                                                                                                              • Instruction ID: a6489672910f9cb5008ed841670378bd11940e1cbe6aeaec8f82d0bfd05733f7
                                                                                                                                                              • Opcode Fuzzy Hash: a147c7584c56215db1a33d10bfbc1739bc69d026164dce2e119fdba02b9de6dd
                                                                                                                                                              • Instruction Fuzzy Hash: 2E517D11F1965254FA55B7A6E9562BAD2417F49BC0FF44439EC0E477A6EF3CE402C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60883810 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                              • Opcode ID: 4e9a0206b1a27c01ed3733c3d35c275feb3b96ef5b925715df7ca29a338a90a7
                                                                                                                                                              • Instruction ID: 765074e14a2644b7d95c9071c1906408f66537295ca08690121af71ef6074f95
                                                                                                                                                              • Opcode Fuzzy Hash: 4e9a0206b1a27c01ed3733c3d35c275feb3b96ef5b925715df7ca29a338a90a7
                                                                                                                                                              • Instruction Fuzzy Hash: 65313A72649A95C6EB60CF60E8903E97370FB88754F45443ADA4E57B94EF38D94CC720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6A95C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                              • Opcode ID: e8cdbb987c13ff60472e0623c9c4020c60fb11b603f6bd6efae15d4dc6113c05
                                                                                                                                                              • Instruction ID: bfce6bb503155b6e320e9ed0674cbfa9385085883fbb6814a24f70b90606b3d4
                                                                                                                                                              • Opcode Fuzzy Hash: e8cdbb987c13ff60472e0623c9c4020c60fb11b603f6bd6efae15d4dc6113c05
                                                                                                                                                              • Instruction Fuzzy Hash: 7B314372A09B8185EB609FA0E8407EEB365FB84744F94443ADA4D47B95DF3CD548C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC79F80 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E00007FF77FF78EC79F80(void* __ecx, long long __rbx, void* __rcx, void* __rdx, long long __rsi) {
				void* _t36;
				int _t38;
				intOrPtr _t48;
				signed long long _t60;
				long long _t63;
				_Unknown_base(*)()* _t84;
				void* _t88;
				void* _t89;
				void* _t91;
				signed long long _t92;
				struct _EXCEPTION_POINTERS* _t97;

				 *((long long*)(_t91 + 0x10)) = __rbx;
				 *((long long*)(_t91 + 0x18)) = __rsi;
				_t89 = _t91 - 0x4f0;
				_t92 = _t91 - 0x5f0;
				_t60 =  *0x8ec9d000; // 0x5e06c6841c27
				 *(_t89 + 0x4e0) = _t60 ^ _t92;
				if (__ecx == 0xffffffff) goto 0x8ec79fbf;
				E00007FF77FF78EC6A954(_t36);
				r8d = 0x98;
				E00007FF77FF78EC6B7B0();
				r8d = 0x4d0;
				E00007FF77FF78EC6B7B0();
				 *((long long*)(_t92 + 0x48)) = _t92 + 0x70;
				_t63 = _t89 + 0x10;
				 *((long long*)(_t92 + 0x50)) = _t63;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t63 == 0) goto 0x8ec7a052;
				 *(_t92 + 0x38) =  *(_t92 + 0x38) & 0x00000000;
				 *((long long*)(_t92 + 0x30)) = _t92 + 0x58;
				 *((long long*)(_t92 + 0x28)) = _t92 + 0x60;
				 *((long long*)(_t92 + 0x20)) = _t89 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t89 + 0x108)) =  *((intOrPtr*)(_t89 + 0x508));
				 *((intOrPtr*)(_t92 + 0x70)) = _t48;
				 *((long long*)(_t89 + 0xa8)) = _t89 + 0x510;
				 *((long long*)(_t89 - 0x80)) =  *((intOrPtr*)(_t89 + 0x508));
				 *((intOrPtr*)(_t92 + 0x74)) = r8d;
				_t38 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t84, _t88);
				if (UnhandledExceptionFilter(_t97) != 0) goto 0x8ec7a0b4;
				if (_t38 != 0) goto 0x8ec7a0b4;
				if (__ecx == 0xffffffff) goto 0x8ec7a0b4;
				return E00007FF77FF78EC6A040(E00007FF77FF78EC6A954(_t40), __ecx,  *(_t89 + 0x4e0) ^ _t92);
			}














                                                                                                                                                              0x7ff78ec79f80
                                                                                                                                                              0x7ff78ec79f85
                                                                                                                                                              0x7ff78ec79f8e
                                                                                                                                                              0x7ff78ec79f96
                                                                                                                                                              0x7ff78ec79f9d
                                                                                                                                                              0x7ff78ec79fa7
                                                                                                                                                              0x7ff78ec79fb8
                                                                                                                                                              0x7ff78ec79fba
                                                                                                                                                              0x7ff78ec79fc6
                                                                                                                                                              0x7ff78ec79fcc
                                                                                                                                                              0x7ff78ec79fd7
                                                                                                                                                              0x7ff78ec79fdd
                                                                                                                                                              0x7ff78ec79fe7
                                                                                                                                                              0x7ff78ec79ff0
                                                                                                                                                              0x7ff78ec79ff4
                                                                                                                                                              0x7ff78ec79ff9
                                                                                                                                                              0x7ff78ec7a00e
                                                                                                                                                              0x7ff78ec7a011
                                                                                                                                                              0x7ff78ec7a01a
                                                                                                                                                              0x7ff78ec7a01c
                                                                                                                                                              0x7ff78ec7a02f
                                                                                                                                                              0x7ff78ec7a03c
                                                                                                                                                              0x7ff78ec7a045
                                                                                                                                                              0x7ff78ec7a04c
                                                                                                                                                              0x7ff78ec7a059
                                                                                                                                                              0x7ff78ec7a06b
                                                                                                                                                              0x7ff78ec7a06f
                                                                                                                                                              0x7ff78ec7a07d
                                                                                                                                                              0x7ff78ec7a081
                                                                                                                                                              0x7ff78ec7a085
                                                                                                                                                              0x7ff78ec7a08f
                                                                                                                                                              0x7ff78ec7a0a2
                                                                                                                                                              0x7ff78ec7a0a6
                                                                                                                                                              0x7ff78ec7a0ab
                                                                                                                                                              0x7ff78ec7a0da

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                              • Opcode ID: 38c404c70a445b1321690087ba332b2ca65edbc79732dc857bff3aa9857afa8a
                                                                                                                                                              • Instruction ID: d8323b4263796dc5ea02b750ed79c345528e5e2c2e36c7c5ba456bbb23c1d0ff
                                                                                                                                                              • Opcode Fuzzy Hash: 38c404c70a445b1321690087ba332b2ca65edbc79732dc857bff3aa9857afa8a
                                                                                                                                                              • Instruction Fuzzy Hash: 7B317232A18F8186DB60DF65E8402AEB3A4FB88754FA00535EE9D43BA5DF3CD555CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC80D64 Relevance: 7.8, APIs: 5, Instructions: 282COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00007FF77FF78EC80D64(void* __ecx, void* __edx, void* __edi, long long __rbx, intOrPtr* __rcx, void** __rdx) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				void* _t59;
				void* _t68;
				signed int _t70;
				void* _t77;
				signed int _t97;
				void* _t102;
				void* _t112;
				void* _t116;
				signed long long _t143;
				signed long long _t144;
				intOrPtr _t145;
				signed short* _t146;
				intOrPtr* _t148;
				void* _t149;
				intOrPtr* _t157;
				intOrPtr* _t159;
				intOrPtr* _t162;
				long long _t163;
				intOrPtr* _t164;
				intOrPtr* _t167;
				signed short* _t170;
				signed short* _t171;
				signed long long _t183;
				signed long long _t185;
				long long _t189;
				void** _t196;
				signed long long _t205;
				void* _t210;
				intOrPtr* _t214;
				intOrPtr* _t215;
				void* _t217;
				intOrPtr _t223;
				void* _t225;
				void* _t226;
				void* _t228;
				signed long long _t229;
				void* _t231;
				void* _t242;
				signed long long _t243;
				long long _t244;
				void* _t247;
				union _FINDEX_INFO_LEVELS _t252;
				signed short* _t253;
				signed long long _t257;
				intOrPtr* _t258;
				WCHAR* _t261;
				intOrPtr* _t262;
				signed long long _t263;

				_t196 = __rdx;
				_t167 = __rcx;
				 *((long long*)(_t228 + 0x18)) = __rbx;
				_t226 = _t228 - 0x1c0;
				_t229 = _t228 - 0x2c0;
				_t143 =  *0x8ec9d000; // 0x5e06c6841c27
				_t144 = _t143 ^ _t229;
				 *(_t226 + 0x1b8) = _t144;
				r12d = 0;
				 *((long long*)(_t229 + 0x50)) = __rdx;
				_t262 = __rcx;
				if (__rdx != 0) goto 0x8ec80dbc;
				E00007FF77FF78EC75E08(_t144);
				_t5 = _t242 + 0x16; // 0x16
				 *_t144 = _t5;
				E00007FF77FF78EC7A250();
				goto 0x8ec81114;
				asm("xorps xmm0, xmm0");
				 *_t196 = _t242;
				_t145 =  *_t167;
				asm("movdqu [esp+0x30], xmm0");
				 *(_t229 + 0x40) = _t242;
				if (_t145 == 0) goto 0x8ec80fec;
				 *((intOrPtr*)(_t226 + 0x1b0)) = 0x3f002a;
				 *((intOrPtr*)(_t226 + 0x1b4)) = r12w;
				_t59 = E00007FF77FF78EC7EA20(_t5, _t145, _t226 + 0x1b0);
				_t253 =  *_t262;
				if (_t145 != 0) goto 0x8ec80e44;
				r8d = 0;
				_t170 = _t253;
				if (E00007FF77FF78EC81154(_t59, _t102, 0x801, _t170, _t226 + 0x1b0,  *((intOrPtr*)(_t229 + 0x38)), _t231, _t229 + 0x30) != 0) goto 0x8ec80f95;
				goto 0x8ec80f89;
				if (_t145 == _t253) goto 0x8ec80e68;
				_t112 = ( *_t170 & 0x0000ffff) - 0x2f - 0x2d;
				if (_t112 > 0) goto 0x8ec80e5f;
				asm("dec eax");
				if (_t112 < 0) goto 0x8ec80e68;
				_t171 = _t170 - 2;
				if (_t171 != _t253) goto 0x8ec80e49;
				_t97 =  *_t171 & 0x0000ffff;
				if (_t97 != 0x3a) goto 0x8ec80e7a;
				_t146 =  &(_t253[1]);
				if (_t171 != _t146) goto 0x8ec80ec9;
				_t116 = _t97 - 0x2f - 0x2d;
				if (_t116 > 0) goto 0x8ec80e8f;
				asm("dec eax");
				if (_t116 < 0) goto 0x8ec80e92;
				 *((intOrPtr*)(_t229 + 0x28)) = r12d;
				 *(_t229 + 0x20) = _t242;
				asm("dec ebp");
				r9d = 0;
				_t68 = FindFirstFileExW(_t261, _t252, _t247);
				if (_t146 != 0xffffffff) goto 0x8ec80ef5;
				if (E00007FF77FF78EC81154(_t68, _t60, _t146, _t253, _t242,  *((intOrPtr*)(_t229 + 0x38)), _t242, _t229 + 0x30) != 0) goto 0x8ec80fc4;
				goto 0x8ec80f89;
				_t243 =  *((intOrPtr*)(_t229 + 0x38)) -  *((intOrPtr*)(_t229 + 0x30)) >> 3;
				if ( *((short*)(_t226 - 0x74)) != 0x2e) goto 0x8ec80f1d;
				_t70 =  *(_t226 - 0x72) & 0x0000ffff;
				if (_t70 == 0) goto 0x8ec80f3b;
				if (_t70 != 0x2e) goto 0x8ec80f1d;
				if ( *((intOrPtr*)(_t226 - 0x70)) == 0) goto 0x8ec80f3b;
				if (E00007FF77FF78EC81154(_t70, _t69, _t146, _t226 - 0x74, _t253,  *((intOrPtr*)(_t229 + 0x38)) -  *((intOrPtr*)(_t229 + 0x30)) >> 3, _t247 & (_t171 - _t253 >> 0x00000001) + 0x00000001, _t229 + 0x30) != 0) goto 0x8ec80fbb;
				if (FindNextFileW(_t242) != 0) goto 0x8ec80f01;
				_t223 =  *((intOrPtr*)(_t229 + 0x38));
				_t214 =  *((intOrPtr*)(_t229 + 0x30));
				if (_t243 == _t223 - _t214 >> 3) goto 0x8ec80f7d;
				_t33 =  &(_t146[4]); // 0x8
				r8d = _t33;
				E00007FF77FF78EC86760(__ecx, _t146, _t214 + _t243 * 8, (_t223 - _t214 >> 3) - _t243, _t214, _t223, _t226, _t247 & (_t171 - _t253 >> 0x00000001) + 0x00000001, 0x7ff78ec80d50, _t262);
				FindClose(_t210);
				r12d = 0;
				_t263 = _t262 + 8;
				goto 0x8ec80dda;
				_t157 = _t214;
				if (_t214 ==  *((intOrPtr*)(_t229 + 0x38))) goto 0x8ec81067;
				E00007FF77FF78EC7A2B8( *_t263,  *_t157);
				if (_t157 + 8 !=  *((intOrPtr*)(_t229 + 0x38))) goto 0x8ec80fa3;
				goto 0x8ec81067;
				FindClose(_t217);
				_t215 =  *((intOrPtr*)(_t229 + 0x30));
				_t159 = _t215;
				if (_t215 ==  *((intOrPtr*)(_t229 + 0x38))) goto 0x8ec81067;
				_t183 =  *_t159;
				_t77 = E00007FF77FF78EC7A2B8( *_t263, _t183);
				if (_t159 + 8 !=  *((intOrPtr*)(_t229 + 0x38))) goto 0x8ec80fd7;
				goto 0x8ec81067;
				_t205 = _t243;
				 *(_t229 + 0x48) = _t205;
				_t148 = _t215;
				_t257 = (_t223 - _t215 >> 3) + 1;
				if (_t215 == _t223) goto 0x8ec8102e;
				_t185 = (_t183 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *_t148 + _t185 * 2)) != r12w) goto 0x8ec81010;
				_t149 = _t148 + 8;
				if (_t149 != _t223) goto 0x8ec81009;
				 *(_t229 + 0x48) = _t205 + 1 + _t185;
				r8d = 2;
				E00007FF77FF78EC782B4(_t77, _t257, _t205 + 1 + _t185, _t247 & (_t171 - _t253 >> 0x00000001) + 0x00000001);
				if (_t149 != 0) goto 0x8ec81076;
				E00007FF77FF78EC7A2B8(_t149, _t257);
				_t162 = _t215;
				if (_t215 == _t223) goto 0x8ec81064;
				E00007FF77FF78EC7A2B8(_t149,  *_t162);
				_t163 = _t162 + 8;
				if (_t163 != _t223) goto 0x8ec81053;
				E00007FF77FF78EC7A2B8(_t149, _t215);
				goto 0x8ec81114;
				_t189 = _t149 + _t257 * 8;
				_t258 = _t215;
				 *((long long*)(_t226 + 0x1b0)) = _t189;
				_t244 = _t189;
				if (_t215 == _t223) goto 0x8ec810e2;
				if ( *((intOrPtr*)( *_t258 + ((_t263 | 0xffffffff) + 1) * 2)) != 0) goto 0x8ec8109b;
				if (E00007FF77FF78EC80C50(_t5, _t244 - _t189 >> 1, _t163, _t244,  *(_t229 + 0x48) - (_t244 - _t189 >> 1), _t223, _t226,  *_t258, (_t263 | 0xffffffff) + 2, _t225) != 0) goto 0x8ec8113e;
				 *((long long*)(_t258 + _t163 - _t215)) = _t244;
				if (_t258 + 8 != _t223) goto 0x8ec81092;
				 *((long long*)( *((intOrPtr*)(_t229 + 0x50)))) = _t163;
				E00007FF77FF78EC7A2B8( *((intOrPtr*)(_t229 + 0x50)),  *((intOrPtr*)(_t226 + 0x1b0)));
				_t164 = _t215;
				if (_t215 == _t223) goto 0x8ec8110a;
				E00007FF77FF78EC7A2B8( *((intOrPtr*)(_t229 + 0x50)),  *_t164);
				if (_t164 + 8 != _t223) goto 0x8ec810f9;
				E00007FF77FF78EC7A2B8( *((intOrPtr*)(_t229 + 0x50)), _t215);
				return E00007FF77FF78EC6A040(0, 0,  *(_t226 + 0x1b8) ^ _t229);
			}























































                                                                                                                                                              0x7ff78ec80d64
                                                                                                                                                              0x7ff78ec80d64
                                                                                                                                                              0x7ff78ec80d64
                                                                                                                                                              0x7ff78ec80d74
                                                                                                                                                              0x7ff78ec80d7c
                                                                                                                                                              0x7ff78ec80d83
                                                                                                                                                              0x7ff78ec80d8a
                                                                                                                                                              0x7ff78ec80d8d
                                                                                                                                                              0x7ff78ec80d94
                                                                                                                                                              0x7ff78ec80d97
                                                                                                                                                              0x7ff78ec80d9c
                                                                                                                                                              0x7ff78ec80da2
                                                                                                                                                              0x7ff78ec80da4
                                                                                                                                                              0x7ff78ec80da9
                                                                                                                                                              0x7ff78ec80dae
                                                                                                                                                              0x7ff78ec80db0
                                                                                                                                                              0x7ff78ec80db7
                                                                                                                                                              0x7ff78ec80dbc
                                                                                                                                                              0x7ff78ec80dbf
                                                                                                                                                              0x7ff78ec80dc2
                                                                                                                                                              0x7ff78ec80dc5
                                                                                                                                                              0x7ff78ec80dd5
                                                                                                                                                              0x7ff78ec80ddd
                                                                                                                                                              0x7ff78ec80dea
                                                                                                                                                              0x7ff78ec80df7
                                                                                                                                                              0x7ff78ec80e09
                                                                                                                                                              0x7ff78ec80e0e
                                                                                                                                                              0x7ff78ec80e17
                                                                                                                                                              0x7ff78ec80e1e
                                                                                                                                                              0x7ff78ec80e23
                                                                                                                                                              0x7ff78ec80e34
                                                                                                                                                              0x7ff78ec80e3f
                                                                                                                                                              0x7ff78ec80e47
                                                                                                                                                              0x7ff78ec80e50
                                                                                                                                                              0x7ff78ec80e54
                                                                                                                                                              0x7ff78ec80e59
                                                                                                                                                              0x7ff78ec80e5d
                                                                                                                                                              0x7ff78ec80e5f
                                                                                                                                                              0x7ff78ec80e66
                                                                                                                                                              0x7ff78ec80e68
                                                                                                                                                              0x7ff78ec80e6f
                                                                                                                                                              0x7ff78ec80e71
                                                                                                                                                              0x7ff78ec80e78
                                                                                                                                                              0x7ff78ec80e7e
                                                                                                                                                              0x7ff78ec80e82
                                                                                                                                                              0x7ff78ec80e87
                                                                                                                                                              0x7ff78ec80e8d
                                                                                                                                                              0x7ff78ec80e95
                                                                                                                                                              0x7ff78ec80ea5
                                                                                                                                                              0x7ff78ec80eac
                                                                                                                                                              0x7ff78ec80eaf
                                                                                                                                                              0x7ff78ec80eba
                                                                                                                                                              0x7ff78ec80ec7
                                                                                                                                                              0x7ff78ec80ee0
                                                                                                                                                              0x7ff78ec80ef0
                                                                                                                                                              0x7ff78ec80efc
                                                                                                                                                              0x7ff78ec80f06
                                                                                                                                                              0x7ff78ec80f08
                                                                                                                                                              0x7ff78ec80f0f
                                                                                                                                                              0x7ff78ec80f15
                                                                                                                                                              0x7ff78ec80f1b
                                                                                                                                                              0x7ff78ec80f35
                                                                                                                                                              0x7ff78ec80f4b
                                                                                                                                                              0x7ff78ec80f4d
                                                                                                                                                              0x7ff78ec80f52
                                                                                                                                                              0x7ff78ec80f64
                                                                                                                                                              0x7ff78ec80f74
                                                                                                                                                              0x7ff78ec80f74
                                                                                                                                                              0x7ff78ec80f78
                                                                                                                                                              0x7ff78ec80f80
                                                                                                                                                              0x7ff78ec80f86
                                                                                                                                                              0x7ff78ec80f89
                                                                                                                                                              0x7ff78ec80f90
                                                                                                                                                              0x7ff78ec80f95
                                                                                                                                                              0x7ff78ec80f9d
                                                                                                                                                              0x7ff78ec80fa6
                                                                                                                                                              0x7ff78ec80fb4
                                                                                                                                                              0x7ff78ec80fb6
                                                                                                                                                              0x7ff78ec80fbe
                                                                                                                                                              0x7ff78ec80fc4
                                                                                                                                                              0x7ff78ec80fc9
                                                                                                                                                              0x7ff78ec80fd1
                                                                                                                                                              0x7ff78ec80fd7
                                                                                                                                                              0x7ff78ec80fda
                                                                                                                                                              0x7ff78ec80fe8
                                                                                                                                                              0x7ff78ec80fea
                                                                                                                                                              0x7ff78ec80fef
                                                                                                                                                              0x7ff78ec80ff5
                                                                                                                                                              0x7ff78ec80ffe
                                                                                                                                                              0x7ff78ec81001
                                                                                                                                                              0x7ff78ec81007
                                                                                                                                                              0x7ff78ec81010
                                                                                                                                                              0x7ff78ec81018
                                                                                                                                                              0x7ff78ec8101d
                                                                                                                                                              0x7ff78ec81027
                                                                                                                                                              0x7ff78ec81029
                                                                                                                                                              0x7ff78ec8102e
                                                                                                                                                              0x7ff78ec81037
                                                                                                                                                              0x7ff78ec81042
                                                                                                                                                              0x7ff78ec81046
                                                                                                                                                              0x7ff78ec8104b
                                                                                                                                                              0x7ff78ec81051
                                                                                                                                                              0x7ff78ec81056
                                                                                                                                                              0x7ff78ec8105b
                                                                                                                                                              0x7ff78ec81062
                                                                                                                                                              0x7ff78ec8106a
                                                                                                                                                              0x7ff78ec81071
                                                                                                                                                              0x7ff78ec81076
                                                                                                                                                              0x7ff78ec8107a
                                                                                                                                                              0x7ff78ec8107d
                                                                                                                                                              0x7ff78ec81084
                                                                                                                                                              0x7ff78ec8108a
                                                                                                                                                              0x7ff78ec810a3
                                                                                                                                                              0x7ff78ec810c8
                                                                                                                                                              0x7ff78ec810d1
                                                                                                                                                              0x7ff78ec810e0
                                                                                                                                                              0x7ff78ec810e9
                                                                                                                                                              0x7ff78ec810ec
                                                                                                                                                              0x7ff78ec810f1
                                                                                                                                                              0x7ff78ec810f7
                                                                                                                                                              0x7ff78ec810fc
                                                                                                                                                              0x7ff78ec81108
                                                                                                                                                              0x7ff78ec8110d
                                                                                                                                                              0x7ff78ec8113d

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2227656907-0
                                                                                                                                                              • Opcode ID: 0c48b8bdb1da336f58947a95365a87f66a9726a7ed0602d53614e00640e6892e
                                                                                                                                                              • Instruction ID: 17f670cfbbd02f1e7232cb5f2cccb4514b1e543fd2ebc7e93a1560b7c307e4d5
                                                                                                                                                              • Opcode Fuzzy Hash: 0c48b8bdb1da336f58947a95365a87f66a9726a7ed0602d53614e00640e6892e
                                                                                                                                                              • Instruction Fuzzy Hash: 67B1D822F186A241FA60ABA5DA111BAE390FB45BE4FE45135EE5D47BC5DF3CE841C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC82D40 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                              			E00007FF77FF78EC82D40(void* __eax, void* __ebx, signed int __ecx, void* __edi, void* __ebp, signed int* __rcx, unsigned int __rdx, signed int __r9, void* __r10, long long __r13) {
				void* __rbx;
				void* __rsi;
				void* _t133;
				signed int _t149;
				intOrPtr _t163;
				signed int _t165;
				intOrPtr _t166;
				signed int _t182;
				signed int _t193;
				signed int _t194;
				signed int _t217;
				void* _t234;
				signed long long _t245;
				signed int _t248;
				void* _t256;
				signed int* _t260;
				intOrPtr* _t267;
				signed long long _t272;
				signed long long _t274;
				signed long long _t276;
				signed long long _t278;
				signed long long _t283;
				signed long long _t288;
				void* _t290;
				void* _t291;
				void* _t295;
				signed int _t298;
				signed long long _t299;
				signed long long _t307;
				signed long long _t308;
				void* _t316;
				signed long long _t340;

				 *((long long*)(_t290 + 0x10)) = __rdx;
				_push(_t256);
				_push(_t288);
				_push(_t340);
				_t291 = _t290 - 0x230;
				r10d =  *__rcx;
				if (r10d == 0) goto 0x8ec831b5;
				_t163 =  *__rdx;
				 *((intOrPtr*)(_t291 + 0x20)) = _t163;
				if (_t163 == 0) goto 0x8ec831b5;
				r10d = r10d - 1;
				if (_t256 - 1 != 0) goto 0x8ec82e71;
				r12d =  *(__rdx + 4);
				if (r12d != 1) goto 0x8ec82db6;
				_t260 =  &(__rcx[1]);
				 *__rcx = 0;
				r9d = 0;
				 *((intOrPtr*)(_t291 + 0x50)) = 0;
				E00007FF77FF78EC8440C(__ecx, _t256, _t260, __rdx, __rcx, _t291 + 0x54, __r9);
				goto 0x8ec831b7;
				if (r10d != 0) goto 0x8ec82df1;
				_t165 = _t260[1];
				 *_t260 = 0;
				r9d = 0;
				 *((intOrPtr*)(_t291 + 0x50)) = 0;
				E00007FF77FF78EC8440C(__ecx, _t256,  &(_t260[1]), __rdx, __rcx, _t291 + 0x54, __r9);
				_t182 = _t165 % r12d;
				__rcx[1] = _t182;
				bpl = _t182 != 0;
				 *__rcx = 0;
				goto 0x8ec831b7;
				r15d = 0xffffffff;
				if (r10d == r15d) goto 0x8ec82e35;
				asm("o16 nop [eax+eax]");
				r10d = r10d + r15d;
				if (r10d != r15d) goto 0x8ec82e10;
				r9d = 0;
				 *((intOrPtr*)(_t291 + 0x50)) = 0;
				_t295 = _t291 + 0x54;
				 *__rcx = 0;
				_t133 = E00007FF77FF78EC8440C(__ecx, _t256,  &(__rcx[1]), __rdx, __rcx, _t295, __r9);
				__rcx[1] = r14d;
				__rcx[2] = __ecx;
				bpl = __ecx != 0;
				 *__rcx = 1;
				goto 0x8ec831b7;
				if (_t133 - r10d > 0) goto 0x8ec831b5;
				r8d = r10d;
				_t274 = r10d;
				r8d = r8d - _t133;
				r9d = r10d;
				_t283 = r8d;
				if (_t274 - _t283 < 0) goto 0x8ec82ed7;
				_t267 = (__rdx >> 0x20) + 4 + _t274 * 4;
				if ( *((intOrPtr*)(__rdx - _t283 * 4 - __rcx + _t267)) !=  *_t267) goto 0x8ec82ec0;
				r9d = r9d - 1;
				if (_t274 - 1 - _t283 >= 0) goto 0x8ec82ea7;
				goto 0x8ec82ed7;
				_t276 = r9d - r8d;
				_t245 = r9d;
				if ( *((intOrPtr*)(__rdx + 4 + _t276 * 4)) -  *(__rcx + 4 + _t245 * 4) >= 0) goto 0x8ec82eda;
				r8d = r8d + 1;
				_t217 = r8d;
				if (_t217 == 0) goto 0x8ec831b5;
				r9d =  *(__rdx + 4 + _t245 * 4);
				r11d =  *(__rdx + 4 + _t245 * 4);
				asm("inc ecx");
				 *(_t291 + 0x280) = r11d;
				if (_t217 == 0) goto 0x8ec82f21;
				r12d = 0x20;
				r12d = r12d - 0x1f;
				 *(_t291 + 0x270) = r12d;
				if (0x1f - _t256 - 2 == 0) goto 0x8ec82f6d;
				goto 0x8ec82f30;
				 *(_t291 + 0x270) = 0;
				r12d = 0;
				r9d = r11d >> r12d;
				r11d = r11d << 0x20;
				r9d = r9d | r9d << 0x00000020;
				 *(_t291 + 0x280) = r11d;
				if (_t165 - 2 <= 0) goto 0x8ec82f6d;
				r11d = r11d |  *(__rdx + 4 + _t245 * 4) >> r12d;
				 *(_t291 + 0x280) = r11d;
				r14d = _t295 - 1;
				 *(_t291 + 0x38) = _t288;
				if (r14d < 0) goto 0x8ec8317e;
				r15d = 0xffffffff;
				 *((long long*)(_t291 + 0x228)) = __r13;
				r13d = __rdx + _t256;
				 *(_t291 + 0x40) = _t245;
				 *(_t291 + 0x30) = __r9;
				if (r13d - r10d > 0) goto 0x8ec82fad;
				goto 0x8ec82faf;
				 *((intOrPtr*)(_t291 + 0x288)) = 0;
				r11d =  *(__rcx + 4 + _t245 * 4);
				 *(_t291 + 0x28) = _t267 - 4;
				 *((intOrPtr*)(_t291 + 0x2c)) = 0;
				if (0x20 == 0) goto 0x8ec83007;
				r8d = r11d;
				r11d = r11d << 0x20;
				if (r13d - 3 < 0) goto 0x8ec8300c;
				_t149 =  *(__rcx + 4 + ( *(_t291 + 0x28) << 0x20) * 4) >> r12d;
				r11d = r11d | _t149;
				goto 0x8ec8300c;
				_t298 =  *(_t291 + 0x28);
				_t248 = _t298;
				r8d = _t149 % __r9;
				if (_t248 - _t340 <= 0) goto 0x8ec83038;
				_t307 = _t340;
				_t299 = _t298 + 0x1;
				if (_t299 - _t340 > 0) goto 0x8ec83071;
				_t272 = _t299 << 0x00000020 | _t288;
				if (0x1 - _t272 <= 0) goto 0x8ec8306d;
				_t308 = _t307 - 1;
				if (_t299 +  *(_t291 + 0x30) - _t340 <= 0) goto 0x8ec83050;
				_t166 =  *((intOrPtr*)(_t291 + 0x20));
				if (_t308 == 0) goto 0x8ec83150;
				r11d = 0;
				if (_t166 == 0) goto 0x8ec830f3;
				r15d =  *(_t291 + 0x270);
				r8d = r10d;
				_t316 =  >=  ? _t288 + 0x1 >> 0x20 : (_t288 + 0x1 >> 0x20) + 1;
				r11d = r11d + 1;
				 *((intOrPtr*)(__rcx + 4 + _t272 * 4)) = __rcx[0xffffffff00000002] - r8d;
				if (r11d - _t166 < 0) goto 0x8ec830a0;
				 *(_t291 + 0x270) = r15d;
				r15d = 0xffffffff;
				r12d =  *(_t291 + 0x270);
				if (0x1 - _t316 >= 0) goto 0x8ec8314c;
				r10d = 0;
				if (_t166 == 0) goto 0x8ec83149;
				asm("o16 nop [eax+eax]");
				r10d = r10d + 1;
				_t278 =  &(__rcx[0xffffffff00000001]);
				 *(_t278 + 4) = r8d;
				_t234 = r10d - _t166;
				if (_t234 < 0) goto 0x8ec83120;
				r10d = __r13 - 1;
				r13d = r13d - 1;
				r14d = r14d - 1;
				 *(_t291 + 0x38) = ( *(_t291 + 0x38) << 0x20) + 0x1;
				if (_t234 >= 0) goto 0x8ec82fa1;
				_t193 = _t316 + 1;
				if (_t193 -  *__rcx >= 0) goto 0x8ec8319c;
				 *((intOrPtr*)(__rcx + 4 + ((0x1 + _t248) *  *(_t291 + 0x30) * _t307 - _t276) * _t308 * 4)) = 0;
				if (_t193 + 1 -  *__rcx < 0) goto 0x8ec83190;
				 *__rcx = _t193;
				if (_t193 == 0) goto 0x8ec831b0;
				_t194 = _t193 - 1;
				if ( *((intOrPtr*)(__rcx + 4 + _t278 * 4)) != 0) goto 0x8ec831b0;
				 *__rcx = _t194;
				if (_t194 != 0) goto 0x8ec831a2;
				goto 0x8ec831b7;
				return 0;
			}



































                                                                                                                                                              0x7ff78ec82d40
                                                                                                                                                              0x7ff78ec82d45
                                                                                                                                                              0x7ff78ec82d46
                                                                                                                                                              0x7ff78ec82d4d
                                                                                                                                                              0x7ff78ec82d4f
                                                                                                                                                              0x7ff78ec82d56
                                                                                                                                                              0x7ff78ec82d62
                                                                                                                                                              0x7ff78ec82d68
                                                                                                                                                              0x7ff78ec82d6a
                                                                                                                                                              0x7ff78ec82d70
                                                                                                                                                              0x7ff78ec82d76
                                                                                                                                                              0x7ff78ec82d7e
                                                                                                                                                              0x7ff78ec82d84
                                                                                                                                                              0x7ff78ec82d8e
                                                                                                                                                              0x7ff78ec82d98
                                                                                                                                                              0x7ff78ec82d9c
                                                                                                                                                              0x7ff78ec82d9e
                                                                                                                                                              0x7ff78ec82da1
                                                                                                                                                              0x7ff78ec82daa
                                                                                                                                                              0x7ff78ec82db1
                                                                                                                                                              0x7ff78ec82db9
                                                                                                                                                              0x7ff78ec82dbb
                                                                                                                                                              0x7ff78ec82dc3
                                                                                                                                                              0x7ff78ec82dc5
                                                                                                                                                              0x7ff78ec82dcc
                                                                                                                                                              0x7ff78ec82dd5
                                                                                                                                                              0x7ff78ec82dde
                                                                                                                                                              0x7ff78ec82de3
                                                                                                                                                              0x7ff78ec82de6
                                                                                                                                                              0x7ff78ec82dea
                                                                                                                                                              0x7ff78ec82dec
                                                                                                                                                              0x7ff78ec82df1
                                                                                                                                                              0x7ff78ec82e00
                                                                                                                                                              0x7ff78ec82e05
                                                                                                                                                              0x7ff78ec82e1b
                                                                                                                                                              0x7ff78ec82e33
                                                                                                                                                              0x7ff78ec82e35
                                                                                                                                                              0x7ff78ec82e38
                                                                                                                                                              0x7ff78ec82e3c
                                                                                                                                                              0x7ff78ec82e41
                                                                                                                                                              0x7ff78ec82e4c
                                                                                                                                                              0x7ff78ec82e54
                                                                                                                                                              0x7ff78ec82e61
                                                                                                                                                              0x7ff78ec82e64
                                                                                                                                                              0x7ff78ec82e6a
                                                                                                                                                              0x7ff78ec82e6c
                                                                                                                                                              0x7ff78ec82e74
                                                                                                                                                              0x7ff78ec82e7a
                                                                                                                                                              0x7ff78ec82e7d
                                                                                                                                                              0x7ff78ec82e80
                                                                                                                                                              0x7ff78ec82e83
                                                                                                                                                              0x7ff78ec82e86
                                                                                                                                                              0x7ff78ec82e8c
                                                                                                                                                              0x7ff78ec82ea3
                                                                                                                                                              0x7ff78ec82ead
                                                                                                                                                              0x7ff78ec82eaf
                                                                                                                                                              0x7ff78ec82ebc
                                                                                                                                                              0x7ff78ec82ebe
                                                                                                                                                              0x7ff78ec82ec6
                                                                                                                                                              0x7ff78ec82ec9
                                                                                                                                                              0x7ff78ec82ed5
                                                                                                                                                              0x7ff78ec82ed7
                                                                                                                                                              0x7ff78ec82eda
                                                                                                                                                              0x7ff78ec82edd
                                                                                                                                                              0x7ff78ec82ee8
                                                                                                                                                              0x7ff78ec82ef0
                                                                                                                                                              0x7ff78ec82ef5
                                                                                                                                                              0x7ff78ec82ef9
                                                                                                                                                              0x7ff78ec82f01
                                                                                                                                                              0x7ff78ec82f08
                                                                                                                                                              0x7ff78ec82f10
                                                                                                                                                              0x7ff78ec82f13
                                                                                                                                                              0x7ff78ec82f1d
                                                                                                                                                              0x7ff78ec82f1f
                                                                                                                                                              0x7ff78ec82f26
                                                                                                                                                              0x7ff78ec82f2d
                                                                                                                                                              0x7ff78ec82f3f
                                                                                                                                                              0x7ff78ec82f42
                                                                                                                                                              0x7ff78ec82f45
                                                                                                                                                              0x7ff78ec82f48
                                                                                                                                                              0x7ff78ec82f53
                                                                                                                                                              0x7ff78ec82f62
                                                                                                                                                              0x7ff78ec82f65
                                                                                                                                                              0x7ff78ec82f6d
                                                                                                                                                              0x7ff78ec82f71
                                                                                                                                                              0x7ff78ec82f7c
                                                                                                                                                              0x7ff78ec82f85
                                                                                                                                                              0x7ff78ec82f8b
                                                                                                                                                              0x7ff78ec82f93
                                                                                                                                                              0x7ff78ec82f97
                                                                                                                                                              0x7ff78ec82f9c
                                                                                                                                                              0x7ff78ec82fa4
                                                                                                                                                              0x7ff78ec82fab
                                                                                                                                                              0x7ff78ec82faf
                                                                                                                                                              0x7ff78ec82fc2
                                                                                                                                                              0x7ff78ec82fc7
                                                                                                                                                              0x7ff78ec82fcc
                                                                                                                                                              0x7ff78ec82fd2
                                                                                                                                                              0x7ff78ec82fd9
                                                                                                                                                              0x7ff78ec82fec
                                                                                                                                                              0x7ff78ec82ff3
                                                                                                                                                              0x7ff78ec83000
                                                                                                                                                              0x7ff78ec83002
                                                                                                                                                              0x7ff78ec83005
                                                                                                                                                              0x7ff78ec83007
                                                                                                                                                              0x7ff78ec8300e
                                                                                                                                                              0x7ff78ec83014
                                                                                                                                                              0x7ff78ec8301d
                                                                                                                                                              0x7ff78ec8302c
                                                                                                                                                              0x7ff78ec83035
                                                                                                                                                              0x7ff78ec8303b
                                                                                                                                                              0x7ff78ec83057
                                                                                                                                                              0x7ff78ec8305d
                                                                                                                                                              0x7ff78ec8305f
                                                                                                                                                              0x7ff78ec8306b
                                                                                                                                                              0x7ff78ec8306d
                                                                                                                                                              0x7ff78ec83074
                                                                                                                                                              0x7ff78ec8307d
                                                                                                                                                              0x7ff78ec83082
                                                                                                                                                              0x7ff78ec8308c
                                                                                                                                                              0x7ff78ec830b4
                                                                                                                                                              0x7ff78ec830ca
                                                                                                                                                              0x7ff78ec830d1
                                                                                                                                                              0x7ff78ec830d4
                                                                                                                                                              0x7ff78ec830db
                                                                                                                                                              0x7ff78ec830dd
                                                                                                                                                              0x7ff78ec830e5
                                                                                                                                                              0x7ff78ec830eb
                                                                                                                                                              0x7ff78ec830fd
                                                                                                                                                              0x7ff78ec830ff
                                                                                                                                                              0x7ff78ec83104
                                                                                                                                                              0x7ff78ec83115
                                                                                                                                                              0x7ff78ec83124
                                                                                                                                                              0x7ff78ec8312b
                                                                                                                                                              0x7ff78ec8313c
                                                                                                                                                              0x7ff78ec83144
                                                                                                                                                              0x7ff78ec83147
                                                                                                                                                              0x7ff78ec8314c
                                                                                                                                                              0x7ff78ec83155
                                                                                                                                                              0x7ff78ec83167
                                                                                                                                                              0x7ff78ec8316b
                                                                                                                                                              0x7ff78ec83170
                                                                                                                                                              0x7ff78ec8317e
                                                                                                                                                              0x7ff78ec83186
                                                                                                                                                              0x7ff78ec83194
                                                                                                                                                              0x7ff78ec8319a
                                                                                                                                                              0x7ff78ec8319c
                                                                                                                                                              0x7ff78ec831a0
                                                                                                                                                              0x7ff78ec831a2
                                                                                                                                                              0x7ff78ec831a8
                                                                                                                                                              0x7ff78ec831aa
                                                                                                                                                              0x7ff78ec831ae
                                                                                                                                                              0x7ff78ec831b3
                                                                                                                                                              0x7ff78ec831c8

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1502251526-3916222277
                                                                                                                                                              • Opcode ID: cde1b8b2f6d1160984fe15dbaba42dea7d5925037cfa26e03551a8a86da9f649
                                                                                                                                                              • Instruction ID: f60bbfca0e8452560c1bd1166d638861c3d7caaaf45cd0dfd9dc483363cc3c27
                                                                                                                                                              • Opcode Fuzzy Hash: cde1b8b2f6d1160984fe15dbaba42dea7d5925037cfa26e03551a8a86da9f649
                                                                                                                                                              • Instruction Fuzzy Hash: BDC11972F1829687D724DF99E248A6AF791F788B84F949135DF4A43B84DB3CE805CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F7D5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,00007FFC60F61679), ref: 00007FFC60F7D65F
                                                                                                                                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,00007FFC60F61679), ref: 00007FFC60FB5F8C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressInfoLocaleProc
                                                                                                                                                              • String ID: GetLocaleInfoEx$IsValidLocaleName
                                                                                                                                                              • API String ID: 2353564440-3594675595
                                                                                                                                                              • Opcode ID: 3d67c95f89377f80dc67d7afe21c7dc6fd59030b2bd6784bef41434d6fe2efc1
                                                                                                                                                              • Instruction ID: 8d4719da1551843eb8f5b0bf5e5d5b04da6fe6e811c253473e45bdbab00d9d34
                                                                                                                                                              • Opcode Fuzzy Hash: 3d67c95f89377f80dc67d7afe21c7dc6fd59030b2bd6784bef41434d6fe2efc1
                                                                                                                                                              • Instruction Fuzzy Hash: 6131EB21B4CA2AC2FB048B56B8005B563A0AF88FE5F494435DD1D67398EE3CE801C361
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60FCD2F0 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00007FFC60F61718), ref: 00007FFC60FCD31C
                                                                                                                                                              • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,00000000,?,00007FFC60F61718), ref: 00007FFC60FCD355
                                                                                                                                                              • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00007FFC60F61718), ref: 00007FFC60FCD376
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$EnterEnumLeaveLocalesSystem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2886288447-0
                                                                                                                                                              • Opcode ID: 38c71085e82ae7786b4cb33ebf5ae7edfef5d039e048a421b31bd6e5d3cf52f9
                                                                                                                                                              • Instruction ID: fd2a57cda08d23d7bb61a6d4baac0eb589e995a4f88520e04c32375fccc715bc
                                                                                                                                                              • Opcode Fuzzy Hash: 38c71085e82ae7786b4cb33ebf5ae7edfef5d039e048a421b31bd6e5d3cf52f9
                                                                                                                                                              • Instruction Fuzzy Hash: 6E113532A08A5AC2EF00CF19F8901A97325FB98F8AF845132DA4E83368DF3CD655C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60FCF3D4 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFC60F72900: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFC60FD2861), ref: 00007FFC60F7290A
                                                                                                                                                                • Part of subcall function 00007FFC60F72900: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFC60FD2861), ref: 00007FFC60F72950
                                                                                                                                                              • GetPrimaryLen.LIBCMT ref: 00007FFC60FCF43D
                                                                                                                                                              • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,00000040,00007FFC60FCFBF3,?,?,?,00000000,?,00000092,?,?,?,00007FFC60FB2084), ref: 00007FFC60FCF452
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$EnumLocalesPrimarySystem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1794546269-0
                                                                                                                                                              • Opcode ID: 673be9be1899655fd0f1502e737552d3ef5fc48f47595e0e578b0b5e2ad3a46a
                                                                                                                                                              • Instruction ID: d7d734d77b425bdc16f8ec450f5ebada16f6795070cd39662142ecca81e61129
                                                                                                                                                              • Opcode Fuzzy Hash: 673be9be1899655fd0f1502e737552d3ef5fc48f47595e0e578b0b5e2ad3a46a
                                                                                                                                                              • Instruction Fuzzy Hash: 98113663A8C688C7EB84CF25E4411AE77A1EB80BE0F158235D71D473D4DE38D585C712
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60FCF36C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFC60F72900: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFC60FD2861), ref: 00007FFC60F7290A
                                                                                                                                                                • Part of subcall function 00007FFC60F72900: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFC60FD2861), ref: 00007FFC60F72950
                                                                                                                                                              • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,00000002,00007FFC60FCFC17,?,?,?,00000000,?,00000092,?,?,?,00007FFC60FB2084), ref: 00007FFC60FCF3B3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                                              • Opcode ID: 42fa82f3de2ab80ec0cd7c09b23062035a529d418322d0db4325bc66b7f1d5e7
                                                                                                                                                              • Instruction ID: c06b6b15ffea8bb03b718fa3e56dfc4c0ce28e78e937f52482c1aa60d277da28
                                                                                                                                                              • Opcode Fuzzy Hash: 42fa82f3de2ab80ec0cd7c09b23062035a529d418322d0db4325bc66b7f1d5e7
                                                                                                                                                              • Instruction Fuzzy Hash: 8AF0B462A4C79982EB505B65E4413A9A7A1EB40BF0F058231D63C833D5CE7CC584C202
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC62F00 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 44%
                                                                                                                                                              			E00007FF77FF78EC62F00(void* __ebx, void* __ecx, long long __rax, struct HINSTANCE__* __rbx, void* __rcx, void* __rdx, void* __rdi, void* _a8) {
				void* _t24;
				void* _t25;

				GetProcAddress(__rbx);
				 *0x8ec9dca8 = __rax;
				if (__rax != 0) goto 0x8ec62f4b;
				E00007FF77FF78EC61CB0("GetProcAddress", "Failed to get address for Py_DontWriteBytecodeFlag\n", _t24, _t25);
				return 0xffffffff;
			}





                                                                                                                                                              0x7ff78ec62f16
                                                                                                                                                              0x7ff78ec62f1c
                                                                                                                                                              0x7ff78ec62f26
                                                                                                                                                              0x7ff78ec62f36
                                                                                                                                                              0x7ff78ec62f4a

                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62F16
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62F55
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62F7A
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62F9F
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62FC7
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC62FEF
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC63017
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC6303F
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF78EC622BE,?,?,?,?), ref: 00007FF78EC63067
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                              • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                              • API String ID: 190572456-3109299426
                                                                                                                                                              • Opcode ID: 6dac1c92e6f7fbc275b6c3ad7bc64d4d5fe1c3f7fabe1334cf705fcdd83ef4fe
                                                                                                                                                              • Instruction ID: d4fadd5457441769856bb77ccc97dc0262a33a176bb1dec9532fd24c45baa731
                                                                                                                                                              • Opcode Fuzzy Hash: 6dac1c92e6f7fbc275b6c3ad7bc64d4d5fe1c3f7fabe1334cf705fcdd83ef4fe
                                                                                                                                                              • Instruction Fuzzy Hash: 6442B164E0EB2791EA99BB88FA501B5E7A1BF45781FF45139C80E06369FF7CE504D220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC64710 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                                              			E00007FF77FF78EC64710(long long __rax, void* __rcx) {
				void* __rbx;
				void* _t6;
				void* _t9;
				void* _t12;
				long long _t13;
				void* _t14;
				void* _t24;
				void* _t25;

				_t13 = __rax;
				_t14 = __rcx;
				E00007FF77FF78EC66270(__rax, __rcx, __rcx + 0x10);
				 *((long long*)(_t14 + 0x4048)) = _t13;
				_t6 = E00007FF77FF78EC66270(_t13, _t14, _t14 + 0x1010);
				 *((long long*)(_t14 + 0x4050)) = _t13;
				if ( *((intOrPtr*)(_t14 + 0x4048)) == 0) goto 0x8ec6475a;
				if (_t13 == 0) goto 0x8ec6475a;
				goto 0x8ec65090;
				E00007FF77FF78EC61C50(_t6, _t9, _t12, _t13, "LOADER: Failed to load tcl/tk libraries\n", _t13, _t24, _t25);
				return 0xffffffff;
			}











                                                                                                                                                              0x7ff78ec64710
                                                                                                                                                              0x7ff78ec64716
                                                                                                                                                              0x7ff78ec6471d
                                                                                                                                                              0x7ff78ec64729
                                                                                                                                                              0x7ff78ec64730
                                                                                                                                                              0x7ff78ec6473c
                                                                                                                                                              0x7ff78ec64746
                                                                                                                                                              0x7ff78ec6474b
                                                                                                                                                              0x7ff78ec64755
                                                                                                                                                              0x7ff78ec64761
                                                                                                                                                              0x7ff78ec64770

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                              • API String ID: 2238633743-1453502826
                                                                                                                                                              • Opcode ID: a506fdc0660a5dbade20c8d274f5fa4c47ad64839dd502c133d8d3548082650f
                                                                                                                                                              • Instruction ID: f929e91842bc1ee89ba81835d57226143d70d80135a2e38d87825ba6f7948a64
                                                                                                                                                              • Opcode Fuzzy Hash: a506fdc0660a5dbade20c8d274f5fa4c47ad64839dd502c133d8d3548082650f
                                                                                                                                                              • Instruction Fuzzy Hash: AFE1D3A0E0DB13A0EE58EB85F950679A3A1BF05781FF46939C81E06364EF7CE548D321
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60FA51E8 Relevance: 82.7, APIs: 44, Strings: 3, Instructions: 459COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Name::operator+Name::operator+=$Decorator::getName$Name::Name::operator=$Name::doPchar$DimensionSigned$DataDecoratedEncodingStringSymbolType
                                                                                                                                                              • String ID: `anonymous namespace'$`string'$operator
                                                                                                                                                              • API String ID: 2020783597-815891235
                                                                                                                                                              • Opcode ID: d2ab21432e8f2a8809b115bdb0fd4948e43d635353f358b1e98a5d3f26d501a5
                                                                                                                                                              • Instruction ID: 0091eb37beabd05801e95bbb4c9caa80348c5a0f622216011e32b803f310adc9
                                                                                                                                                              • Opcode Fuzzy Hash: d2ab21432e8f2a8809b115bdb0fd4948e43d635353f358b1e98a5d3f26d501a5
                                                                                                                                                              • Instruction Fuzzy Hash: F2226E61E5CA7AD8EB14DB68D8522FD3771BB04B88F564032DA0E27799DF2CE445C322
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60FA3240 Relevance: 73.8, APIs: 17, Strings: 25, Instructions: 277COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Name::operator=$Name::operator+Name::operator+=$Decorator::getNameName::Type$DataName::doPchar
                                                                                                                                                              • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $bool$char$char16_t$char32_t$const$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
                                                                                                                                                              • API String ID: 1480303775-3737837666
                                                                                                                                                              • Opcode ID: 98600e0f02437c323d5596bfd4853c04388376c0f65e739e1899551412cd3cea
                                                                                                                                                              • Instruction ID: 3ca07625238b41585379d8fb56b3d79031c460f2ba82a1028b6e6aa858d6a6a7
                                                                                                                                                              • Opcode Fuzzy Hash: 98600e0f02437c323d5596bfd4853c04388376c0f65e739e1899551412cd3cea
                                                                                                                                                              • Instruction Fuzzy Hash: B9D14975E5CA7AD9FB20DB58D8822BC23A0BB04B94F964532E90D66794DF3CE544C322
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60881EAC Relevance: 73.7, APIs: 12, Strings: 30, Instructions: 226COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                              			E00007FFC7FFC60881EAC(void* __eax, long long __rax, long long __rbx, void* __rcx, long long __rsi, long long _a8, long long _a16) {
				void* _t49;
				void* _t91;
				long long _t163;
				void* _t168;

				_t163 = __rsi;
				_a8 = __rbx;
				_a16 = __rsi;
				_t91 = __rcx;
				__imp__PyModule_GetState();
				__imp__PyTuple_New();
				 *((long long*)(__rax + 0x18)) = __rax;
				if (__rax == 0) goto 0x60882280;
				r8d = 0;
				__imp__PyModule_AddIntConstant();
				if (__eax < 0) goto 0x60882280;
				r8d = 1;
				__imp__PyModule_AddIntConstant();
				if (__eax < 0) goto 0x60882280;
				r8d = 2;
				__imp__PyModule_AddIntConstant();
				if (__eax < 0) goto 0x60882280;
				r8d = 3;
				__imp__PyModule_AddIntConstant();
				if (__eax < 0) goto 0x60882280;
				r8d = 0;
				if (E00007FFC7FFC60882288(__eax, __rax, __rcx, __rcx, "CHECK_NONE", __rsi, _t168) < 0) goto 0x60882280;
				r8d = 1;
				if (E00007FFC7FFC60882288(_t26, __rax, _t91, _t91, "CHECK_CRC32", _t163, _t168) < 0) goto 0x60882280;
				r8d = 4;
				if (E00007FFC7FFC60882288(_t27, __rax, _t91, _t91, "CHECK_CRC64", _t163, _t168) < 0) goto 0x60882280;
				_t4 = _t163 + 6; // 0xa
				r8d = _t4;
				if (E00007FFC7FFC60882288(_t28, __rax, _t91, _t91, "CHECK_SHA256", _t163, _t168) < 0) goto 0x60882280;
				_t5 = _t163 + 0xb; // 0xf
				r8d = _t5;
				if (E00007FFC7FFC60882288(_t29, __rax, _t91, _t91, "CHECK_ID_MAX", _t163, _t168) < 0) goto 0x60882280;
				_t6 = _t163 + 0xc; // 0x10
				r8d = _t6;
				if (E00007FFC7FFC60882288(_t30, __rax, _t91, _t91, "CHECK_UNKNOWN", _t163, _t168) < 0) goto 0x60882280;
				if (E00007FFC7FFC60882288(_t31, __rax, _t91, _t91, "FILTER_LZMA1", _t163, 0x1) < 0) goto 0x60882280;
				_t7 = _t163 + 0x1d; // 0x21
				r8d = _t7;
				if (E00007FFC7FFC60882288(_t32, __rax, _t91, _t91, "FILTER_LZMA2", _t163, 0x1) < 0) goto 0x60882280;
				_t8 = _t163 - 1; // 0x3
				r8d = _t8;
				if (E00007FFC7FFC60882288(_t33, __rax, _t91, _t91, "FILTER_DELTA", _t163, 0x1) < 0) goto 0x60882280;
				r8d = 4;
				if (E00007FFC7FFC60882288(_t34, __rax, _t91, _t91, "FILTER_X86", _t163, 0x1) < 0) goto 0x60882280;
				_t9 = _t163 + 2; // 0x6
				r8d = _t9;
				if (E00007FFC7FFC60882288(_t35, __rax, _t91, _t91, "FILTER_IA64", _t163, 0x1) < 0) goto 0x60882280;
				_t10 = _t163 + 3; // 0x7
				r8d = _t10;
				if (E00007FFC7FFC60882288(_t36, __rax, _t91, _t91, "FILTER_ARM", _t163, 0x1) < 0) goto 0x60882280;
				_t11 = _t163 + 4; // 0x8
				r8d = _t11;
				if (E00007FFC7FFC60882288(_t37, __rax, _t91, _t91, "FILTER_ARMTHUMB", _t163, 0x1) < 0) goto 0x60882280;
				_t12 = _t163 + 5; // 0x9
				r8d = _t12;
				if (E00007FFC7FFC60882288(_t38, __rax, _t91, _t91, "FILTER_SPARC", _t163, 0x1) < 0) goto 0x60882280;
				_t13 = _t163 + 1; // 0x5
				r8d = _t13;
				if (E00007FFC7FFC60882288(_t39, __rax, _t91, _t91, "FILTER_POWERPC", _t163, 0x1) < 0) goto 0x60882280;
				_t14 = _t163 - 1; // 0x3
				r8d = _t14;
				if (E00007FFC7FFC60882288(_t40, __rax, _t91, _t91, "MF_HC3", _t163, 0x1) < 0) goto 0x60882280;
				r8d = 4;
				if (E00007FFC7FFC60882288(_t41, __rax, _t91, _t91, "MF_HC4", _t163, 0x1) < 0) goto 0x60882280;
				_t15 = _t163 + 0xe; // 0x12
				r8d = _t15;
				if (E00007FFC7FFC60882288(_t42, __rax, _t91, _t91, "MF_BT2", _t163, 0x1) < 0) goto 0x60882280;
				_t16 = _t163 + 0xf; // 0x13
				r8d = _t16;
				if (E00007FFC7FFC60882288(_t43, __rax, _t91, _t91, "MF_BT3", _t163, 0x1) < 0) goto 0x60882280;
				_t17 = _t163 + 0x10; // 0x14
				r8d = _t17;
				if (E00007FFC7FFC60882288(_t44, __rax, _t91, _t91, "MF_BT4", _t163, 0x1) < 0) goto 0x60882280;
				_t18 = _t163 - 3; // 0x1
				r8d = _t18;
				if (E00007FFC7FFC60882288(_t45, __rax, _t91, _t91, "MODE_FAST", _t163, 0x1) < 0) goto 0x60882280;
				_t19 = _t163 - 2; // 0x2
				r8d = _t19;
				if (E00007FFC7FFC60882288(_t46, __rax, _t91, _t91, "MODE_NORMAL", _t163, 0x1) < 0) goto 0x60882280;
				_t20 = _t163 + 2; // 0x6
				r8d = _t20;
				if (E00007FFC7FFC60882288(_t47, __rax, _t91, _t91, "PRESET_DEFAULT", _t163, 0x1) < 0) goto 0x60882280;
				r8d = 0x80000000;
				_t49 = E00007FFC7FFC60882288(_t48, __rax, _t91, _t91, "PRESET_EXTREME", _t163, 0x1);
				if (_t49 < 0) goto 0x60882280;
				r9d = 0;
				r8d = 0;
				__imp__PyErr_NewExceptionWithDoc();
				 *((long long*)(__rax + 0x10)) = __rax;
				if (__rax == 0) goto 0x60882280;
				__imp__PyModule_AddType();
				if (_t49 < 0) goto 0x60882280;
				r8d = 0;
				__imp__PyType_FromModuleAndSpec();
				 *((long long*)(__rax)) = __rax;
				if (__rax == 0) goto 0x60882280;
				__imp__PyModule_AddType();
				if (_t49 < 0) goto 0x60882280;
				r8d = 0;
				__imp__PyType_FromModuleAndSpec();
				 *((long long*)(__rax + 8)) = __rax;
				if (__rax == 0) goto 0x60882280;
				__imp__PyModule_AddType();
				if (_t49 < 0) goto 0x60882280;
				return 0;
			}







                                                                                                                                                              0x7ffc60881eac
                                                                                                                                                              0x7ffc60881eac
                                                                                                                                                              0x7ffc60881eb1
                                                                                                                                                              0x7ffc60881ebb
                                                                                                                                                              0x7ffc60881ebe
                                                                                                                                                              0x7ffc60881ec9
                                                                                                                                                              0x7ffc60881ecf
                                                                                                                                                              0x7ffc60881ed6
                                                                                                                                                              0x7ffc60881edc
                                                                                                                                                              0x7ffc60881ee9
                                                                                                                                                              0x7ffc60881ef1
                                                                                                                                                              0x7ffc60881ef7
                                                                                                                                                              0x7ffc60881f07
                                                                                                                                                              0x7ffc60881f0f
                                                                                                                                                              0x7ffc60881f15
                                                                                                                                                              0x7ffc60881f25
                                                                                                                                                              0x7ffc60881f2d
                                                                                                                                                              0x7ffc60881f33
                                                                                                                                                              0x7ffc60881f43
                                                                                                                                                              0x7ffc60881f4b
                                                                                                                                                              0x7ffc60881f51
                                                                                                                                                              0x7ffc60881f65
                                                                                                                                                              0x7ffc60881f6b
                                                                                                                                                              0x7ffc60881f82
                                                                                                                                                              0x7ffc60881f94
                                                                                                                                                              0x7ffc60881fa1
                                                                                                                                                              0x7ffc60881fa7
                                                                                                                                                              0x7ffc60881fa7
                                                                                                                                                              0x7ffc60881fbc
                                                                                                                                                              0x7ffc60881fc2
                                                                                                                                                              0x7ffc60881fc2
                                                                                                                                                              0x7ffc60881fd7
                                                                                                                                                              0x7ffc60881fdd
                                                                                                                                                              0x7ffc60881fdd
                                                                                                                                                              0x7ffc60881ff2
                                                                                                                                                              0x7ffc60882013
                                                                                                                                                              0x7ffc60882019
                                                                                                                                                              0x7ffc60882019
                                                                                                                                                              0x7ffc6088202e
                                                                                                                                                              0x7ffc60882034
                                                                                                                                                              0x7ffc60882034
                                                                                                                                                              0x7ffc60882049
                                                                                                                                                              0x7ffc6088204f
                                                                                                                                                              0x7ffc60882063
                                                                                                                                                              0x7ffc60882069
                                                                                                                                                              0x7ffc60882069
                                                                                                                                                              0x7ffc6088207e
                                                                                                                                                              0x7ffc60882084
                                                                                                                                                              0x7ffc60882084
                                                                                                                                                              0x7ffc60882099
                                                                                                                                                              0x7ffc6088209f
                                                                                                                                                              0x7ffc6088209f
                                                                                                                                                              0x7ffc608820b4
                                                                                                                                                              0x7ffc608820ba
                                                                                                                                                              0x7ffc608820ba
                                                                                                                                                              0x7ffc608820cf
                                                                                                                                                              0x7ffc608820d5
                                                                                                                                                              0x7ffc608820d5
                                                                                                                                                              0x7ffc608820ea
                                                                                                                                                              0x7ffc608820f0
                                                                                                                                                              0x7ffc608820f0
                                                                                                                                                              0x7ffc60882105
                                                                                                                                                              0x7ffc6088210b
                                                                                                                                                              0x7ffc6088211f
                                                                                                                                                              0x7ffc60882125
                                                                                                                                                              0x7ffc60882125
                                                                                                                                                              0x7ffc6088213a
                                                                                                                                                              0x7ffc60882140
                                                                                                                                                              0x7ffc60882140
                                                                                                                                                              0x7ffc60882155
                                                                                                                                                              0x7ffc6088215b
                                                                                                                                                              0x7ffc6088215b
                                                                                                                                                              0x7ffc60882170
                                                                                                                                                              0x7ffc60882176
                                                                                                                                                              0x7ffc60882176
                                                                                                                                                              0x7ffc6088218b
                                                                                                                                                              0x7ffc60882191
                                                                                                                                                              0x7ffc60882191
                                                                                                                                                              0x7ffc608821a6
                                                                                                                                                              0x7ffc608821ac
                                                                                                                                                              0x7ffc608821ac
                                                                                                                                                              0x7ffc608821c1
                                                                                                                                                              0x7ffc608821c7
                                                                                                                                                              0x7ffc608821d7
                                                                                                                                                              0x7ffc608821de
                                                                                                                                                              0x7ffc608821e4
                                                                                                                                                              0x7ffc608821ee
                                                                                                                                                              0x7ffc608821f8
                                                                                                                                                              0x7ffc608821fe
                                                                                                                                                              0x7ffc60882205
                                                                                                                                                              0x7ffc6088220d
                                                                                                                                                              0x7ffc60882215
                                                                                                                                                              0x7ffc60882217
                                                                                                                                                              0x7ffc60882224
                                                                                                                                                              0x7ffc6088222a
                                                                                                                                                              0x7ffc60882230
                                                                                                                                                              0x7ffc60882238
                                                                                                                                                              0x7ffc60882240
                                                                                                                                                              0x7ffc60882242
                                                                                                                                                              0x7ffc6088224f
                                                                                                                                                              0x7ffc60882255
                                                                                                                                                              0x7ffc6088225c
                                                                                                                                                              0x7ffc60882264
                                                                                                                                                              0x7ffc6088226c
                                                                                                                                                              0x7ffc6088227f

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Module_$Constant$FromType$LongModuleSpecType_$Err_ExceptionLong_ObjectStateTuple_With
                                                                                                                                                              • String ID: CHECK_CRC32$CHECK_CRC64$CHECK_ID_MAX$CHECK_NONE$CHECK_SHA256$CHECK_UNKNOWN$Call to liblzma failed.$FILTER_ARM$FILTER_ARMTHUMB$FILTER_DELTA$FILTER_IA64$FILTER_LZMA1$FILTER_LZMA2$FILTER_POWERPC$FILTER_SPARC$FILTER_X86$FORMAT_ALONE$FORMAT_AUTO$FORMAT_RAW$FORMAT_XZ$MF_BT2$MF_BT3$MF_BT4$MF_HC3$MF_HC4$MODE_FAST$MODE_NORMAL$PRESET_DEFAULT$PRESET_EXTREME$_lzma.LZMAError
                                                                                                                                                              • API String ID: 2322464913-730042774
                                                                                                                                                              • Opcode ID: d365bd065ab635c53d2411b2fa237f4c011e66e9facd91ba7a2fd8e0288cb910
                                                                                                                                                              • Instruction ID: 4e2a0e84fd213461dad81b627a6fe6e87d5e4837c75a313b98037724cbbdecb5
                                                                                                                                                              • Opcode Fuzzy Hash: d365bd065ab635c53d2411b2fa237f4c011e66e9facd91ba7a2fd8e0288cb910
                                                                                                                                                              • Instruction Fuzzy Hash: C0A12824B9C63BD2F764DB16A8406A5A2A4BF0C7D0F465835CD0EA6751EF2DFA0CC630
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC608771E0 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 153threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DeallocErr_LongStringThread_free_lock$Bytes_FromLong_ModuleOccurredSizeStateThread_allocate_lockType_Unsigned
                                                                                                                                                              • String ID: Cannot specify filters except with FORMAT_RAW$Cannot specify memory limit with FORMAT_RAW$Invalid container format: %d$Must specify filters for FORMAT_RAW$Unable to allocate lock
                                                                                                                                                              • API String ID: 3070611864-1518367256
                                                                                                                                                              • Opcode ID: 51368267032950d55521bf35b159776a005c1b1852f9f425708bc844070c5f76
                                                                                                                                                              • Instruction ID: 5f74b71d0c1ab14917c86c7748bd19f6deba97e67ccbfd9bee51e7a0686cc59d
                                                                                                                                                              • Opcode Fuzzy Hash: 51368267032950d55521bf35b159776a005c1b1852f9f425708bc844070c5f76
                                                                                                                                                              • Instruction Fuzzy Hash: E2617C21B8DA6AC1EA68DB21984437C73A4FB4CB51F564235DA2E637A4CF3CE45CD320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC6087FDF8 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 110COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_$Mem_$FreeLongString$Arg_CallocClearDeallocExceptionFormatItemKeywords_Long_Mapping_MatchesMemoryOccurredParseSizeTupleUnsigned
                                                                                                                                                              • String ID: Invalid compression preset: %u$Invalid filter specifier for LZMA filter$preset$|OOO&O&O&O&O&O&O&O&
                                                                                                                                                              • API String ID: 1065449411-1461672608
                                                                                                                                                              • Opcode ID: 4cfdeb9d0e811f0481400c5001d4690ee1d84d1bd0cc0db5b8ac4e577bb883fa
                                                                                                                                                              • Instruction ID: e87d0de0b348d569e26cda9f701ce14763584438edac495177fed4f3e32596e5
                                                                                                                                                              • Opcode Fuzzy Hash: 4cfdeb9d0e811f0481400c5001d4690ee1d84d1bd0cc0db5b8ac4e577bb883fa
                                                                                                                                                              • Instruction Fuzzy Hash: 6E512A3668CB5AC1EA20CB21F4402A973B4FB8DB81F564135DA8E53B69DF3CE448C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60878020 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 114COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Arg_Buffer_$ArgumentBufferContiguousErr_IndexKeywordsLong_Number_Object_OccurredReleaseSsize_tUnpackmemset
                                                                                                                                                              • String ID: argument 'data'$contiguous buffer$decompress
                                                                                                                                                              • API String ID: 883004049-2667845042
                                                                                                                                                              • Opcode ID: d62527b0329cc0ab8f16b637fd3c8ff5632662a19e81221d702f979f350b5dcc
                                                                                                                                                              • Instruction ID: d2a403163ee50e1f38b5a8b8956cd92c3374b256692a066895ecb4e98f09bd3d
                                                                                                                                                              • Opcode Fuzzy Hash: d62527b0329cc0ab8f16b637fd3c8ff5632662a19e81221d702f979f350b5dcc
                                                                                                                                                              • Instruction Fuzzy Hash: 24415D22A9CB6AC2EA10CB12E84476963A4FB4DB95F464131DD5D237A8DF7CE44DC720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66B50 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 16%
                                                                                                                                                              			E00007FF77FF78EC66B50(void* __ecx, void* __fp0, int __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8) {
				int _t30;
				void* _t37;
				int _t50;
				int _t60;
				char* _t85;
				void* _t90;
				long long _t92;
				void* _t93;
				void* _t95;
				void* _t96;
				void* _t104;
				int _t105;
				void* _t106;
				int _t108;

				_t60 = __rax;
				 *((long long*)(_t95 + 8)) = __rbx;
				 *((long long*)(_t95 + 0x10)) = _t92;
				 *((long long*)(_t95 + 0x18)) = __rsi;
				_t96 = _t95 - 0x40;
				r15d = 0;
				_t106 = __r8;
				_t93 = __rdx;
				 *(_t96 + 0x28) = r15d;
				_t90 = __rcx;
				 *(_t96 + 0x20) = _t108;
				_t99 = __rdx;
				_t6 = _t108 - 1; // -1
				r9d = _t6;
				if (MultiByteToWideChar(_t108, _t105, _t85) != 0) goto 0x8ec66bb3;
				E00007FF77FF78EC61CB0("MultiByteToWideChar", "Failed to get wchar_t buffer size.\n", __rdx, _t104);
				goto 0x8ec66cef;
				0x8ec73ed0();
				_t64 = _t60;
				if (_t60 != 0) goto 0x8ec66be3;
				E00007FF77FF78EC61CB0("win32_utils_from_utf8", "Out of memory.\n", _t99, _t104);
				goto 0x8ec66cef;
				 *(_t96 + 0x28) = _t50;
				r9d = 0xffffffff;
				 *(_t96 + 0x20) = _t60;
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0x8ec66c20;
				E00007FF77FF78EC61CB0("MultiByteToWideChar", "Failed to decode wchar_t from UTF-8\n", _t93, _t104);
				goto 0x8ec66cef;
				 *(_t96 + 0x38) = _t108;
				r9d = 0xffffffff;
				 *(_t96 + 0x30) = _t108;
				 *(_t96 + 0x28) = r15d;
				 *(_t96 + 0x20) = _t108;
				_t30 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				if (_t30 != 0) goto 0x8ec66c56;
				goto 0x8ec66cac;
				0x8ec73ed0();
				_t87 = _t60;
				if (_t60 != 0) goto 0x8ec66c7b;
				goto 0x8ec66cb3;
				 *(_t96 + 0x38) = _t108;
				r9d = 0xffffffff;
				 *(_t96 + 0x30) = _t108;
				 *(_t96 + 0x28) = _t30;
				 *(_t96 + 0x20) = _t60;
				if (WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??) != 0) goto 0x8ec66cc4;
				E00007FF77FF78EC73ED8(E00007FF77FF78EC61CB0("WideCharToMultiByte", "Failed to encode filename as ANSI.\n", _t60, _t104), _t64, "Failed to encode filename as ANSI.\n", _t64);
				goto 0x8ec66cef;
				E00007FF77FF78EC73ED8(0, _t64, "Failed to encode filename as ANSI.\n", _t64);
				if (_t90 == 0) goto 0x8ec66cec;
				_t37 = E00007FF77FF78EC73ED8(E00007FF77FF78EC75BD0(0, _t90, _t90, _t60, _t106), _t60, _t87, _t106);
				goto 0x8ec66cef;
				return _t37;
			}

















                                                                                                                                                              0x7ff78ec66b50
                                                                                                                                                              0x7ff78ec66b50
                                                                                                                                                              0x7ff78ec66b55
                                                                                                                                                              0x7ff78ec66b5a
                                                                                                                                                              0x7ff78ec66b64
                                                                                                                                                              0x7ff78ec66b68
                                                                                                                                                              0x7ff78ec66b6b
                                                                                                                                                              0x7ff78ec66b6e
                                                                                                                                                              0x7ff78ec66b71
                                                                                                                                                              0x7ff78ec66b76
                                                                                                                                                              0x7ff78ec66b79
                                                                                                                                                              0x7ff78ec66b7e
                                                                                                                                                              0x7ff78ec66b86
                                                                                                                                                              0x7ff78ec66b86
                                                                                                                                                              0x7ff78ec66b97
                                                                                                                                                              0x7ff78ec66ba7
                                                                                                                                                              0x7ff78ec66bae
                                                                                                                                                              0x7ff78ec66bbc
                                                                                                                                                              0x7ff78ec66bc1
                                                                                                                                                              0x7ff78ec66bc7
                                                                                                                                                              0x7ff78ec66bd7
                                                                                                                                                              0x7ff78ec66bde
                                                                                                                                                              0x7ff78ec66be3
                                                                                                                                                              0x7ff78ec66be7
                                                                                                                                                              0x7ff78ec66bf0
                                                                                                                                                              0x7ff78ec66c04
                                                                                                                                                              0x7ff78ec66c14
                                                                                                                                                              0x7ff78ec66c1b
                                                                                                                                                              0x7ff78ec66c20
                                                                                                                                                              0x7ff78ec66c25
                                                                                                                                                              0x7ff78ec66c2b
                                                                                                                                                              0x7ff78ec66c33
                                                                                                                                                              0x7ff78ec66c3c
                                                                                                                                                              0x7ff78ec66c41
                                                                                                                                                              0x7ff78ec66c4b
                                                                                                                                                              0x7ff78ec66c54
                                                                                                                                                              0x7ff78ec66c5e
                                                                                                                                                              0x7ff78ec66c63
                                                                                                                                                              0x7ff78ec66c69
                                                                                                                                                              0x7ff78ec66c79
                                                                                                                                                              0x7ff78ec66c7b
                                                                                                                                                              0x7ff78ec66c80
                                                                                                                                                              0x7ff78ec66c86
                                                                                                                                                              0x7ff78ec66c8e
                                                                                                                                                              0x7ff78ec66c96
                                                                                                                                                              0x7ff78ec66ca3
                                                                                                                                                              0x7ff78ec66cbb
                                                                                                                                                              0x7ff78ec66cc2
                                                                                                                                                              0x7ff78ec66cc7
                                                                                                                                                              0x7ff78ec66ccf
                                                                                                                                                              0x7ff78ec66ce2
                                                                                                                                                              0x7ff78ec66cea
                                                                                                                                                              0x7ff78ec66d07

                                                                                                                                                              APIs
                                                                                                                                                              • MultiByteToWideChar.KERNEL32 ref: 00007FF78EC66B8C
                                                                                                                                                                • Part of subcall function 00007FF78EC61CB0: GetLastError.KERNEL32(?,?,00000000,00007FF78EC66864,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC61CD7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                                                                                                              • API String ID: 203985260-1562484376
                                                                                                                                                              • Opcode ID: 4a450ead7fb78b350f3efd260e0dec2fd4eb24dd9bd16ec199d4b5cd20ced202
                                                                                                                                                              • Instruction ID: 18df2c53439f9cded65a6741361074609534c9d1b5916798ddef9552dc0580c9
                                                                                                                                                              • Opcode Fuzzy Hash: 4a450ead7fb78b350f3efd260e0dec2fd4eb24dd9bd16ec199d4b5cd20ced202
                                                                                                                                                              • Instruction Fuzzy Hash: CF417E31F0CA52A1E610BBA5ED5047AE6A2FB947C0FB44539D96E47AA5EF3CE501C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC61440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF78EC61440(void* __rax, void* __rcx, void* __rdx) {
				void* _t1;
				void* _t2;
				void* _t4;
				void* _t9;
				void* _t10;

				_t1 = E00007FF77FF78EC65840(_t2, _t4, __rax, __rcx, _t9, _t10);
				if (_t1 != 0xffffffff) goto 0x8ec61462;
				return _t1;
			}








                                                                                                                                                              0x7ff78ec6144f
                                                                                                                                                              0x7ff78ec61457
                                                                                                                                                              0x7ff78ec61461

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                              • API String ID: 0-666925554
                                                                                                                                                              • Opcode ID: 51e758cd55ef8d89e734f6c76cc98cb429910d251f2c291cb44b2262c7da4ed9
                                                                                                                                                              • Instruction ID: 49a4160f9bfc43b6ef7f127b14fdb1fe3d377c8fb0c980c136210a80a41606f7
                                                                                                                                                              • Opcode Fuzzy Hash: 51e758cd55ef8d89e734f6c76cc98cb429910d251f2c291cb44b2262c7da4ed9
                                                                                                                                                              • Instruction Fuzzy Hash: C651BB21F0865285FA10BBE1E5006BAE3A0BF45BE9FE44439DE1D476A6EF3CE145C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC669C0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                              • API String ID: 4998090-2855260032
                                                                                                                                                              • Opcode ID: dc7a3ed2d7af174a8b16a6a8f4dc2f5f842c3ff7a2cb0ceccccc57ca37c8ea09
                                                                                                                                                              • Instruction ID: c5e1218a875dc675bc7bf46a0ca06707586707450f9609a81ad012eddeddd01d
                                                                                                                                                              • Opcode Fuzzy Hash: dc7a3ed2d7af174a8b16a6a8f4dc2f5f842c3ff7a2cb0ceccccc57ca37c8ea09
                                                                                                                                                              • Instruction Fuzzy Hash: B4419331A1C68282EB50AF94E4447AAF361FF84794FA44235EA6F476E5DF3CE448C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC608801F8 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 131threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_$Arg_FormatKeywords_ModuleParseSizeStateStringThread_allocate_lockThread_free_lockTupleType_
                                                                                                                                                              • String ID: Cannot specify both preset and filter chain$Integrity checks are only supported by FORMAT_XZ$Invalid container format: %d$Unable to allocate lock$|iiOO:LZMACompressor
                                                                                                                                                              • API String ID: 3029081906-3984722346
                                                                                                                                                              • Opcode ID: 35171c6d2ced9c47fd33dbe4e3e376334f302346e25391d96786ff00b36d53f6
                                                                                                                                                              • Instruction ID: 19fedbf19c859ba5a790a2c2e207aac67f77583169fb364dd84b900407429721
                                                                                                                                                              • Opcode Fuzzy Hash: 35171c6d2ced9c47fd33dbe4e3e376334f302346e25391d96786ff00b36d53f6
                                                                                                                                                              • Instruction Fuzzy Hash: 07510732A5DB6AC6EBA0CF25E8804A937B4FB48794B510135DA4E23B64DF3CE549C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC6087FCAC Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 95COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PyMapping_Check.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FCD1
                                                                                                                                                              • PyMapping_GetItemString.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FCEB
                                                                                                                                                              • PyLong_AsUnsignedLongLong.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FD00
                                                                                                                                                              • PyErr_Occurred.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FD13
                                                                                                                                                              • PyErr_ExceptionMatches.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FD8C
                                                                                                                                                              • PyErr_Format.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FDD5
                                                                                                                                                              • PyErr_SetString.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FDEE
                                                                                                                                                              • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6088540E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_$LongMapping_String$CheckDeallocExceptionFormatItemLong_MatchesOccurredUnsigned
                                                                                                                                                              • String ID: Filter specifier must be a dict or dict-like object$Filter specifier must have an "id" entry$Invalid filter ID: %llu
                                                                                                                                                              • API String ID: 1881886752-3390802605
                                                                                                                                                              • Opcode ID: 93f3494961c56fe36421c7d9888a43adce1ebdb7820f8a7a173e9cb0b34e297d
                                                                                                                                                              • Instruction ID: 4dd842de1b84df06949ec929369ac1416bc7f7ed6820c89a44cd7d95fb8d74b5
                                                                                                                                                              • Opcode Fuzzy Hash: 93f3494961c56fe36421c7d9888a43adce1ebdb7820f8a7a173e9cb0b34e297d
                                                                                                                                                              • Instruction Fuzzy Hash: 28412E31ACCA2BC0EA74CF56A89413C67A0FF5DB81B468031DA4E66369DF3CE449C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60882904 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 67COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Arg_Buffer_Long$ArgumentBufferCheckContiguousErr_Long_Module_Object_OccurredPositionalReleaseStateUnsignedfreememset
                                                                                                                                                              • String ID: _decode_filter_properties$argument 2$contiguous buffer
                                                                                                                                                              • API String ID: 3656606796-2431706548
                                                                                                                                                              • Opcode ID: d35a3f7532bea0a7013997e894d7ee2c74ea73b8a7e9adc5f21c971dc2332b7d
                                                                                                                                                              • Instruction ID: dd70f15542708ae6689592d7c6795d1cbd522ee70411f4db8bccb8e50ee13e2f
                                                                                                                                                              • Opcode Fuzzy Hash: d35a3f7532bea0a7013997e894d7ee2c74ea73b8a7e9adc5f21c971dc2332b7d
                                                                                                                                                              • Instruction Fuzzy Hash: 3D313C21B4CA6AD1EB10CB25E8846B96360FF9CF94F5A4131DA4E63764DF3CE949C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC608784E4 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 60COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FFC7FFC608784E4(void* __edx, void* __rcx) {
				void* _t3;

				_t3 = __edx - 6;
				if (_t3 > 0) goto 0x60878521;
				if (_t3 == 0) goto 0x60878561;
				r8d = __edx;
				if (__edx != 0) goto 0x60878500;
				return 0;
			}




                                                                                                                                                              0x7ffc608784eb
                                                                                                                                                              0x7ffc608784ee
                                                                                                                                                              0x7ffc608784f0
                                                                                                                                                              0x7ffc608784f2
                                                                                                                                                              0x7ffc608784f7
                                                                                                                                                              0x7ffc608784ff

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_$MemoryString
                                                                                                                                                              • String ID: Corrupt input data$Input format not supported by decoder$Insufficient buffer space$Internal error$Invalid or unsupported options$Memory usage limit exceeded$Unrecognized error from liblzma: %d$Unsupported integrity check
                                                                                                                                                              • API String ID: 60457842-2177155514
                                                                                                                                                              • Opcode ID: c16319be145f0fd0dfbac310c131b322346b3af232b861c0eae9e0453191ecd5
                                                                                                                                                              • Instruction ID: 71178a015737087674ea150027dbae88c975429b3c88e1db598d9fda2deee778
                                                                                                                                                              • Opcode Fuzzy Hash: c16319be145f0fd0dfbac310c131b322346b3af232b861c0eae9e0453191ecd5
                                                                                                                                                              • Instruction Fuzzy Hash: DC211D61FDC63BC1F568D728A85407C12A1BF5E742F666035C40E25BA8AEADF54CC330
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60882EE0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FFC7FFC60882EE0(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x60882f21;
				if (_t5 == 0) goto 0x60882f15;
				if (_t5 == 0) goto 0x60882f08;
				if (__edx == 1) goto 0x60882f01;
				return 1;
			}




                                                                                                                                                              0x7ffc60882ee4
                                                                                                                                                              0x7ffc60882ee6
                                                                                                                                                              0x7ffc60882eeb
                                                                                                                                                              0x7ffc60882ef0
                                                                                                                                                              0x7ffc60882ef5
                                                                                                                                                              0x7ffc60882f00

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                              • Opcode ID: 0916e3bebadaab279752c31d96e7e47478ccb639d8e2d41ae24a4d409ddc72f4
                                                                                                                                                              • Instruction ID: 13a9b89d46ecd4ec89864d2f9cfd03ddd95d295193d189a245c1427bf1fd7977
                                                                                                                                                              • Opcode Fuzzy Hash: 0916e3bebadaab279752c31d96e7e47478ccb639d8e2d41ae24a4d409ddc72f4
                                                                                                                                                              • Instruction Fuzzy Hash: 4081AC60E8C66BC6F660EB65984527962A0BF4DB80F464035EA0CA7396DF3DED4DC720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60877E08 Relevance: 16.6, APIs: 11, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FFC7FFC60877E08(long long __rbx, void* __rcx, long long __rdx, long long __rdi, long long __rsi, long long __rbp, long long __r8, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed int _t20;
				signed int _t21;
				void* _t28;
				void* _t31;
				void* _t46;

				_t28 = _t46;
				 *((long long*)(_t28 + 8)) = __rbx;
				 *((long long*)(_t28 + 0x10)) = __rbp;
				 *((long long*)(_t28 + 0x18)) = __rsi;
				 *((long long*)(_t28 + 0x20)) = __rdi;
				_t31 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x28)) != 0) goto 0x60877f12;
				 *((long long*)(__rcx + 0x28)) = __rdx;
				sil = 0;
				 *((long long*)(__rcx + 0x30)) = __r8;
				_t20 = E00007FFC7FFC608781B4(__rcx, __rcx, __r9, __r8);
				if (_t28 == 0) goto 0x60877fb1;
				if ( *((char*)(_t31 + 0xb4)) != 0) goto 0x60877f63;
				if ( *((long long*)(_t31 + 0x30)) != 0) goto 0x60877ea9;
				 *(_t31 + 0x28) =  *(_t31 + 0x28) & 0x00000000;
				_t21 = _t20 & 0xffffff00 |  *((long long*)(_t31 + 0x48)) != 0x00000000;
				 *(_t31 + 0xc0) = _t21;
				return _t21;
			}








                                                                                                                                                              0x7ffc60877e08
                                                                                                                                                              0x7ffc60877e0b
                                                                                                                                                              0x7ffc60877e0f
                                                                                                                                                              0x7ffc60877e13
                                                                                                                                                              0x7ffc60877e17
                                                                                                                                                              0x7ffc60877e32
                                                                                                                                                              0x7ffc60877e38
                                                                                                                                                              0x7ffc60877e3e
                                                                                                                                                              0x7ffc60877e42
                                                                                                                                                              0x7ffc60877e45
                                                                                                                                                              0x7ffc60877e4f
                                                                                                                                                              0x7ffc60877e5a
                                                                                                                                                              0x7ffc60877e67
                                                                                                                                                              0x7ffc60877e72
                                                                                                                                                              0x7ffc60877e74
                                                                                                                                                              0x7ffc60877e7e
                                                                                                                                                              0x7ffc60877e81
                                                                                                                                                              0x7ffc60877ea8

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Mem_memmove$Eval_Thread$Bytes_DeallocFreeFromMallocModuleReallocRestoreSaveSizeStateStringType_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2269716368-0
                                                                                                                                                              • Opcode ID: 4b9d610d8ce756eeede54a48d243dabce93d2f119502cad4845e82ba50bbdbbc
                                                                                                                                                              • Instruction ID: b1ff1b16311736b9ed1994338728f2dbc20b3c99e3d917da96fc1ee9474cbe0b
                                                                                                                                                              • Opcode Fuzzy Hash: 4b9d610d8ce756eeede54a48d243dabce93d2f119502cad4845e82ba50bbdbbc
                                                                                                                                                              • Instruction Fuzzy Hash: 87614862A4DB6AC1EB50CF25954437C62A5FB48F99F2A5135CE0E27798DF3CE489C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC665D0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 25%
                                                                                                                                                              			E00007FF77FF78EC665D0(void* __ecx, void* __rcx, void* __r8, long long _a24, intOrPtr _a32, long long _a40, long long _a48, char _a56, signed int _a8248) {
				long _t15;
				void* _t19;
				void* _t31;
				signed long long _t32;
				long long _t37;
				void* _t47;
				void* _t52;
				void* _t53;
				void* _t54;

				E00007FF77FF78EC6A070(0x2050, _t31, _t53, _t54);
				_t32 =  *0x8ec9d000; // 0x5e06c6841c27
				_a8248 = _t32 ^ _t47 - _t31;
				if (__ecx != 0) goto 0x8ec665fd;
				_t15 = GetLastError();
				_a40 = _t37;
				r9d = 0x400;
				_a32 = 0x1000;
				r8d = _t15;
				_a24 =  &_a56;
				if (FormatMessageW(??, ??, ??, ??, ??, ??, ??) != 0) goto 0x8ec6664c;
				E00007FF77FF78EC61CB0("FormatMessageW", "No error messages generated.\n", __r8, _t52);
				goto 0x8ec666a5;
				_a48 = _t37;
				_a40 = _t37;
				r9d = 0xffffffff;
				_a32 = 0x1000;
				_a24 = 0x8ecaaff0;
				if (WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??) != 0) goto 0x8ec666a2;
				_t19 = E00007FF77FF78EC61CB0("WideCharToMultiByte", "Failed to encode wchar_t as UTF-8.\n",  &_a56, _t52);
				goto 0x8ec666a5;
				return E00007FF77FF78EC6A040(_t19, 0xfde9, _a8248 ^ _t47 - _t31);
			}












                                                                                                                                                              0x7ff78ec665d7
                                                                                                                                                              0x7ff78ec665df
                                                                                                                                                              0x7ff78ec665e9
                                                                                                                                                              0x7ff78ec665f5
                                                                                                                                                              0x7ff78ec665f7
                                                                                                                                                              0x7ff78ec66604
                                                                                                                                                              0x7ff78ec66609
                                                                                                                                                              0x7ff78ec6660f
                                                                                                                                                              0x7ff78ec66617
                                                                                                                                                              0x7ff78ec6661a
                                                                                                                                                              0x7ff78ec6662e
                                                                                                                                                              0x7ff78ec6663e
                                                                                                                                                              0x7ff78ec6664a
                                                                                                                                                              0x7ff78ec6664c
                                                                                                                                                              0x7ff78ec66656
                                                                                                                                                              0x7ff78ec6665b
                                                                                                                                                              0x7ff78ec66668
                                                                                                                                                              0x7ff78ec66672
                                                                                                                                                              0x7ff78ec66684
                                                                                                                                                              0x7ff78ec66694
                                                                                                                                                              0x7ff78ec666a0
                                                                                                                                                              0x7ff78ec666bd

                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(WideCharToMultiByte,00007FF78EC61CE4,?,?,00000000,00007FF78EC66864), ref: 00007FF78EC665F7
                                                                                                                                                              • FormatMessageW.KERNEL32 ref: 00007FF78EC66626
                                                                                                                                                              • WideCharToMultiByte.KERNEL32 ref: 00007FF78EC6667C
                                                                                                                                                                • Part of subcall function 00007FF78EC61CB0: GetLastError.KERNEL32(?,?,00000000,00007FF78EC66864,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC61CD7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                              • API String ID: 2383786077-2573406579
                                                                                                                                                              • Opcode ID: 620d5d36900d1fa5d35eb7c9ac16ae22a16bc84afd8ff29625592f9522aca46c
                                                                                                                                                              • Instruction ID: 2671336339aab51cf1cdf885b0658beb1fc96e3b785e78fc0b15723f0380dd3f
                                                                                                                                                              • Opcode Fuzzy Hash: 620d5d36900d1fa5d35eb7c9ac16ae22a16bc84afd8ff29625592f9522aca46c
                                                                                                                                                              • Instruction Fuzzy Hash: F1219271E0CA4291FB60BF95F95077AA261FF88384FE44139D55E826A4EF3CD145C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60878300 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                                                                                                              • String ID: argument$compress$contiguous buffer
                                                                                                                                                              • API String ID: 1731275941-2310704374
                                                                                                                                                              • Opcode ID: df905c2fc770522b7d620d5ab3c023dd8cc8e9b4f257a0f7c38a125d1f44d5e3
                                                                                                                                                              • Instruction ID: 844d275f9a09e5fb4096ff9f92b44285961914751e757c0c2aa4000428f9b8be
                                                                                                                                                              • Opcode Fuzzy Hash: df905c2fc770522b7d620d5ab3c023dd8cc8e9b4f257a0f7c38a125d1f44d5e3
                                                                                                                                                              • Instruction Fuzzy Hash: FF118122B8C66AD1EB10CB25E4842A96360FB8CB84F5A4131DA4D63724DF3CD949C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC79714 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 59%
                                                                                                                                                              			E00007FF77FF78EC79714(void* __ecx, void* __edx, signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8) {
				void* __rsi;
				void* __rbp;
				void* _t134;
				void* _t156;
				void* _t186;
				signed short _t200;
				signed short _t201;
				signed int _t202;
				signed int _t253;
				signed int _t255;
				signed int _t257;
				void* _t258;
				signed int _t259;
				signed int _t262;
				signed int _t265;
				signed short* _t384;
				signed short* _t385;
				signed short* _t386;
				signed short* _t388;
				signed short** _t389;
				long long _t390;
				long long _t392;
				long long* _t393;
				signed short* _t394;
				long long* _t398;
				long long* _t399;
				long long* _t400;
				signed short** _t402;
				void* _t404;
				void* _t406;
				void* _t408;
				void* _t409;
				signed short* _t412;
				signed short* _t413;
				long long _t415;
				signed short* _t416;
				long long _t418;
				void* _t422;
				intOrPtr _t423;

				_t411 = __r8;
				_t398 = __rdx;
				_t392 = __rcx;
				_t390 = __rbx;
				 *((long long*)(_t408 + 0x18)) = __rbx;
				 *((long long*)(_t408 + 8)) = __rcx;
				_push(_t406);
				_push(_t404);
				_push(_t418);
				_t409 = _t408 - 0x90;
				_t415 =  *((intOrPtr*)(__rdx));
				r13d = 0;
				_t259 = r9b & 0xffffffff;
				r14d = r8d;
				 *((long long*)(_t409 + 0x88)) = _t415;
				_t402 = __rdx;
				if (_t415 != 0) goto 0x8ec7975f;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec79791;
				if (r14d == 0) goto 0x8ec797a9;
				_t4 = _t411 - 2; // -2
				if (_t4 - 0x22 <= 0) goto 0x8ec797a9;
				 *((long long*)(_t409 + 0x28)) = _t392;
				r9d = 0;
				 *((char*)(_t392 + 0x30)) = 1;
				r8d = 0;
				 *(_t392 + 0x2c) = 0x16;
				 *((long long*)(_t409 + 0x20)) = _t418;
				E00007FF77FF78EC7A180(__rax, __rbx, _t392, _t398, _t404, _t406, __r8);
				_t393 = _t402[1];
				if (_t393 == 0) goto 0x8ec79df5;
				 *_t393 =  *_t402;
				goto 0x8ec79df5;
				_t10 = _t415 + 2; // 0x2
				 *_t398 = _t10;
				_t264 = r13d;
				if ( *((intOrPtr*)(_t393 + 0x28)) != r13b) goto 0x8ec797d3;
				_t134 = E00007FF77FF78EC735D0(_t10, _t390, _t393, _t404, _t422);
				goto 0x8ec797d3;
				_t382 =  *_t402;
				 *_t402 =  &(( *_t402)[1]);
				if (E00007FF77FF78EC77E88(_t134,  *_t382 & 0xffff, _t258, _t390, _t393) != 0) goto 0x8ec797c6;
				_t261 =  !=  ? _t259 : _t259 | 0x00000002;
				_t12 = _t390 - 0x2b; // -43
				if ((0x0000fffd & _t12) != 0) goto 0x8ec7980a;
				_t384 =  *_t402;
				_t200 =  *_t384 & 0x0000ffff;
				_t385 =  &(_t384[1]);
				 *_t402 = _t385;
				 *((intOrPtr*)(_t409 + 0xd8)) = 0xa70;
				 *((intOrPtr*)(_t409 + 0x30)) = 0xae6;
				 *((intOrPtr*)(_t409 + 0x34)) = 0xaf0;
				 *((intOrPtr*)(_t409 + 0x38)) = 0xb66;
				r8d = 0x660;
				 *((intOrPtr*)(_t409 + 0x3c)) = 0xb70;
				_t20 = _t385 - 0x80; // 0x5e0
				r9d = _t20;
				 *((intOrPtr*)(_t409 + 0x40)) = 0xc66;
				r10d = 0x6f0;
				 *((intOrPtr*)(_t409 + 0x44)) = 0xc70;
				r11d = 0x966;
				 *((intOrPtr*)(_t409 + 0x48)) = 0xce6;
				 *((intOrPtr*)(_t409 + 0x4c)) = 0xcf0;
				 *((intOrPtr*)(_t409 + 0x50)) = 0xd66;
				 *((intOrPtr*)(_t409 + 0x54)) = 0xd70;
				 *((intOrPtr*)(_t409 + 0x58)) = 0xe50;
				 *((intOrPtr*)(_t409 + 0x5c)) = 0xe5a;
				 *((intOrPtr*)(_t409 + 0x60)) = 0xed0;
				 *((intOrPtr*)(_t409 + 0x64)) = 0xeda;
				 *((intOrPtr*)(_t409 + 0x68)) = 0xf20;
				 *((intOrPtr*)(_t409 + 0x6c)) = 0xf2a;
				 *((intOrPtr*)(_t409 + 0x70)) = 0x1040;
				 *((intOrPtr*)(_t409 + 0x74)) = 0x104a;
				 *((intOrPtr*)(_t409 + 0x78)) = 0x17e0;
				 *((intOrPtr*)(_t409 + 0x7c)) = 0x17ea;
				 *((intOrPtr*)(_t409 + 0x80)) = 0x1810;
				 *((intOrPtr*)(_t409 + 0x84)) = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0x8ec79b78;
				if (_t200 - 0x30 < 0) goto 0x8ec79ac7;
				if (_t200 - 0x3a >= 0) goto 0x8ec79916;
				goto 0x8ec79ac2;
				if (_t200 - 0xff10 >= 0) goto 0x8ec79ab3;
				if (_t200 - r8w < 0) goto 0x8ec79ac7;
				if (_t200 - 0x66a >= 0) goto 0x8ec7993e;
				goto 0x8ec79ac2;
				if (_t200 - r10w < 0) goto 0x8ec79ac7;
				if (_t200 - 0x6fa >= 0) goto 0x8ec7995d;
				goto 0x8ec79ac2;
				if (_t200 - r11w < 0) goto 0x8ec79ac7;
				if (_t200 - 0x970 >= 0) goto 0x8ec7997c;
				goto 0x8ec79ac2;
				if (_t200 - r9w < 0) goto 0x8ec79ac7;
				if (_t200 - 0x9f0 >= 0) goto 0x8ec7999b;
				goto 0x8ec79ac2;
				if (_t200 - (_t200 & 0x0000ffff) - r9d < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0xd8)) >= 0) goto 0x8ec799bb;
				goto 0x8ec79ac2;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x30)) < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x34)) < 0) goto 0x8ec7990c;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x38)) < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x3c)) < 0) goto 0x8ec7990c;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x40)) < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x44)) < 0) goto 0x8ec7990c;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x48)) < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x4c)) < 0) goto 0x8ec7990c;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x50)) < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x54)) < 0) goto 0x8ec7990c;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x58)) < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x5c)) < 0) goto 0x8ec7990c;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x60)) < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x64)) < 0) goto 0x8ec7990c;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x68)) < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x6c)) < 0) goto 0x8ec7990c;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x70)) < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x74)) < 0) goto 0x8ec7990c;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x78)) < 0) goto 0x8ec79ac7;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x7c)) < 0) goto 0x8ec7990c;
				if ((_t200 & 0x0000ffff) -  *((intOrPtr*)(_t409 + 0x80)) - 9 > 0) goto 0x8ec79ac7;
				goto 0x8ec7990c;
				if (_t200 -  *((intOrPtr*)(_t409 + 0x84)) >= 0) goto 0x8ec79ac7;
				if ((_t200 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0x8ec79ae9;
				_t64 = _t393 - 0x41; // -17
				_t65 = _t393 - 0x61; // -49
				_t156 = _t65;
				if (_t64 - 0x19 <= 0) goto 0x8ec79ade;
				if (_t156 - 0x19 > 0) goto 0x8ec79b69;
				if (_t156 - 0x19 > 0) goto 0x8ec79ae6;
				_t66 = _t393 - 0x37; // -231
				if (_t66 != 0) goto 0x8ec79b69;
				_t394 =  *_t402;
				r9d = 0xffdf;
				_t253 =  *_t394 & 0x0000ffff;
				_t67 =  &(_t394[1]); // 0xffe1
				_t412 = _t67;
				 *_t402 = _t412;
				_t68 = _t398 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0x8ec79b51;
				 *_t402 = _t394;
				_t160 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t253 == 0) goto 0x8ec79b49;
				if ( *_t394 == _t253) goto 0x8ec79b49;
				E00007FF77FF78EC75E08(_t385);
				 *_t385 = 0x16;
				E00007FF77FF78EC7A250();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0x8ec79b78;
				r8d = 0x660;
				goto 0x8ec79b78;
				_t201 =  *_t412 & 0x0000ffff;
				_t71 =  &(_t412[1]); // 0xffe3
				_t386 = _t71;
				 *_t402 = _t386;
				r8d = 0x660;
				goto 0x8ec79b6e;
				_t165 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t166 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t255 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r12d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t201 - r12w < 0) goto 0x8ec79d48;
				if (_t201 - 0x3a >= 0) goto 0x8ec79baa;
				goto 0x8ec79d43;
				if (_t201 - r15w >= 0) goto 0x8ec79d33;
				if (_t201 - r8w < 0) goto 0x8ec79d48;
				if (_t201 - 0x66a >= 0) goto 0x8ec79bd3;
				goto 0x8ec79d43;
				if (_t201 - r10w < 0) goto 0x8ec79d48;
				if (_t201 - 0x6fa >= 0) goto 0x8ec79bf2;
				goto 0x8ec79d43;
				if (_t201 - r11w < 0) goto 0x8ec79d48;
				if (_t201 - 0x970 >= 0) goto 0x8ec79c11;
				goto 0x8ec79d43;
				if (_t201 - 0x9e6 < 0) goto 0x8ec79d48;
				_t76 =  &(_t386[5]); // 0x9f0
				if (_t201 - _t76 >= 0) goto 0x8ec79c31;
				goto 0x8ec79d43;
				if (_t201 - 0xa66 < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0xd8)) < 0) goto 0x8ec79c27;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x30)) < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x34)) < 0) goto 0x8ec79c27;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x38)) < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x3c)) < 0) goto 0x8ec79c27;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x40)) < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x44)) < 0) goto 0x8ec79c27;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x48)) < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x4c)) < 0) goto 0x8ec79c27;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x50)) < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x54)) < 0) goto 0x8ec79c27;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x58)) < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x5c)) < 0) goto 0x8ec79c27;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x60)) < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x64)) < 0) goto 0x8ec79c27;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x68)) < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x6c)) < 0) goto 0x8ec79c27;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x70)) < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x74)) < 0) goto 0x8ec79c27;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x78)) < 0) goto 0x8ec79d48;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x7c)) < 0) goto 0x8ec79c27;
				if ((_t201 & 0x0000ffff) -  *((intOrPtr*)(_t409 + 0x80)) - 9 > 0) goto 0x8ec79d48;
				goto 0x8ec79d43;
				if (_t201 -  *((intOrPtr*)(_t409 + 0x84)) >= 0) goto 0x8ec79d48;
				if ((_t201 & 0x0000ffff) - r15d != 0xffffffff) goto 0x8ec79d6b;
				_t100 = _t394 - 0x41; // -65
				_t101 = _t394 - 0x61; // -97
				_t186 = _t101;
				if (_t100 - 0x19 <= 0) goto 0x8ec79d5b;
				if (_t186 - 0x19 > 0) goto 0x8ec79d68;
				if (_t186 - 0x19 > 0) goto 0x8ec79d63;
				goto 0x8ec79d6b;
				_t413 =  *_t402;
				if (((_t201 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0x8ec79daf;
				_t202 =  *_t413 & 0x0000ffff;
				_t257 = _t386 + _t394;
				_t265 = _t257;
				_t107 =  &(_t413[1]); // 0x2
				r8d = 0x660;
				 *_t402 = _t107;
				_t262 = ( !=  ? _t259 : _t259 | 0x00000002) | (r13d & 0xffffff00 | _t257 - r13d * r14d > 0x00000000 | r13d & 0xffffff00 | _t264 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0x8ec79b8f;
				_t423 =  *((intOrPtr*)(_t409 + 0xd0));
				_t109 = _t413 - 2; // -2
				_t388 = _t109;
				_t416 =  *((intOrPtr*)(_t409 + 0x88));
				 *_t402 = _t388;
				if (_t202 == 0) goto 0x8ec79de0;
				if ( *_t388 == _t202) goto 0x8ec79de0;
				E00007FF77FF78EC75E08(_t388);
				 *_t388 = 0x16;
				E00007FF77FF78EC7A250();
				if ((sil & 0x00000008) != 0) goto 0x8ec79dfc;
				_t389 = _t402[1];
				 *_t402 = _t416;
				if (_t389 == 0) goto 0x8ec79df5;
				 *_t389 = _t416;
				goto 0x8ec79e80;
				r8d = 0x80000000;
				_t114 = _t413 - 1; // -1
				r9d = _t114;
				if ((sil & 0x00000004) != 0) goto 0x8ec79e24;
				if ((sil & 0x00000001) == 0) goto 0x8ec79e67;
				if ((sil & 0x00000002) == 0) goto 0x8ec79e1f;
				if (_t265 - r8d <= 0) goto 0x8ec79e6d;
				goto 0x8ec79e24;
				if (_t265 - r9d <= 0) goto 0x8ec79e6f;
				 *((char*)(_t423 + 0x30)) = 1;
				 *((intOrPtr*)(_t423 + 0x2c)) = 0x22;
				if ((_t262 & 0x00000001) != 0) goto 0x8ec79e3f;
				goto 0x8ec79e6f;
				_t399 = _t402[1];
				if ((_t262 & 0x00000002) == 0) goto 0x8ec79e57;
				if (_t399 == 0) goto 0x8ec79e52;
				 *_t399 =  *_t402;
				goto 0x8ec79e80;
				if (_t399 == 0) goto 0x8ec79e62;
				 *_t399 =  *_t402;
				goto 0x8ec79e80;
				if ((sil & 0x00000002) == 0) goto 0x8ec79e6f;
				_t400 = _t402[1];
				if (_t400 == 0) goto 0x8ec79e7e;
				 *_t400 =  *_t402;
				return  ~(_t265 | 0xffffffff);
			}










































                                                                                                                                                              0x7ff78ec79714
                                                                                                                                                              0x7ff78ec79714
                                                                                                                                                              0x7ff78ec79714
                                                                                                                                                              0x7ff78ec79714
                                                                                                                                                              0x7ff78ec79714
                                                                                                                                                              0x7ff78ec79719
                                                                                                                                                              0x7ff78ec7971e
                                                                                                                                                              0x7ff78ec7971f
                                                                                                                                                              0x7ff78ec79723
                                                                                                                                                              0x7ff78ec79729
                                                                                                                                                              0x7ff78ec79730
                                                                                                                                                              0x7ff78ec79733
                                                                                                                                                              0x7ff78ec79736
                                                                                                                                                              0x7ff78ec7973a
                                                                                                                                                              0x7ff78ec7973d
                                                                                                                                                              0x7ff78ec79745
                                                                                                                                                              0x7ff78ec7974b
                                                                                                                                                              0x7ff78ec7974d
                                                                                                                                                              0x7ff78ec79752
                                                                                                                                                              0x7ff78ec79758
                                                                                                                                                              0x7ff78ec7975d
                                                                                                                                                              0x7ff78ec79762
                                                                                                                                                              0x7ff78ec79764
                                                                                                                                                              0x7ff78ec7976b
                                                                                                                                                              0x7ff78ec7976d
                                                                                                                                                              0x7ff78ec79772
                                                                                                                                                              0x7ff78ec79775
                                                                                                                                                              0x7ff78ec79779
                                                                                                                                                              0x7ff78ec7977c
                                                                                                                                                              0x7ff78ec79787
                                                                                                                                                              0x7ff78ec7978c
                                                                                                                                                              0x7ff78ec79791
                                                                                                                                                              0x7ff78ec79798
                                                                                                                                                              0x7ff78ec797a1
                                                                                                                                                              0x7ff78ec797a4
                                                                                                                                                              0x7ff78ec797ae
                                                                                                                                                              0x7ff78ec797b3
                                                                                                                                                              0x7ff78ec797b6
                                                                                                                                                              0x7ff78ec797bd
                                                                                                                                                              0x7ff78ec797bf
                                                                                                                                                              0x7ff78ec797c4
                                                                                                                                                              0x7ff78ec797c6
                                                                                                                                                              0x7ff78ec797d0
                                                                                                                                                              0x7ff78ec797e2
                                                                                                                                                              0x7ff78ec797f2
                                                                                                                                                              0x7ff78ec797f5
                                                                                                                                                              0x7ff78ec797fb
                                                                                                                                                              0x7ff78ec797fd
                                                                                                                                                              0x7ff78ec79800
                                                                                                                                                              0x7ff78ec79803
                                                                                                                                                              0x7ff78ec79807
                                                                                                                                                              0x7ff78ec7980a
                                                                                                                                                              0x7ff78ec7981a
                                                                                                                                                              0x7ff78ec79827
                                                                                                                                                              0x7ff78ec79834
                                                                                                                                                              0x7ff78ec7983c
                                                                                                                                                              0x7ff78ec79842
                                                                                                                                                              0x7ff78ec7984a
                                                                                                                                                              0x7ff78ec7984a
                                                                                                                                                              0x7ff78ec7984e
                                                                                                                                                              0x7ff78ec79856
                                                                                                                                                              0x7ff78ec7985c
                                                                                                                                                              0x7ff78ec79864
                                                                                                                                                              0x7ff78ec7986a
                                                                                                                                                              0x7ff78ec79872
                                                                                                                                                              0x7ff78ec7987a
                                                                                                                                                              0x7ff78ec79882
                                                                                                                                                              0x7ff78ec7988a
                                                                                                                                                              0x7ff78ec79892
                                                                                                                                                              0x7ff78ec7989a
                                                                                                                                                              0x7ff78ec798a2
                                                                                                                                                              0x7ff78ec798aa
                                                                                                                                                              0x7ff78ec798b2
                                                                                                                                                              0x7ff78ec798ba
                                                                                                                                                              0x7ff78ec798c2
                                                                                                                                                              0x7ff78ec798ca
                                                                                                                                                              0x7ff78ec798d2
                                                                                                                                                              0x7ff78ec798da
                                                                                                                                                              0x7ff78ec798e5
                                                                                                                                                              0x7ff78ec798f7
                                                                                                                                                              0x7ff78ec79900
                                                                                                                                                              0x7ff78ec7990a
                                                                                                                                                              0x7ff78ec79911
                                                                                                                                                              0x7ff78ec79919
                                                                                                                                                              0x7ff78ec79923
                                                                                                                                                              0x7ff78ec79931
                                                                                                                                                              0x7ff78ec79939
                                                                                                                                                              0x7ff78ec79942
                                                                                                                                                              0x7ff78ec79950
                                                                                                                                                              0x7ff78ec79958
                                                                                                                                                              0x7ff78ec79961
                                                                                                                                                              0x7ff78ec7996f
                                                                                                                                                              0x7ff78ec79977
                                                                                                                                                              0x7ff78ec79980
                                                                                                                                                              0x7ff78ec7998e
                                                                                                                                                              0x7ff78ec79996
                                                                                                                                                              0x7ff78ec7999e
                                                                                                                                                              0x7ff78ec799ac
                                                                                                                                                              0x7ff78ec799b6
                                                                                                                                                              0x7ff78ec799c2
                                                                                                                                                              0x7ff78ec799cd
                                                                                                                                                              0x7ff78ec799da
                                                                                                                                                              0x7ff78ec799e5
                                                                                                                                                              0x7ff78ec799f2
                                                                                                                                                              0x7ff78ec799fd
                                                                                                                                                              0x7ff78ec79a0a
                                                                                                                                                              0x7ff78ec79a15
                                                                                                                                                              0x7ff78ec79a22
                                                                                                                                                              0x7ff78ec79a2d
                                                                                                                                                              0x7ff78ec79a3a
                                                                                                                                                              0x7ff78ec79a45
                                                                                                                                                              0x7ff78ec79a52
                                                                                                                                                              0x7ff78ec79a59
                                                                                                                                                              0x7ff78ec79a66
                                                                                                                                                              0x7ff78ec79a6d
                                                                                                                                                              0x7ff78ec79a7a
                                                                                                                                                              0x7ff78ec79a81
                                                                                                                                                              0x7ff78ec79a8e
                                                                                                                                                              0x7ff78ec79a95
                                                                                                                                                              0x7ff78ec79aac
                                                                                                                                                              0x7ff78ec79aae
                                                                                                                                                              0x7ff78ec79abb
                                                                                                                                                              0x7ff78ec79ac5
                                                                                                                                                              0x7ff78ec79aca
                                                                                                                                                              0x7ff78ec79ad0
                                                                                                                                                              0x7ff78ec79ad0
                                                                                                                                                              0x7ff78ec79ad3
                                                                                                                                                              0x7ff78ec79ad8
                                                                                                                                                              0x7ff78ec79ae1
                                                                                                                                                              0x7ff78ec79ae6
                                                                                                                                                              0x7ff78ec79aeb
                                                                                                                                                              0x7ff78ec79aed
                                                                                                                                                              0x7ff78ec79af0
                                                                                                                                                              0x7ff78ec79af6
                                                                                                                                                              0x7ff78ec79af9
                                                                                                                                                              0x7ff78ec79af9
                                                                                                                                                              0x7ff78ec79afd
                                                                                                                                                              0x7ff78ec79b00
                                                                                                                                                              0x7ff78ec79b07
                                                                                                                                                              0x7ff78ec79b0c
                                                                                                                                                              0x7ff78ec79b14
                                                                                                                                                              0x7ff78ec79b18
                                                                                                                                                              0x7ff78ec79b1e
                                                                                                                                                              0x7ff78ec79b23
                                                                                                                                                              0x7ff78ec79b25
                                                                                                                                                              0x7ff78ec79b2a
                                                                                                                                                              0x7ff78ec79b30
                                                                                                                                                              0x7ff78ec79b35
                                                                                                                                                              0x7ff78ec79b3b
                                                                                                                                                              0x7ff78ec79b41
                                                                                                                                                              0x7ff78ec79b47
                                                                                                                                                              0x7ff78ec79b49
                                                                                                                                                              0x7ff78ec79b4f
                                                                                                                                                              0x7ff78ec79b51
                                                                                                                                                              0x7ff78ec79b55
                                                                                                                                                              0x7ff78ec79b55
                                                                                                                                                              0x7ff78ec79b59
                                                                                                                                                              0x7ff78ec79b5c
                                                                                                                                                              0x7ff78ec79b67
                                                                                                                                                              0x7ff78ec79b71
                                                                                                                                                              0x7ff78ec79b75
                                                                                                                                                              0x7ff78ec79b7a
                                                                                                                                                              0x7ff78ec79b7d
                                                                                                                                                              0x7ff78ec79b7d
                                                                                                                                                              0x7ff78ec79b80
                                                                                                                                                              0x7ff78ec79b86
                                                                                                                                                              0x7ff78ec79b8c
                                                                                                                                                              0x7ff78ec79b93
                                                                                                                                                              0x7ff78ec79b9d
                                                                                                                                                              0x7ff78ec79ba5
                                                                                                                                                              0x7ff78ec79bae
                                                                                                                                                              0x7ff78ec79bb8
                                                                                                                                                              0x7ff78ec79bc6
                                                                                                                                                              0x7ff78ec79bce
                                                                                                                                                              0x7ff78ec79bd7
                                                                                                                                                              0x7ff78ec79be5
                                                                                                                                                              0x7ff78ec79bed
                                                                                                                                                              0x7ff78ec79bf6
                                                                                                                                                              0x7ff78ec79c04
                                                                                                                                                              0x7ff78ec79c0c
                                                                                                                                                              0x7ff78ec79c19
                                                                                                                                                              0x7ff78ec79c1f
                                                                                                                                                              0x7ff78ec79c25
                                                                                                                                                              0x7ff78ec79c2c
                                                                                                                                                              0x7ff78ec79c39
                                                                                                                                                              0x7ff78ec79c47
                                                                                                                                                              0x7ff78ec79c50
                                                                                                                                                              0x7ff78ec79c5b
                                                                                                                                                              0x7ff78ec79c64
                                                                                                                                                              0x7ff78ec79c6f
                                                                                                                                                              0x7ff78ec79c78
                                                                                                                                                              0x7ff78ec79c83
                                                                                                                                                              0x7ff78ec79c8c
                                                                                                                                                              0x7ff78ec79c97
                                                                                                                                                              0x7ff78ec79ca0
                                                                                                                                                              0x7ff78ec79cab
                                                                                                                                                              0x7ff78ec79cb8
                                                                                                                                                              0x7ff78ec79cc3
                                                                                                                                                              0x7ff78ec79cd0
                                                                                                                                                              0x7ff78ec79cd7
                                                                                                                                                              0x7ff78ec79ce4
                                                                                                                                                              0x7ff78ec79ceb
                                                                                                                                                              0x7ff78ec79cf8
                                                                                                                                                              0x7ff78ec79cff
                                                                                                                                                              0x7ff78ec79d0c
                                                                                                                                                              0x7ff78ec79d13
                                                                                                                                                              0x7ff78ec79d2a
                                                                                                                                                              0x7ff78ec79d31
                                                                                                                                                              0x7ff78ec79d3b
                                                                                                                                                              0x7ff78ec79d46
                                                                                                                                                              0x7ff78ec79d4b
                                                                                                                                                              0x7ff78ec79d51
                                                                                                                                                              0x7ff78ec79d51
                                                                                                                                                              0x7ff78ec79d54
                                                                                                                                                              0x7ff78ec79d59
                                                                                                                                                              0x7ff78ec79d5e
                                                                                                                                                              0x7ff78ec79d66
                                                                                                                                                              0x7ff78ec79d6b
                                                                                                                                                              0x7ff78ec79d71
                                                                                                                                                              0x7ff78ec79d73
                                                                                                                                                              0x7ff78ec79d7d
                                                                                                                                                              0x7ff78ec79d8e
                                                                                                                                                              0x7ff78ec79d95
                                                                                                                                                              0x7ff78ec79d9c
                                                                                                                                                              0x7ff78ec79da5
                                                                                                                                                              0x7ff78ec79da8
                                                                                                                                                              0x7ff78ec79daa
                                                                                                                                                              0x7ff78ec79daf
                                                                                                                                                              0x7ff78ec79db7
                                                                                                                                                              0x7ff78ec79db7
                                                                                                                                                              0x7ff78ec79dbb
                                                                                                                                                              0x7ff78ec79dc3
                                                                                                                                                              0x7ff78ec79dc9
                                                                                                                                                              0x7ff78ec79dce
                                                                                                                                                              0x7ff78ec79dd0
                                                                                                                                                              0x7ff78ec79dd5
                                                                                                                                                              0x7ff78ec79ddb
                                                                                                                                                              0x7ff78ec79de4
                                                                                                                                                              0x7ff78ec79de6
                                                                                                                                                              0x7ff78ec79dea
                                                                                                                                                              0x7ff78ec79df0
                                                                                                                                                              0x7ff78ec79df2
                                                                                                                                                              0x7ff78ec79df7
                                                                                                                                                              0x7ff78ec79dfc
                                                                                                                                                              0x7ff78ec79e02
                                                                                                                                                              0x7ff78ec79e02
                                                                                                                                                              0x7ff78ec79e0a
                                                                                                                                                              0x7ff78ec79e10
                                                                                                                                                              0x7ff78ec79e16
                                                                                                                                                              0x7ff78ec79e1b
                                                                                                                                                              0x7ff78ec79e1d
                                                                                                                                                              0x7ff78ec79e22
                                                                                                                                                              0x7ff78ec79e26
                                                                                                                                                              0x7ff78ec79e2e
                                                                                                                                                              0x7ff78ec79e38
                                                                                                                                                              0x7ff78ec79e3d
                                                                                                                                                              0x7ff78ec79e3f
                                                                                                                                                              0x7ff78ec79e45
                                                                                                                                                              0x7ff78ec79e4a
                                                                                                                                                              0x7ff78ec79e4f
                                                                                                                                                              0x7ff78ec79e55
                                                                                                                                                              0x7ff78ec79e5a
                                                                                                                                                              0x7ff78ec79e5f
                                                                                                                                                              0x7ff78ec79e65
                                                                                                                                                              0x7ff78ec79e6b
                                                                                                                                                              0x7ff78ec79e6f
                                                                                                                                                              0x7ff78ec79e76
                                                                                                                                                              0x7ff78ec79e7b
                                                                                                                                                              0x7ff78ec79e9a

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: 0$f$p$p
                                                                                                                                                              • API String ID: 3215553584-1202675169
                                                                                                                                                              • Opcode ID: be5fa115a8b52a4824b37adbae4d10183e050eaabf8b896c07a19f058a599ef8
                                                                                                                                                              • Instruction ID: 5181efecd6302c03c9b5ccf0879e85ceb472aef5fa44b37db31e244985936d18
                                                                                                                                                              • Opcode Fuzzy Hash: be5fa115a8b52a4824b37adbae4d10183e050eaabf8b896c07a19f058a599ef8
                                                                                                                                                              • Instruction Fuzzy Hash: BF12A331E0D14386FBA07A9DD8446BAF691FB90B94FE94131E6994B6C4DF3CE990C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6CEC0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                              			E00007FF77FF78EC6CEC0(void* __ebx, intOrPtr __ecx, void* __edx, void* __esi, intOrPtr* __rcx, long long __rdx, long long __r8, long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int* _t128;
				void* _t145;
				intOrPtr _t146;
				intOrPtr _t154;
				void* _t173;
				intOrPtr _t177;
				signed int _t178;
				signed int _t179;
				void* _t210;
				signed long long _t220;
				signed long long _t221;
				signed long long _t227;
				long long _t229;
				signed int _t236;
				intOrPtr* _t237;
				intOrPtr* _t238;
				signed long long _t247;
				long long _t268;
				signed int* _t281;
				long long _t282;
				void* _t283;
				void* _t284;
				signed long long _t285;
				long long _t297;
				signed int _t308;
				unsigned long long _t314;

				_t180 = __edx;
				_t283 = _t284 - 0x28;
				_t285 = _t284 - 0x128;
				_t220 =  *0x8ec9d000; // 0x5e06c6841c27
				_t221 = _t220 ^ _t285;
				 *(_t283 + 0x10) = _t221;
				_t281 =  *((intOrPtr*)(_t283 + 0x90));
				_t308 =  *((intOrPtr*)(_t283 + 0xa8));
				 *((long long*)(_t285 + 0x68)) = __r8;
				_t237 = __rcx;
				 *((long long*)(_t285 + 0x78)) = __rdx;
				 *(_t283 - 0x68) = _t308;
				 *((char*)(_t285 + 0x60)) = 0;
				_t282 = __r9;
				_t128 = E00007FF77FF78EC6DE20(__ebx, __ecx, __esi, _t221, __rcx, __rdx, __r9, __r9, _t283, _t281, __r9);
				r14d = _t128;
				if (_t128 - 0xffffffff < 0) goto 0x8ec6d38f;
				if (_t128 - _t281[1] >= 0) goto 0x8ec6d38f;
				if ( *_t237 != 0xe06d7363) goto 0x8ec6d00c;
				if ( *((intOrPtr*)(_t237 + 0x18)) != 4) goto 0x8ec6d00c;
				if ( *((intOrPtr*)(_t237 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8ec6d00c;
				if ( *((long long*)(_t237 + 0x30)) != 0) goto 0x8ec6d00c;
				E00007FF77FF78EC6BFB0(_t221);
				if ( *((long long*)(_t221 + 0x20)) == 0) goto 0x8ec6d328;
				E00007FF77FF78EC6BFB0(_t221);
				_t238 =  *((intOrPtr*)(_t221 + 0x20));
				E00007FF77FF78EC6BFB0(_t221);
				 *((char*)(_t285 + 0x60)) = 1;
				 *((long long*)(_t285 + 0x68)) =  *((intOrPtr*)(_t221 + 0x28));
				E00007FF77FF78EC6C980(_t221,  *((intOrPtr*)(_t238 + 0x38)));
				if ( *_t238 != 0xe06d7363) goto 0x8ec6cfc4;
				if ( *((intOrPtr*)(_t238 + 0x18)) != 4) goto 0x8ec6cfc4;
				if ( *((intOrPtr*)(_t238 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8ec6cfc4;
				if ( *((long long*)(_t238 + 0x30)) == 0) goto 0x8ec6d38f;
				E00007FF77FF78EC6BFB0(_t221);
				if ( *(_t221 + 0x38) == 0) goto 0x8ec6d00c;
				E00007FF77FF78EC6BFB0(_t221);
				E00007FF77FF78EC6BFB0(_t221);
				 *(_t221 + 0x38) =  *(_t221 + 0x38) & 0x00000000;
				if (E00007FF77FF78EC6DEB8(__ebx, __ecx, __edx, __esi, _t221, _t238, _t238,  *(_t221 + 0x38), __r9) != 0) goto 0x8ec6d007;
				if (E00007FF77FF78EC6DFA8(_t221, _t238,  *(_t221 + 0x38), __r9, _t283) == 0) goto 0x8ec6d36c;
				goto 0x8ec6d348;
				 *((long long*)(_t283 - 0x40)) =  *((intOrPtr*)(__r9 + 8));
				 *(_t283 - 0x48) = _t281;
				if ( *_t238 != 0xe06d7363) goto 0x8ec6d2df;
				if ( *((intOrPtr*)(_t238 + 0x18)) != 4) goto 0x8ec6d2df;
				if ( *((intOrPtr*)(_t238 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8ec6d2df;
				r15d = 0;
				if (_t281[3] - r15d <= 0) goto 0x8ec6d210;
				 *(_t285 + 0x28) =  *(_t283 + 0xa0);
				 *(_t285 + 0x20) = _t281;
				r8d = r14d;
				_t145 = E00007FF77FF78EC6C66C( *((intOrPtr*)(__r9 + 8)), _t238, _t283 - 0x28, _t283 - 0x48, __r9, _t283, _t281, __r9, __r10);
				asm("movups xmm0, [ebp-0x28]");
				asm("movdqu [ebp-0x38], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t145 -  *((intOrPtr*)(_t283 - 0x10)) >= 0) goto 0x8ec6d210;
				_t297 =  *((intOrPtr*)(_t283 - 0x28));
				r13d =  *((intOrPtr*)(_t283 - 0x30));
				 *((long long*)(_t283 - 0x80)) = _t297;
				_t146 = r13d;
				asm("inc ecx");
				 *((intOrPtr*)(_t283 - 0x50)) = __ecx;
				asm("movd eax, xmm0");
				asm("movups [ebp-0x60], xmm0");
				if (_t146 - r14d > 0) goto 0x8ec6d203;
				_t227 =  *(_t283 - 0x60) >> 0x20;
				if (r14d - _t146 > 0) goto 0x8ec6d203;
				r12d = r15d;
				_t268 =  *((intOrPtr*)( *((intOrPtr*)( *( *(_t283 - 0x38)) + 0x10)) + ( *( *(_t283 - 0x38)) +  *( *(_t283 - 0x38)) * 4) * 4 +  *((intOrPtr*)(_t297 + 8)) + 0x10)) +  *((intOrPtr*)(__r9 + 8));
				_t314 =  *(_t283 - 0x58) >> 0x20;
				 *((long long*)(_t283 - 0x70)) = _t268;
				if (r15d == 0) goto 0x8ec6d1f0;
				_t247 = _t227 + _t227 * 4;
				asm("movups xmm0, [edx+ecx*4]");
				asm("movups [ebp-0x8], xmm0");
				_t59 = _t247 * 4; // 0x48ccccc35f40c483
				 *((intOrPtr*)(_t283 + 8)) =  *((intOrPtr*)(_t268 + _t59 + 0x10));
				E00007FF77FF78EC6C954(_t227);
				_t229 = _t227 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t238 + 0x30)) + 0xc));
				 *((long long*)(_t285 + 0x70)) = _t229;
				E00007FF77FF78EC6C954(_t229);
				_t177 =  *((intOrPtr*)(_t229 +  *((intOrPtr*)( *((intOrPtr*)(_t238 + 0x30)) + 0xc))));
				 *((intOrPtr*)(_t285 + 0x64)) = _t177;
				if (_t177 <= 0) goto 0x8ec6d180;
				E00007FF77FF78EC6C954(_t229);
				 *((long long*)(_t283 - 0x78)) = _t229 +  *((intOrPtr*)( *((intOrPtr*)(_t285 + 0x70))));
				if (E00007FF77FF78EC6D5B4(__ebx, _t177, _t238, _t283 - 8, _t229 +  *((intOrPtr*)( *((intOrPtr*)(_t285 + 0x70)))), _t281, __r9,  *((intOrPtr*)(_t238 + 0x30))) != 0) goto 0x8ec6d191;
				 *((long long*)(_t285 + 0x70)) =  *((long long*)(_t285 + 0x70)) + 4;
				_t154 =  *((intOrPtr*)(_t285 + 0x64)) - 1;
				 *((intOrPtr*)(_t285 + 0x64)) = _t154;
				if (_t154 > 0) goto 0x8ec6d144;
				r12d = r12d + 1;
				if (r12d == r15d) goto 0x8ec6d1f7;
				goto 0x8ec6d0fd;
				 *((char*)(_t285 + 0x58)) =  *((intOrPtr*)(_t283 + 0x98));
				 *(_t285 + 0x50) =  *((intOrPtr*)(_t285 + 0x60));
				 *((long long*)(_t285 + 0x48)) =  *(_t283 - 0x68);
				 *(_t285 + 0x40) =  *(_t283 + 0xa0);
				 *(_t285 + 0x38) = _t283 - 0x60;
				 *(_t285 + 0x30) =  *((intOrPtr*)(_t283 - 0x78));
				 *(_t285 + 0x28) = _t283 - 8;
				 *(_t285 + 0x20) = _t281;
				E00007FF77FF78EC6CDEC(__ebx, _t177, __esi, _t238, _t238,  *((intOrPtr*)(_t285 + 0x78)),  *((intOrPtr*)(_t285 + 0x68)), _t282);
				goto 0x8ec6d1fc;
				goto 0x8ec6d200;
				r15d = 0;
				r13d = r13d + 1;
				if (r13d -  *((intOrPtr*)(_t283 - 0x10)) < 0) goto 0x8ec6d095;
				if (( *_t281 & 0x1fffffff) - 0x19930521 < 0) goto 0x8ec6d31c;
				_t210 = _t281[8] - r15d;
				if (_t210 == 0) goto 0x8ec6d236;
				E00007FF77FF78EC6C940(_t283 - 8);
				if (_t210 != 0) goto 0x8ec6d257;
				if ((_t281[9] >> 0x00000002 & 0x00000001) == 0) goto 0x8ec6d31c;
				if (E00007FF77FF78EC6C510(_t281[9] >> 0x00000002 & 0x00000001, _t283 - 8 + _t281[8], _t282, _t281) != 0) goto 0x8ec6d31c;
				if ((_t281[9] >> 0x00000002 & 0x00000001) != 0) goto 0x8ec6d372;
				if (_t281[8] == r15d) goto 0x8ec6d27c;
				E00007FF77FF78EC6C940(_t283 - 8 + _t281[8]);
				_t236 = _t281[8];
				goto 0x8ec6d27f;
				if (E00007FF77FF78EC6DEB8(__ebx, _t177, _t180, __esi, _t236, _t238, _t238, _t314, _t282) != 0) goto 0x8ec6d31c;
				E00007FF77FF78EC6C5A0(_t177, _t236, _t238,  *((intOrPtr*)(_t285 + 0x78)), _t282, _t283, _t281, _t283 - 0x78);
				_t178 =  *((intOrPtr*)(_t283 + 0x98));
				 *(_t285 + 0x50) = _t178;
				_t179 = _t178 | 0xffffffff;
				 *((long long*)(_t285 + 0x48)) = _t282;
				 *(_t285 + 0x40) = _t314;
				 *(_t285 + 0x38) = _t179;
				 *(_t285 + 0x30) = _t179;
				 *(_t285 + 0x28) = _t281;
				 *(_t285 + 0x20) = _t314;
				E00007FF77FF78EC6C7AC( *((intOrPtr*)(_t285 + 0x78)), _t238,  *((intOrPtr*)(_t285 + 0x68)), _t236);
				goto 0x8ec6d31c;
				if (_t281[3] <= 0) goto 0x8ec6d31c;
				if ( *((char*)(_t283 + 0x98)) != 0) goto 0x8ec6d38f;
				 *(_t285 + 0x38) = _t308;
				 *(_t285 + 0x30) =  *(_t283 + 0xa0);
				 *(_t285 + 0x28) = r14d;
				 *(_t285 + 0x20) = _t281;
				E00007FF77FF78EC6D398(_t238, _t238,  *((intOrPtr*)(_t285 + 0x78)), _t314, _t282);
				_t173 = E00007FF77FF78EC6BFB0(_t236);
				if ( *((long long*)(_t236 + 0x38)) != 0) goto 0x8ec6d38f;
				return E00007FF77FF78EC6A040(_t173, _t179,  *(_t283 + 0x10) ^ _t285);
			}

































                                                                                                                                                              0x7ff78ec6cec0
                                                                                                                                                              0x7ff78ec6cecd
                                                                                                                                                              0x7ff78ec6ced2
                                                                                                                                                              0x7ff78ec6ced9
                                                                                                                                                              0x7ff78ec6cee0
                                                                                                                                                              0x7ff78ec6cee3
                                                                                                                                                              0x7ff78ec6cee7
                                                                                                                                                              0x7ff78ec6cef1
                                                                                                                                                              0x7ff78ec6cefb
                                                                                                                                                              0x7ff78ec6cf00
                                                                                                                                                              0x7ff78ec6cf03
                                                                                                                                                              0x7ff78ec6cf0e
                                                                                                                                                              0x7ff78ec6cf15
                                                                                                                                                              0x7ff78ec6cf1a
                                                                                                                                                              0x7ff78ec6cf1d
                                                                                                                                                              0x7ff78ec6cf22
                                                                                                                                                              0x7ff78ec6cf28
                                                                                                                                                              0x7ff78ec6cf31
                                                                                                                                                              0x7ff78ec6cf3d
                                                                                                                                                              0x7ff78ec6cf47
                                                                                                                                                              0x7ff78ec6cf58
                                                                                                                                                              0x7ff78ec6cf63
                                                                                                                                                              0x7ff78ec6cf69
                                                                                                                                                              0x7ff78ec6cf73
                                                                                                                                                              0x7ff78ec6cf79
                                                                                                                                                              0x7ff78ec6cf7e
                                                                                                                                                              0x7ff78ec6cf82
                                                                                                                                                              0x7ff78ec6cf8b
                                                                                                                                                              0x7ff78ec6cf94
                                                                                                                                                              0x7ff78ec6cf99
                                                                                                                                                              0x7ff78ec6cfa4
                                                                                                                                                              0x7ff78ec6cfaa
                                                                                                                                                              0x7ff78ec6cfb7
                                                                                                                                                              0x7ff78ec6cfbe
                                                                                                                                                              0x7ff78ec6cfc4
                                                                                                                                                              0x7ff78ec6cfce
                                                                                                                                                              0x7ff78ec6cfd0
                                                                                                                                                              0x7ff78ec6cfd9
                                                                                                                                                              0x7ff78ec6cfe4
                                                                                                                                                              0x7ff78ec6cff0
                                                                                                                                                              0x7ff78ec6cffc
                                                                                                                                                              0x7ff78ec6d002
                                                                                                                                                              0x7ff78ec6d010
                                                                                                                                                              0x7ff78ec6d014
                                                                                                                                                              0x7ff78ec6d01e
                                                                                                                                                              0x7ff78ec6d028
                                                                                                                                                              0x7ff78ec6d039
                                                                                                                                                              0x7ff78ec6d03f
                                                                                                                                                              0x7ff78ec6d046
                                                                                                                                                              0x7ff78ec6d056
                                                                                                                                                              0x7ff78ec6d061
                                                                                                                                                              0x7ff78ec6d066
                                                                                                                                                              0x7ff78ec6d069
                                                                                                                                                              0x7ff78ec6d06e
                                                                                                                                                              0x7ff78ec6d072
                                                                                                                                                              0x7ff78ec6d077
                                                                                                                                                              0x7ff78ec6d07c
                                                                                                                                                              0x7ff78ec6d083
                                                                                                                                                              0x7ff78ec6d089
                                                                                                                                                              0x7ff78ec6d08d
                                                                                                                                                              0x7ff78ec6d091
                                                                                                                                                              0x7ff78ec6d0a0
                                                                                                                                                              0x7ff78ec6d0af
                                                                                                                                                              0x7ff78ec6d0b9
                                                                                                                                                              0x7ff78ec6d0bc
                                                                                                                                                              0x7ff78ec6d0c0
                                                                                                                                                              0x7ff78ec6d0c7
                                                                                                                                                              0x7ff78ec6d0d1
                                                                                                                                                              0x7ff78ec6d0d8
                                                                                                                                                              0x7ff78ec6d0de
                                                                                                                                                              0x7ff78ec6d0e4
                                                                                                                                                              0x7ff78ec6d0ec
                                                                                                                                                              0x7ff78ec6d0f0
                                                                                                                                                              0x7ff78ec6d0f7
                                                                                                                                                              0x7ff78ec6d100
                                                                                                                                                              0x7ff78ec6d104
                                                                                                                                                              0x7ff78ec6d108
                                                                                                                                                              0x7ff78ec6d10c
                                                                                                                                                              0x7ff78ec6d110
                                                                                                                                                              0x7ff78ec6d113
                                                                                                                                                              0x7ff78ec6d124
                                                                                                                                                              0x7ff78ec6d127
                                                                                                                                                              0x7ff78ec6d12c
                                                                                                                                                              0x7ff78ec6d139
                                                                                                                                                              0x7ff78ec6d13c
                                                                                                                                                              0x7ff78ec6d142
                                                                                                                                                              0x7ff78ec6d144
                                                                                                                                                              0x7ff78ec6d15f
                                                                                                                                                              0x7ff78ec6d16a
                                                                                                                                                              0x7ff78ec6d170
                                                                                                                                                              0x7ff78ec6d176
                                                                                                                                                              0x7ff78ec6d178
                                                                                                                                                              0x7ff78ec6d17e
                                                                                                                                                              0x7ff78ec6d180
                                                                                                                                                              0x7ff78ec6d186
                                                                                                                                                              0x7ff78ec6d18c
                                                                                                                                                              0x7ff78ec6d1aa
                                                                                                                                                              0x7ff78ec6d1b2
                                                                                                                                                              0x7ff78ec6d1ba
                                                                                                                                                              0x7ff78ec6d1c5
                                                                                                                                                              0x7ff78ec6d1cd
                                                                                                                                                              0x7ff78ec6d1d6
                                                                                                                                                              0x7ff78ec6d1df
                                                                                                                                                              0x7ff78ec6d1e4
                                                                                                                                                              0x7ff78ec6d1e9
                                                                                                                                                              0x7ff78ec6d1ee
                                                                                                                                                              0x7ff78ec6d1f5
                                                                                                                                                              0x7ff78ec6d200
                                                                                                                                                              0x7ff78ec6d203
                                                                                                                                                              0x7ff78ec6d20a
                                                                                                                                                              0x7ff78ec6d21c
                                                                                                                                                              0x7ff78ec6d222
                                                                                                                                                              0x7ff78ec6d226
                                                                                                                                                              0x7ff78ec6d228
                                                                                                                                                              0x7ff78ec6d234
                                                                                                                                                              0x7ff78ec6d23e
                                                                                                                                                              0x7ff78ec6d251
                                                                                                                                                              0x7ff78ec6d25f
                                                                                                                                                              0x7ff78ec6d269
                                                                                                                                                              0x7ff78ec6d26b
                                                                                                                                                              0x7ff78ec6d273
                                                                                                                                                              0x7ff78ec6d27a
                                                                                                                                                              0x7ff78ec6d289
                                                                                                                                                              0x7ff78ec6d29c
                                                                                                                                                              0x7ff78ec6d2a1
                                                                                                                                                              0x7ff78ec6d2b2
                                                                                                                                                              0x7ff78ec6d2b6
                                                                                                                                                              0x7ff78ec6d2b9
                                                                                                                                                              0x7ff78ec6d2be
                                                                                                                                                              0x7ff78ec6d2c3
                                                                                                                                                              0x7ff78ec6d2c7
                                                                                                                                                              0x7ff78ec6d2ce
                                                                                                                                                              0x7ff78ec6d2d3
                                                                                                                                                              0x7ff78ec6d2d8
                                                                                                                                                              0x7ff78ec6d2dd
                                                                                                                                                              0x7ff78ec6d2e3
                                                                                                                                                              0x7ff78ec6d2ec
                                                                                                                                                              0x7ff78ec6d2fb
                                                                                                                                                              0x7ff78ec6d303
                                                                                                                                                              0x7ff78ec6d30a
                                                                                                                                                              0x7ff78ec6d312
                                                                                                                                                              0x7ff78ec6d317
                                                                                                                                                              0x7ff78ec6d31c
                                                                                                                                                              0x7ff78ec6d326
                                                                                                                                                              0x7ff78ec6d347

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                              • Opcode ID: 9c44b781d01f847bcb91b9371ef1ba7e9eee49312ea6e47aa49feb91334e90b1
                                                                                                                                                              • Instruction ID: b88c00210c964f36bedc614ab8fd01eb0c0d77fa9fb1cbbc4062b9bee265ecab
                                                                                                                                                              • Opcode Fuzzy Hash: 9c44b781d01f847bcb91b9371ef1ba7e9eee49312ea6e47aa49feb91334e90b1
                                                                                                                                                              • Instruction Fuzzy Hash: 6DE17172E0C74186EB60BFA5D4402AEBBA0FB45798FA00139EE4D57BA5CF38E490C711
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC610142DC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 129COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFC60F72D60: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFC60FB3A07,?,?,?,?,00007FFC60F7720A,?,?,?,00007FFC60F7A5D3,?,?,?), ref: 00007FFC60F72D6A
                                                                                                                                                                • Part of subcall function 00007FFC60F72D60: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFC60FB3A07,?,?,?,?,00007FFC60F7720A,?,?,?,00007FFC60F7A5D3,?,?,?), ref: 00007FFC60F72DB0
                                                                                                                                                                • Part of subcall function 00007FFC61014000: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FFC61014040
                                                                                                                                                              • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFC610143A7
                                                                                                                                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFC610143B3
                                                                                                                                                              • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFC610143F3
                                                                                                                                                              • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFC61014442
                                                                                                                                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFC6101444F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$FullNamePath$CurrentDirectory
                                                                                                                                                              • String ID: .$:
                                                                                                                                                              • API String ID: 3092725408-4202072812
                                                                                                                                                              • Opcode ID: c77f8f494e53075103f17f0137dc06d52f872a3f8c92b5311fda1d3e3cde12f6
                                                                                                                                                              • Instruction ID: d64721ebe82f09ac621f6eafa5a17d262888a81323ab46e57ae9379edaa398e8
                                                                                                                                                              • Opcode Fuzzy Hash: c77f8f494e53075103f17f0137dc06d52f872a3f8c92b5311fda1d3e3cde12f6
                                                                                                                                                              • Instruction Fuzzy Hash: 64512E21F4C62AD6FF109BE0D8521BD26A4BF54F6AF414035DE0EA77A5DF3CA441C221
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66720 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC667BF
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC6680F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                              • API String ID: 626452242-27947307
                                                                                                                                                              • Opcode ID: 3848853219dd32686661a30b649d9675e21fb664c1501530f4579d426f527213
                                                                                                                                                              • Instruction ID: 33001a4c4e775a1a0d4f7c38d1fce903621974917798da731d46a2e4635a9118
                                                                                                                                                              • Opcode Fuzzy Hash: 3848853219dd32686661a30b649d9675e21fb664c1501530f4579d426f527213
                                                                                                                                                              • Instruction Fuzzy Hash: B941D432E08B8281E660EF95F84056AF7A4FB98790FA44139DE9E47BA4DF3CE451C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60FA4358 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: NameName::$Name::doName::operator+Pchar
                                                                                                                                                              • String ID: `non-type-template-parameter
                                                                                                                                                              • API String ID: 3026640183-4247534891
                                                                                                                                                              • Opcode ID: 7324edd943b72a8c1819aec07d8f5cf618c6165273857df94478cefcc2cd1b86
                                                                                                                                                              • Instruction ID: 21bae0bd9dadda1e92acdf8342c56b4abd1b983c8e70c5f5610e678c0e7d84d4
                                                                                                                                                              • Opcode Fuzzy Hash: 7324edd943b72a8c1819aec07d8f5cf618c6165273857df94478cefcc2cd1b86
                                                                                                                                                              • Instruction Fuzzy Hash: BB417921A4C7BAC5EB00CB19D5822BD33A5BB84B85F964035DE4D67B85DF28F826C321
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60881B60 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60881BAB
                                                                                                                                                              • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60881BF3
                                                                                                                                                              • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60881C0A
                                                                                                                                                              • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60881C4C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Dealloc$Bytes_FromSizeStringmemmove
                                                                                                                                                              • String ID: Unable to allocate output buffer.
                                                                                                                                                              • API String ID: 3327154725-2565006440
                                                                                                                                                              • Opcode ID: b2c337b816ccc6d24d9c4967f94851febe0e79588dcba133aa9e25610ccb9eb1
                                                                                                                                                              • Instruction ID: 6d4c7c567940a5bd214929bf2a6d1797c6aa9bfc7f2cc9bd7f55aa1d94a1f818
                                                                                                                                                              • Opcode Fuzzy Hash: b2c337b816ccc6d24d9c4967f94851febe0e79588dcba133aa9e25610ccb9eb1
                                                                                                                                                              • Instruction Fuzzy Hash: 15415872A8CA6AC1EE15CF12D8442A967A5FB4CFE4F1A4432DE2D27754DF38E499C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66090 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E00007FF77FF78EC66090(void* __ebx, void* __ecx, long long __rbx, void* __rcx, long long _a16, void* _a20, void* _a28, void* _a36, void* _a44, void* _a52, void* _a60, void* _a68, intOrPtr _a72, void* _a76, void* _a84, void* _a92, void* _a100, void* _a132, void* _a140, void* _a192, intOrPtr _a196, void* _a212, void* _a220, void* _a228, void* _a244, char _a248, signed int _a8440, void* _a8476) {
				void* __rdi;
				void* _t37;
				void* _t42;
				void* _t45;
				void* _t48;
				void* _t81;
				signed long long _t82;
				signed long long _t83;
				long long _t104;
				void* _t105;
				void* _t106;
				void* _t107;
				signed long long _t108;
				void* _t110;
				void* _t112;
				void* _t113;
				void* _t114;
				void* _t115;

				_t86 = __rbx;
				_a16 = __rbx;
				_t37 = E00007FF77FF78EC6A070(0x2110, _t81, _t113, _t114);
				_t108 = _t107 - _t81;
				_t82 =  *0x8ec9d000; // 0x5e06c6841c27
				_t83 = _t82 ^ _t108;
				_a8440 = _t83;
				_t100 = __rcx;
				_a72 = 0;
				r8d = 0x1000;
				E00007FF77FF78EC66D10(_t37, __rbx,  &_a248, __rcx, _t105, _t110);
				E00007FF77FF78EC77248(_t86,  &_a248, _t100, _t104, _t106, _t115);
				E00007FF77FF78EC77248(_t86,  &_a248, _t100, _t104, _t106, _t115);
				E00007FF77FF78EC77248(_t86,  &_a248, _t100, _t104, _t106, _t115);
				_t42 = E00007FF77FF78EC77248(_t86,  &_a248, _t100, _t104, _t106, _t115);
				 *((intOrPtr*)(_t108 + 0x58)) = 0x18;
				 *((long long*)(_t108 + 0x60)) = _t104;
				 *((intOrPtr*)(_t108 + 0x68)) = 1;
				GetStartupInfoW(??);
				asm("xorps xmm0, xmm0");
				 *((long long*)(_t108 + 0x98)) = _t104;
				asm("movdqa [esp+0xa0], xmm0");
				_a196 = 0x101;
				 *((short*)(_t108 + 0xd0)) = 1;
				E00007FF77FF78EC740B0(_t42, _t108 + 0x90);
				_t45 = E00007FF77FF78EC76DDC(E00007FF77FF78EC79634(_t83, _t83), _t83, _t83);
				 *(_t108 + 0xe0) = _t83;
				E00007FF77FF78EC740B0(_t45, _t83);
				_t48 = E00007FF77FF78EC76DDC(E00007FF77FF78EC79634(_t83, _t83), _t83, _t83);
				 *(_t108 + 0xe8) = _t83;
				E00007FF77FF78EC740B0(_t48, _t83);
				E00007FF77FF78EC76DDC(E00007FF77FF78EC79634(_t83, _t83), _t83, _t83);
				 *(_t108 + 0xf0) = _t83;
				GetCommandLineW();
				r9d = 0;
				 *((long long*)(_t108 + 0x48)) = _t108 + 0x70;
				 *((long long*)(_t108 + 0x40)) = _t108 + 0x90;
				 *((long long*)(_t108 + 0x38)) = _t104;
				 *((long long*)(_t108 + 0x30)) = _t104;
				 *((intOrPtr*)(_t108 + 0x28)) = 0;
				 *((intOrPtr*)(_t108 + 0x20)) = 1;
				if (CreateProcessW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??) == 0) goto 0x8ec66211;
				WaitForSingleObject(??, ??);
				GetExitCodeProcess(??, ??);
				goto 0x8ec66229;
				E00007FF77FF78EC61CB0("CreateProcessW", "Error creating child process!\n", _t108 + 0x58, _t112);
				return E00007FF77FF78EC6A040(0xffffffff, _t50, _a8440 ^ _t108);
			}





















                                                                                                                                                              0x7ff78ec66090
                                                                                                                                                              0x7ff78ec66090
                                                                                                                                                              0x7ff78ec6609b
                                                                                                                                                              0x7ff78ec660a0
                                                                                                                                                              0x7ff78ec660a3
                                                                                                                                                              0x7ff78ec660aa
                                                                                                                                                              0x7ff78ec660ad
                                                                                                                                                              0x7ff78ec660b5
                                                                                                                                                              0x7ff78ec660c2
                                                                                                                                                              0x7ff78ec660c6
                                                                                                                                                              0x7ff78ec660cc
                                                                                                                                                              0x7ff78ec660db
                                                                                                                                                              0x7ff78ec660e5
                                                                                                                                                              0x7ff78ec660ef
                                                                                                                                                              0x7ff78ec660f9
                                                                                                                                                              0x7ff78ec66106
                                                                                                                                                              0x7ff78ec6610e
                                                                                                                                                              0x7ff78ec66113
                                                                                                                                                              0x7ff78ec66117
                                                                                                                                                              0x7ff78ec6611d
                                                                                                                                                              0x7ff78ec66120
                                                                                                                                                              0x7ff78ec6612a
                                                                                                                                                              0x7ff78ec66133
                                                                                                                                                              0x7ff78ec6613e
                                                                                                                                                              0x7ff78ec66146
                                                                                                                                                              0x7ff78ec66155
                                                                                                                                                              0x7ff78ec6615c
                                                                                                                                                              0x7ff78ec66164
                                                                                                                                                              0x7ff78ec66173
                                                                                                                                                              0x7ff78ec6617b
                                                                                                                                                              0x7ff78ec66183
                                                                                                                                                              0x7ff78ec66192
                                                                                                                                                              0x7ff78ec66197
                                                                                                                                                              0x7ff78ec6619f
                                                                                                                                                              0x7ff78ec661a5
                                                                                                                                                              0x7ff78ec661bd
                                                                                                                                                              0x7ff78ec661ca
                                                                                                                                                              0x7ff78ec661cf
                                                                                                                                                              0x7ff78ec661d4
                                                                                                                                                              0x7ff78ec661d9
                                                                                                                                                              0x7ff78ec661dd
                                                                                                                                                              0x7ff78ec661e9
                                                                                                                                                              0x7ff78ec661f5
                                                                                                                                                              0x7ff78ec66205
                                                                                                                                                              0x7ff78ec6620f
                                                                                                                                                              0x7ff78ec6621f
                                                                                                                                                              0x7ff78ec66249

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF78EC66D10: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC66D4A
                                                                                                                                                                • Part of subcall function 00007FF78EC77248: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF78EC796D4), ref: 00007FF78EC772B5
                                                                                                                                                                • Part of subcall function 00007FF78EC77248: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF78EC796D4), ref: 00007FF78EC772C8
                                                                                                                                                              • GetStartupInfoW.KERNEL32 ref: 00007FF78EC66117
                                                                                                                                                                • Part of subcall function 00007FF78EC79634: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC79648
                                                                                                                                                                • Part of subcall function 00007FF78EC76DDC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC76E43
                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 00007FF78EC6619F
                                                                                                                                                              • CreateProcessW.KERNEL32 ref: 00007FF78EC661E1
                                                                                                                                                              • WaitForSingleObject.KERNEL32 ref: 00007FF78EC661F5
                                                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 00007FF78EC66205
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                                                                                                                                                              • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                              • API String ID: 1742298069-3524285272
                                                                                                                                                              • Opcode ID: c673b127a98fe03c46a0241813f28fc8a42582bf15c2075413a1e450d21bf17c
                                                                                                                                                              • Instruction ID: 7cbd434196ad279ae38632431b95ee9182d37c95c03f158c873c0d2124bb22a1
                                                                                                                                                              • Opcode Fuzzy Hash: c673b127a98fe03c46a0241813f28fc8a42582bf15c2075413a1e450d21bf17c
                                                                                                                                                              • Instruction Fuzzy Hash: 74412132E0868186D710FBA4E8552AEF3A0FB94350FA04139EA9E47B95DF7CD454CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60885B70 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 69COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PyErr_SetString.PYTHON310(?,?,?,00007FFC60884617,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60885BA8
                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON310(?,?,?,00007FFC60884617,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60885C0B
                                                                                                                                                              • PyList_Append.PYTHON310(?,?,?,00007FFC60884617,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60885C1F
                                                                                                                                                              • _Py_Dealloc.PYTHON310(?,?,?,00007FFC60884617,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60885C3E
                                                                                                                                                              • _Py_Dealloc.PYTHON310(?,?,?,00007FFC60884617,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60885C51
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                                                                                                              • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                                                                                                              • API String ID: 1563898963-3455802345
                                                                                                                                                              • Opcode ID: d8c63c5357d2b3157b0801da3b373422b46111f2198d02b86258102f69710ced
                                                                                                                                                              • Instruction ID: a221d64cc9b1b8934c08e8df000f3c56e2c33b618b213b6f4d0db521a02c4e51
                                                                                                                                                              • Opcode Fuzzy Hash: d8c63c5357d2b3157b0801da3b373422b46111f2198d02b86258102f69710ced
                                                                                                                                                              • Instruction Fuzzy Hash: E4315C21B4DB6AC2EE14CF15E4840396360FF5CBA4B564631DA6E67BA1DF3CE449C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66E20 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF78EC62D15,?,?,?,?,?,?), ref: 00007FF78EC66E61
                                                                                                                                                                • Part of subcall function 00007FF78EC61CB0: GetLastError.KERNEL32(?,?,00000000,00007FF78EC66864,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC61CD7
                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF78EC62D15,?,?,?,?,?,?), ref: 00007FF78EC66ED5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                              • API String ID: 1717984340-27947307
                                                                                                                                                              • Opcode ID: 3e6bc095cae6b41bdae3089501a96156399f91d7480bb189203c8cb2b631961c
                                                                                                                                                              • Instruction ID: b37569c672b51717aed4b89a0dd12f731b2836bace690b41feb9cd5e2fdc06bc
                                                                                                                                                              • Opcode Fuzzy Hash: 3e6bc095cae6b41bdae3089501a96156399f91d7480bb189203c8cb2b631961c
                                                                                                                                                              • Instruction Fuzzy Hash: D5216031F08B5295E710BF96E94007AB661FB84BC0BA4413ADA5E83BA4EF3CE551C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60FA3178 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Name::operator+=$Decorator::getNameName::operator+$Name::Name::operator=ScopeScoped
                                                                                                                                                              • String ID: void
                                                                                                                                                              • API String ID: 3176039966-3531332078
                                                                                                                                                              • Opcode ID: 720f34a673e5e0285af4e5d5fa9c7a92715189caa0cb8476876aa2ef7ccb2b61
                                                                                                                                                              • Instruction ID: 5cca6c571e3de95371b382fd5b03105fea6849fcbf425ac2551d14d1232d9d69
                                                                                                                                                              • Opcode Fuzzy Hash: 720f34a673e5e0285af4e5d5fa9c7a92715189caa0cb8476876aa2ef7ccb2b61
                                                                                                                                                              • Instruction Fuzzy Hash: CE118125E9C65EC1FF208B18E4523B973A0FB55B49F414031E58D56399DF2CE945C722
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60879414 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lock
                                                                                                                                                              • String ID: Already at end of stream
                                                                                                                                                              • API String ID: 2195683152-1334556646
                                                                                                                                                              • Opcode ID: 610b78c36425e94387888e0eb0d0227e5d8c061d21e45c2bb65a584014ab6b6c
                                                                                                                                                              • Instruction ID: 8c4497603744d744523e4eb682646125d21f47db243320967f1e125beae909ca
                                                                                                                                                              • Opcode Fuzzy Hash: 610b78c36425e94387888e0eb0d0227e5d8c061d21e45c2bb65a584014ab6b6c
                                                                                                                                                              • Instruction Fuzzy Hash: 3211F666B4CAA5C1EA14DB52A8441697764FB8DFC1F4A4032DE5E63B24CF38E45AC320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60878E40 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PyThread_acquire_lock.PYTHON310(?,?,?,00007FFC60878366), ref: 00007FFC60878E66
                                                                                                                                                              • PyThread_release_lock.PYTHON310(?,?,?,00007FFC60878366), ref: 00007FFC60878E98
                                                                                                                                                              • PyErr_SetString.PYTHON310(?,?,?,00007FFC60878366), ref: 00007FFC60878EC8
                                                                                                                                                                • Part of subcall function 00007FFC60878394: PyType_GetModuleState.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC608783CF
                                                                                                                                                                • Part of subcall function 00007FFC60878394: PyBytes_FromStringAndSize.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC608783E3
                                                                                                                                                                • Part of subcall function 00007FFC60878394: PyList_New.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC608783F9
                                                                                                                                                                • Part of subcall function 00007FFC60878394: PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC60878447
                                                                                                                                                                • Part of subcall function 00007FFC60878394: PyEval_RestoreThread.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC60878461
                                                                                                                                                              • PyEval_SaveThread.PYTHON310(?,?,?,00007FFC60878366), ref: 00007FFC608847E2
                                                                                                                                                              • PyThread_acquire_lock.PYTHON310(?,?,?,00007FFC60878366), ref: 00007FFC608847F7
                                                                                                                                                              • PyEval_RestoreThread.PYTHON310(?,?,?,00007FFC60878366), ref: 00007FFC60884800
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                                                                                                              • String ID: Compressor has been flushed
                                                                                                                                                              • API String ID: 3871537485-3904734015
                                                                                                                                                              • Opcode ID: 76a02092536e6b90f50c74551ea25ebb1e9a81e3a9609407b529f1d6e837fe11
                                                                                                                                                              • Instruction ID: 494d4a5733f74d58f5b502cddddef9f72e7d4668b7da3477e5e0d48003630aaf
                                                                                                                                                              • Opcode Fuzzy Hash: 76a02092536e6b90f50c74551ea25ebb1e9a81e3a9609407b529f1d6e837fe11
                                                                                                                                                              • Instruction Fuzzy Hash: 8B111926B8CAA6C1EA54CB12A84426D7365FB8CFC5F055031DA1E63B18CF3CE459C350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60882624 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PyThread_acquire_lock.PYTHON310 ref: 00007FFC60882649
                                                                                                                                                              • PyThread_release_lock.PYTHON310 ref: 00007FFC60882686
                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 00007FFC608826B0
                                                                                                                                                                • Part of subcall function 00007FFC60878394: PyType_GetModuleState.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC608783CF
                                                                                                                                                                • Part of subcall function 00007FFC60878394: PyBytes_FromStringAndSize.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC608783E3
                                                                                                                                                                • Part of subcall function 00007FFC60878394: PyList_New.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC608783F9
                                                                                                                                                                • Part of subcall function 00007FFC60878394: PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC60878447
                                                                                                                                                                • Part of subcall function 00007FFC60878394: PyEval_RestoreThread.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC60878461
                                                                                                                                                              • PyEval_SaveThread.PYTHON310 ref: 00007FFC608859EE
                                                                                                                                                              • PyThread_acquire_lock.PYTHON310 ref: 00007FFC60885A03
                                                                                                                                                              • PyEval_RestoreThread.PYTHON310 ref: 00007FFC60885A0C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                                                                                                              • String ID: Repeated call to flush()
                                                                                                                                                              • API String ID: 3871537485-194442007
                                                                                                                                                              • Opcode ID: 11c7cc0d018cbfdb552c04568bce6ec3257365986f844ddbffb051039afbef6b
                                                                                                                                                              • Instruction ID: ffd6ade7b4db75ce39209fe168872ba8603cab7e1f91d270515e622498df505d
                                                                                                                                                              • Opcode Fuzzy Hash: 11c7cc0d018cbfdb552c04568bce6ec3257365986f844ddbffb051039afbef6b
                                                                                                                                                              • Instruction Fuzzy Hash: AE114F25B4CAAAC2E654CB26E5442797365FB8CF90F054031DA1E63B64DF3CE459C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6F4AC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                              			E00007FF77FF78EC6F4AC(void* __ecx, void* __edx, signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8) {
				void* __rsi;
				void* __rbp;
				signed int _t134;
				void* _t154;
				void* _t184;
				signed short _t197;
				signed short _t198;
				signed int _t199;
				signed int _t248;
				signed int _t250;
				signed int _t252;
				signed int _t256;
				signed int _t259;
				signed short* _t373;
				signed short* _t374;
				signed short* _t376;
				signed short** _t377;
				long long _t378;
				long long _t380;
				long long* _t381;
				signed short* _t382;
				signed short* _t383;
				signed short** _t387;
				long long* _t388;
				long long* _t389;
				signed short** _t393;
				void* _t395;
				void* _t397;
				void* _t398;
				signed short* _t401;
				signed short* _t402;
				long long _t403;
				intOrPtr _t406;
				long long _t411;
				signed short* _t412;

				_t400 = __r8;
				_t387 = __rdx;
				_t380 = __rcx;
				_t378 = __rbx;
				 *((long long*)(_t397 + 0x18)) = __rbx;
				 *((long long*)(_t397 + 8)) = __rcx;
				_push(_t395);
				_push(_t403);
				_t398 = _t397 - 0x90;
				_t411 =  *__rdx;
				r12d = 0;
				 *((long long*)(_t398 + 0x88)) = _t411;
				r14d = r8d;
				_t393 = __rdx;
				if (_t411 != 0) goto 0x8ec6f4f3;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec6f525;
				if (r14d == 0) goto 0x8ec6f53d;
				_t4 = _t400 - 2; // 0xe
				if (_t4 - 0x22 <= 0) goto 0x8ec6f53d;
				 *((long long*)(_t398 + 0x28)) = _t380;
				r9d = 0;
				 *((char*)(_t380 + 0x30)) = 1;
				r8d = 0;
				 *(_t380 + 0x2c) = 0x16;
				 *((long long*)(_t398 + 0x20)) = _t403;
				E00007FF77FF78EC7A180(__rax, __rbx, _t380, _t387, _t393, _t395, __r8);
				_t381 = _t393[1];
				if (_t381 == 0) goto 0x8ec6fb5d;
				 *_t381 =  *_t393;
				goto 0x8ec6fb5d;
				_t382 = _t411 + 2;
				_t134 = r9b & 0xffffffff;
				_t258 = r12d;
				 *_t387 = _t382;
				_t255 =  !=  ? _t134 : _t134 | 0x00000002;
				if ((0x0000fffd & _t378 - 0x0000002b) != 0) goto 0x8ec6f572;
				_t197 =  *_t382 & 0x0000ffff;
				_t373 =  &(_t382[1]);
				 *_t393 = _t373;
				 *((intOrPtr*)(_t398 + 0xd8)) = 0xa70;
				 *((intOrPtr*)(_t398 + 0x30)) = 0xae6;
				 *((intOrPtr*)(_t398 + 0x34)) = 0xaf0;
				 *((intOrPtr*)(_t398 + 0x38)) = 0xb66;
				r8d = 0x660;
				 *((intOrPtr*)(_t398 + 0x3c)) = 0xb70;
				_t20 = _t373 - 0x80; // 0x5e0
				r9d = _t20;
				 *((intOrPtr*)(_t398 + 0x40)) = 0xc66;
				r10d = 0x6f0;
				 *((intOrPtr*)(_t398 + 0x44)) = 0xc70;
				r11d = 0x966;
				 *((intOrPtr*)(_t398 + 0x48)) = 0xce6;
				 *((intOrPtr*)(_t398 + 0x4c)) = 0xcf0;
				 *((intOrPtr*)(_t398 + 0x50)) = 0xd66;
				 *((intOrPtr*)(_t398 + 0x54)) = 0xd70;
				 *((intOrPtr*)(_t398 + 0x58)) = 0xe50;
				 *((intOrPtr*)(_t398 + 0x5c)) = 0xe5a;
				 *((intOrPtr*)(_t398 + 0x60)) = 0xed0;
				 *((intOrPtr*)(_t398 + 0x64)) = 0xeda;
				 *((intOrPtr*)(_t398 + 0x68)) = 0xf20;
				 *((intOrPtr*)(_t398 + 0x6c)) = 0xf2a;
				 *((intOrPtr*)(_t398 + 0x70)) = 0x1040;
				 *((intOrPtr*)(_t398 + 0x74)) = 0x104a;
				 *((intOrPtr*)(_t398 + 0x78)) = 0x17e0;
				 *((intOrPtr*)(_t398 + 0x7c)) = 0x17ea;
				 *((intOrPtr*)(_t398 + 0x80)) = 0x1810;
				 *((intOrPtr*)(_t398 + 0x84)) = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0x8ec6f8e0;
				if (_t197 - 0x30 < 0) goto 0x8ec6f82f;
				if (_t197 - 0x3a >= 0) goto 0x8ec6f67e;
				goto 0x8ec6f82a;
				if (_t197 - 0xff10 >= 0) goto 0x8ec6f81b;
				if (_t197 - r8w < 0) goto 0x8ec6f82f;
				if (_t197 - 0x66a >= 0) goto 0x8ec6f6a6;
				goto 0x8ec6f82a;
				if (_t197 - r10w < 0) goto 0x8ec6f82f;
				if (_t197 - 0x6fa >= 0) goto 0x8ec6f6c5;
				goto 0x8ec6f82a;
				if (_t197 - r11w < 0) goto 0x8ec6f82f;
				if (_t197 - 0x970 >= 0) goto 0x8ec6f6e4;
				goto 0x8ec6f82a;
				if (_t197 - r9w < 0) goto 0x8ec6f82f;
				if (_t197 - 0x9f0 >= 0) goto 0x8ec6f703;
				goto 0x8ec6f82a;
				if (_t197 - (_t197 & 0x0000ffff) - r9d < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0xd8)) >= 0) goto 0x8ec6f723;
				goto 0x8ec6f82a;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x30)) < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x34)) < 0) goto 0x8ec6f674;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x38)) < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x3c)) < 0) goto 0x8ec6f674;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x40)) < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x44)) < 0) goto 0x8ec6f674;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x48)) < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x4c)) < 0) goto 0x8ec6f674;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x50)) < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x54)) < 0) goto 0x8ec6f674;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x58)) < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x5c)) < 0) goto 0x8ec6f674;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x60)) < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x64)) < 0) goto 0x8ec6f674;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x68)) < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x6c)) < 0) goto 0x8ec6f674;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x70)) < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x74)) < 0) goto 0x8ec6f674;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x78)) < 0) goto 0x8ec6f82f;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x7c)) < 0) goto 0x8ec6f674;
				if ((_t197 & 0x0000ffff) -  *((intOrPtr*)(_t398 + 0x80)) - 9 > 0) goto 0x8ec6f82f;
				goto 0x8ec6f674;
				if (_t197 -  *((intOrPtr*)(_t398 + 0x84)) >= 0) goto 0x8ec6f82f;
				if ((_t197 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0x8ec6f851;
				_t64 = _t382 - 0x41; // -17
				_t65 = _t382 - 0x61; // -49
				_t154 = _t65;
				if (_t64 - 0x19 <= 0) goto 0x8ec6f846;
				if (_t154 - 0x19 > 0) goto 0x8ec6f8d1;
				if (_t154 - 0x19 > 0) goto 0x8ec6f84e;
				_t66 = _t382 - 0x37; // -231
				if (_t66 != 0) goto 0x8ec6f8d1;
				_t383 =  *_t393;
				r9d = 0xffdf;
				_t248 =  *_t383 & 0x0000ffff;
				_t67 =  &(_t383[1]); // 0xffe1
				_t401 = _t67;
				 *_t393 = _t401;
				_t68 = _t387 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0x8ec6f8b9;
				 *_t393 = _t383;
				_t158 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t248 == 0) goto 0x8ec6f8b1;
				if ( *_t383 == _t248) goto 0x8ec6f8b1;
				E00007FF77FF78EC75E08(_t373);
				 *_t373 = 0x16;
				E00007FF77FF78EC7A250();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0x8ec6f8e0;
				r8d = 0x660;
				goto 0x8ec6f8e0;
				_t198 =  *_t401 & 0x0000ffff;
				_t71 =  &(_t401[1]); // 0xffe3
				_t374 = _t71;
				 *_t393 = _t374;
				r8d = 0x660;
				goto 0x8ec6f8d6;
				_t163 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t164 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t250 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r13d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t198 - r13w < 0) goto 0x8ec6fab0;
				if (_t198 - 0x3a >= 0) goto 0x8ec6f912;
				goto 0x8ec6faab;
				if (_t198 - r15w >= 0) goto 0x8ec6fa9b;
				if (_t198 - r8w < 0) goto 0x8ec6fab0;
				if (_t198 - 0x66a >= 0) goto 0x8ec6f93b;
				goto 0x8ec6faab;
				if (_t198 - r10w < 0) goto 0x8ec6fab0;
				if (_t198 - 0x6fa >= 0) goto 0x8ec6f95a;
				goto 0x8ec6faab;
				if (_t198 - r11w < 0) goto 0x8ec6fab0;
				if (_t198 - 0x970 >= 0) goto 0x8ec6f979;
				goto 0x8ec6faab;
				if (_t198 - 0x9e6 < 0) goto 0x8ec6fab0;
				_t76 =  &(_t374[5]); // 0x9f0
				if (_t198 - _t76 >= 0) goto 0x8ec6f999;
				goto 0x8ec6faab;
				if (_t198 - 0xa66 < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0xd8)) < 0) goto 0x8ec6f98f;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x30)) < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x34)) < 0) goto 0x8ec6f98f;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x38)) < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x3c)) < 0) goto 0x8ec6f98f;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x40)) < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x44)) < 0) goto 0x8ec6f98f;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x48)) < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x4c)) < 0) goto 0x8ec6f98f;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x50)) < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x54)) < 0) goto 0x8ec6f98f;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x58)) < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x5c)) < 0) goto 0x8ec6f98f;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x60)) < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x64)) < 0) goto 0x8ec6f98f;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x68)) < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x6c)) < 0) goto 0x8ec6f98f;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x70)) < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x74)) < 0) goto 0x8ec6f98f;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x78)) < 0) goto 0x8ec6fab0;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x7c)) < 0) goto 0x8ec6f98f;
				if ((_t198 & 0x0000ffff) -  *((intOrPtr*)(_t398 + 0x80)) - 9 > 0) goto 0x8ec6fab0;
				goto 0x8ec6faab;
				if (_t198 -  *((intOrPtr*)(_t398 + 0x84)) >= 0) goto 0x8ec6fab0;
				if ((_t198 & 0x0000ffff) - r15d != 0xffffffff) goto 0x8ec6fad3;
				_t100 = _t383 - 0x41; // -65
				_t101 = _t383 - 0x61; // -97
				_t184 = _t101;
				if (_t100 - 0x19 <= 0) goto 0x8ec6fac3;
				if (_t184 - 0x19 > 0) goto 0x8ec6fad0;
				if (_t184 - 0x19 > 0) goto 0x8ec6facb;
				goto 0x8ec6fad3;
				_t402 =  *_t393;
				if (((_t198 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0x8ec6fb17;
				_t199 =  *_t402 & 0x0000ffff;
				_t252 = _t374 + _t383;
				_t259 = _t252;
				_t107 =  &(_t402[1]); // 0x12
				r8d = 0x660;
				 *_t393 = _t107;
				_t256 = ( !=  ? _t134 : _t134 | 0x00000002) | (r12d & 0xffffff00 | _t252 - r12d * r14d > 0x00000000 | r12d & 0xffffff00 | _t258 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0x8ec6f8f7;
				_t412 =  *((intOrPtr*)(_t398 + 0x88));
				_t109 = _t402 - 2; // 0xe
				_t376 = _t109;
				_t406 =  *((intOrPtr*)(_t398 + 0xd0));
				 *_t393 = _t376;
				if (_t199 == 0) goto 0x8ec6fb48;
				if ( *_t376 == _t199) goto 0x8ec6fb48;
				E00007FF77FF78EC75E08(_t376);
				 *_t376 = 0x16;
				E00007FF77FF78EC7A250();
				if ((dil & 0x00000008) != 0) goto 0x8ec6fb64;
				_t377 = _t393[1];
				 *_t393 = _t412;
				if (_t377 == 0) goto 0x8ec6fb5d;
				 *_t377 = _t412;
				goto 0x8ec6fbe8;
				r8d = 0x80000000;
				_t114 = _t402 - 1; // 0xf
				r9d = _t114;
				if ((dil & 0x00000004) != 0) goto 0x8ec6fb8c;
				if ((dil & 0x00000001) == 0) goto 0x8ec6fbcf;
				if ((dil & 0x00000002) == 0) goto 0x8ec6fb87;
				if (_t259 - r8d <= 0) goto 0x8ec6fbd5;
				goto 0x8ec6fb8c;
				if (_t259 - r9d <= 0) goto 0x8ec6fbd7;
				 *((char*)(_t406 + 0x30)) = 1;
				 *((intOrPtr*)(_t406 + 0x2c)) = 0x22;
				if ((_t256 & 0x00000001) != 0) goto 0x8ec6fba7;
				goto 0x8ec6fbd7;
				_t388 = _t393[1];
				if ((_t256 & 0x00000002) == 0) goto 0x8ec6fbbf;
				if (_t388 == 0) goto 0x8ec6fbba;
				 *_t388 =  *_t393;
				goto 0x8ec6fbe8;
				if (_t388 == 0) goto 0x8ec6fbca;
				 *_t388 =  *_t393;
				goto 0x8ec6fbe8;
				if ((dil & 0x00000002) == 0) goto 0x8ec6fbd7;
				_t389 = _t393[1];
				if (_t389 == 0) goto 0x8ec6fbe6;
				 *_t389 =  *_t393;
				return  ~(_t259 | 0xffffffff);
			}






































                                                                                                                                                              0x7ff78ec6f4ac
                                                                                                                                                              0x7ff78ec6f4ac
                                                                                                                                                              0x7ff78ec6f4ac
                                                                                                                                                              0x7ff78ec6f4ac
                                                                                                                                                              0x7ff78ec6f4ac
                                                                                                                                                              0x7ff78ec6f4b1
                                                                                                                                                              0x7ff78ec6f4b6
                                                                                                                                                              0x7ff78ec6f4b9
                                                                                                                                                              0x7ff78ec6f4c1
                                                                                                                                                              0x7ff78ec6f4c8
                                                                                                                                                              0x7ff78ec6f4cb
                                                                                                                                                              0x7ff78ec6f4ce
                                                                                                                                                              0x7ff78ec6f4d6
                                                                                                                                                              0x7ff78ec6f4d9
                                                                                                                                                              0x7ff78ec6f4df
                                                                                                                                                              0x7ff78ec6f4e1
                                                                                                                                                              0x7ff78ec6f4e6
                                                                                                                                                              0x7ff78ec6f4ec
                                                                                                                                                              0x7ff78ec6f4f1
                                                                                                                                                              0x7ff78ec6f4f6
                                                                                                                                                              0x7ff78ec6f4f8
                                                                                                                                                              0x7ff78ec6f4ff
                                                                                                                                                              0x7ff78ec6f501
                                                                                                                                                              0x7ff78ec6f506
                                                                                                                                                              0x7ff78ec6f509
                                                                                                                                                              0x7ff78ec6f50d
                                                                                                                                                              0x7ff78ec6f510
                                                                                                                                                              0x7ff78ec6f51b
                                                                                                                                                              0x7ff78ec6f520
                                                                                                                                                              0x7ff78ec6f525
                                                                                                                                                              0x7ff78ec6f52c
                                                                                                                                                              0x7ff78ec6f535
                                                                                                                                                              0x7ff78ec6f538
                                                                                                                                                              0x7ff78ec6f541
                                                                                                                                                              0x7ff78ec6f545
                                                                                                                                                              0x7ff78ec6f549
                                                                                                                                                              0x7ff78ec6f54e
                                                                                                                                                              0x7ff78ec6f55d
                                                                                                                                                              0x7ff78ec6f566
                                                                                                                                                              0x7ff78ec6f568
                                                                                                                                                              0x7ff78ec6f56b
                                                                                                                                                              0x7ff78ec6f56f
                                                                                                                                                              0x7ff78ec6f572
                                                                                                                                                              0x7ff78ec6f582
                                                                                                                                                              0x7ff78ec6f58f
                                                                                                                                                              0x7ff78ec6f59c
                                                                                                                                                              0x7ff78ec6f5a4
                                                                                                                                                              0x7ff78ec6f5aa
                                                                                                                                                              0x7ff78ec6f5b2
                                                                                                                                                              0x7ff78ec6f5b2
                                                                                                                                                              0x7ff78ec6f5b6
                                                                                                                                                              0x7ff78ec6f5be
                                                                                                                                                              0x7ff78ec6f5c4
                                                                                                                                                              0x7ff78ec6f5cc
                                                                                                                                                              0x7ff78ec6f5d2
                                                                                                                                                              0x7ff78ec6f5da
                                                                                                                                                              0x7ff78ec6f5e2
                                                                                                                                                              0x7ff78ec6f5ea
                                                                                                                                                              0x7ff78ec6f5f2
                                                                                                                                                              0x7ff78ec6f5fa
                                                                                                                                                              0x7ff78ec6f602
                                                                                                                                                              0x7ff78ec6f60a
                                                                                                                                                              0x7ff78ec6f612
                                                                                                                                                              0x7ff78ec6f61a
                                                                                                                                                              0x7ff78ec6f622
                                                                                                                                                              0x7ff78ec6f62a
                                                                                                                                                              0x7ff78ec6f632
                                                                                                                                                              0x7ff78ec6f63a
                                                                                                                                                              0x7ff78ec6f642
                                                                                                                                                              0x7ff78ec6f64d
                                                                                                                                                              0x7ff78ec6f65f
                                                                                                                                                              0x7ff78ec6f668
                                                                                                                                                              0x7ff78ec6f672
                                                                                                                                                              0x7ff78ec6f679
                                                                                                                                                              0x7ff78ec6f681
                                                                                                                                                              0x7ff78ec6f68b
                                                                                                                                                              0x7ff78ec6f699
                                                                                                                                                              0x7ff78ec6f6a1
                                                                                                                                                              0x7ff78ec6f6aa
                                                                                                                                                              0x7ff78ec6f6b8
                                                                                                                                                              0x7ff78ec6f6c0
                                                                                                                                                              0x7ff78ec6f6c9
                                                                                                                                                              0x7ff78ec6f6d7
                                                                                                                                                              0x7ff78ec6f6df
                                                                                                                                                              0x7ff78ec6f6e8
                                                                                                                                                              0x7ff78ec6f6f6
                                                                                                                                                              0x7ff78ec6f6fe
                                                                                                                                                              0x7ff78ec6f706
                                                                                                                                                              0x7ff78ec6f714
                                                                                                                                                              0x7ff78ec6f71e
                                                                                                                                                              0x7ff78ec6f72a
                                                                                                                                                              0x7ff78ec6f735
                                                                                                                                                              0x7ff78ec6f742
                                                                                                                                                              0x7ff78ec6f74d
                                                                                                                                                              0x7ff78ec6f75a
                                                                                                                                                              0x7ff78ec6f765
                                                                                                                                                              0x7ff78ec6f772
                                                                                                                                                              0x7ff78ec6f77d
                                                                                                                                                              0x7ff78ec6f78a
                                                                                                                                                              0x7ff78ec6f795
                                                                                                                                                              0x7ff78ec6f7a2
                                                                                                                                                              0x7ff78ec6f7ad
                                                                                                                                                              0x7ff78ec6f7ba
                                                                                                                                                              0x7ff78ec6f7c1
                                                                                                                                                              0x7ff78ec6f7ce
                                                                                                                                                              0x7ff78ec6f7d5
                                                                                                                                                              0x7ff78ec6f7e2
                                                                                                                                                              0x7ff78ec6f7e9
                                                                                                                                                              0x7ff78ec6f7f6
                                                                                                                                                              0x7ff78ec6f7fd
                                                                                                                                                              0x7ff78ec6f814
                                                                                                                                                              0x7ff78ec6f816
                                                                                                                                                              0x7ff78ec6f823
                                                                                                                                                              0x7ff78ec6f82d
                                                                                                                                                              0x7ff78ec6f832
                                                                                                                                                              0x7ff78ec6f838
                                                                                                                                                              0x7ff78ec6f838
                                                                                                                                                              0x7ff78ec6f83b
                                                                                                                                                              0x7ff78ec6f840
                                                                                                                                                              0x7ff78ec6f849
                                                                                                                                                              0x7ff78ec6f84e
                                                                                                                                                              0x7ff78ec6f853
                                                                                                                                                              0x7ff78ec6f855
                                                                                                                                                              0x7ff78ec6f858
                                                                                                                                                              0x7ff78ec6f85e
                                                                                                                                                              0x7ff78ec6f861
                                                                                                                                                              0x7ff78ec6f861
                                                                                                                                                              0x7ff78ec6f865
                                                                                                                                                              0x7ff78ec6f868
                                                                                                                                                              0x7ff78ec6f86f
                                                                                                                                                              0x7ff78ec6f874
                                                                                                                                                              0x7ff78ec6f87c
                                                                                                                                                              0x7ff78ec6f880
                                                                                                                                                              0x7ff78ec6f886
                                                                                                                                                              0x7ff78ec6f88b
                                                                                                                                                              0x7ff78ec6f88d
                                                                                                                                                              0x7ff78ec6f892
                                                                                                                                                              0x7ff78ec6f898
                                                                                                                                                              0x7ff78ec6f89d
                                                                                                                                                              0x7ff78ec6f8a3
                                                                                                                                                              0x7ff78ec6f8a9
                                                                                                                                                              0x7ff78ec6f8af
                                                                                                                                                              0x7ff78ec6f8b1
                                                                                                                                                              0x7ff78ec6f8b7
                                                                                                                                                              0x7ff78ec6f8b9
                                                                                                                                                              0x7ff78ec6f8bd
                                                                                                                                                              0x7ff78ec6f8bd
                                                                                                                                                              0x7ff78ec6f8c1
                                                                                                                                                              0x7ff78ec6f8c4
                                                                                                                                                              0x7ff78ec6f8cf
                                                                                                                                                              0x7ff78ec6f8d9
                                                                                                                                                              0x7ff78ec6f8dd
                                                                                                                                                              0x7ff78ec6f8e2
                                                                                                                                                              0x7ff78ec6f8e5
                                                                                                                                                              0x7ff78ec6f8e5
                                                                                                                                                              0x7ff78ec6f8e8
                                                                                                                                                              0x7ff78ec6f8ee
                                                                                                                                                              0x7ff78ec6f8f4
                                                                                                                                                              0x7ff78ec6f8fb
                                                                                                                                                              0x7ff78ec6f905
                                                                                                                                                              0x7ff78ec6f90d
                                                                                                                                                              0x7ff78ec6f916
                                                                                                                                                              0x7ff78ec6f920
                                                                                                                                                              0x7ff78ec6f92e
                                                                                                                                                              0x7ff78ec6f936
                                                                                                                                                              0x7ff78ec6f93f
                                                                                                                                                              0x7ff78ec6f94d
                                                                                                                                                              0x7ff78ec6f955
                                                                                                                                                              0x7ff78ec6f95e
                                                                                                                                                              0x7ff78ec6f96c
                                                                                                                                                              0x7ff78ec6f974
                                                                                                                                                              0x7ff78ec6f981
                                                                                                                                                              0x7ff78ec6f987
                                                                                                                                                              0x7ff78ec6f98d
                                                                                                                                                              0x7ff78ec6f994
                                                                                                                                                              0x7ff78ec6f9a1
                                                                                                                                                              0x7ff78ec6f9af
                                                                                                                                                              0x7ff78ec6f9b8
                                                                                                                                                              0x7ff78ec6f9c3
                                                                                                                                                              0x7ff78ec6f9cc
                                                                                                                                                              0x7ff78ec6f9d7
                                                                                                                                                              0x7ff78ec6f9e0
                                                                                                                                                              0x7ff78ec6f9eb
                                                                                                                                                              0x7ff78ec6f9f4
                                                                                                                                                              0x7ff78ec6f9ff
                                                                                                                                                              0x7ff78ec6fa08
                                                                                                                                                              0x7ff78ec6fa13
                                                                                                                                                              0x7ff78ec6fa20
                                                                                                                                                              0x7ff78ec6fa2b
                                                                                                                                                              0x7ff78ec6fa38
                                                                                                                                                              0x7ff78ec6fa3f
                                                                                                                                                              0x7ff78ec6fa4c
                                                                                                                                                              0x7ff78ec6fa53
                                                                                                                                                              0x7ff78ec6fa60
                                                                                                                                                              0x7ff78ec6fa67
                                                                                                                                                              0x7ff78ec6fa74
                                                                                                                                                              0x7ff78ec6fa7b
                                                                                                                                                              0x7ff78ec6fa92
                                                                                                                                                              0x7ff78ec6fa99
                                                                                                                                                              0x7ff78ec6faa3
                                                                                                                                                              0x7ff78ec6faae
                                                                                                                                                              0x7ff78ec6fab3
                                                                                                                                                              0x7ff78ec6fab9
                                                                                                                                                              0x7ff78ec6fab9
                                                                                                                                                              0x7ff78ec6fabc
                                                                                                                                                              0x7ff78ec6fac1
                                                                                                                                                              0x7ff78ec6fac6
                                                                                                                                                              0x7ff78ec6face
                                                                                                                                                              0x7ff78ec6fad3
                                                                                                                                                              0x7ff78ec6fad9
                                                                                                                                                              0x7ff78ec6fadb
                                                                                                                                                              0x7ff78ec6fae5
                                                                                                                                                              0x7ff78ec6faf6
                                                                                                                                                              0x7ff78ec6fafd
                                                                                                                                                              0x7ff78ec6fb04
                                                                                                                                                              0x7ff78ec6fb0d
                                                                                                                                                              0x7ff78ec6fb10
                                                                                                                                                              0x7ff78ec6fb12
                                                                                                                                                              0x7ff78ec6fb17
                                                                                                                                                              0x7ff78ec6fb1f
                                                                                                                                                              0x7ff78ec6fb1f
                                                                                                                                                              0x7ff78ec6fb23
                                                                                                                                                              0x7ff78ec6fb2b
                                                                                                                                                              0x7ff78ec6fb31
                                                                                                                                                              0x7ff78ec6fb36
                                                                                                                                                              0x7ff78ec6fb38
                                                                                                                                                              0x7ff78ec6fb3d
                                                                                                                                                              0x7ff78ec6fb43
                                                                                                                                                              0x7ff78ec6fb4c
                                                                                                                                                              0x7ff78ec6fb4e
                                                                                                                                                              0x7ff78ec6fb52
                                                                                                                                                              0x7ff78ec6fb58
                                                                                                                                                              0x7ff78ec6fb5a
                                                                                                                                                              0x7ff78ec6fb5f
                                                                                                                                                              0x7ff78ec6fb64
                                                                                                                                                              0x7ff78ec6fb6a
                                                                                                                                                              0x7ff78ec6fb6a
                                                                                                                                                              0x7ff78ec6fb72
                                                                                                                                                              0x7ff78ec6fb78
                                                                                                                                                              0x7ff78ec6fb7e
                                                                                                                                                              0x7ff78ec6fb83
                                                                                                                                                              0x7ff78ec6fb85
                                                                                                                                                              0x7ff78ec6fb8a
                                                                                                                                                              0x7ff78ec6fb8e
                                                                                                                                                              0x7ff78ec6fb96
                                                                                                                                                              0x7ff78ec6fba0
                                                                                                                                                              0x7ff78ec6fba5
                                                                                                                                                              0x7ff78ec6fba7
                                                                                                                                                              0x7ff78ec6fbad
                                                                                                                                                              0x7ff78ec6fbb2
                                                                                                                                                              0x7ff78ec6fbb7
                                                                                                                                                              0x7ff78ec6fbbd
                                                                                                                                                              0x7ff78ec6fbc2
                                                                                                                                                              0x7ff78ec6fbc7
                                                                                                                                                              0x7ff78ec6fbcd
                                                                                                                                                              0x7ff78ec6fbd3
                                                                                                                                                              0x7ff78ec6fbd7
                                                                                                                                                              0x7ff78ec6fbde
                                                                                                                                                              0x7ff78ec6fbe3
                                                                                                                                                              0x7ff78ec6fc02

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: f$p$p
                                                                                                                                                              • API String ID: 3215553584-1995029353
                                                                                                                                                              • Opcode ID: 5260fc6e70538eab79462ef4c698ef4c5cb929645a3d65cb86eb2fac62676952
                                                                                                                                                              • Instruction ID: bc06974e57bc001aefa227bc8e05fbfec246c923794247799814a7b4ebfd32e5
                                                                                                                                                              • Opcode Fuzzy Hash: 5260fc6e70538eab79462ef4c698ef4c5cb929645a3d65cb86eb2fac62676952
                                                                                                                                                              • Instruction Fuzzy Hash: F812A322E0C2C386FB207E94E05467BF692FB95754FE84139D68A466E5DF3CE580CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60878394 Relevance: 10.6, APIs: 7, Instructions: 121threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PyType_GetModuleState.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC608783CF
                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC608783E3
                                                                                                                                                              • PyList_New.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC608783F9
                                                                                                                                                              • PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC60878447
                                                                                                                                                              • PyEval_RestoreThread.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC60878461
                                                                                                                                                              • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC60884659
                                                                                                                                                              • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFC60878E8E,?,?,?,00007FFC60878366), ref: 00007FFC608846A3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DeallocEval_Thread$Bytes_FromList_ModuleRestoreSaveSizeStateStringType_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2831925710-0
                                                                                                                                                              • Opcode ID: b1fdb4deff39498119a2c0a51fe69925aea789a19fa29ad25d25e172fda87085
                                                                                                                                                              • Instruction ID: 547be61853742c0195e0c42dbe3016c2733526b9e6552c5aa3e6850ba11c9bdd
                                                                                                                                                              • Opcode Fuzzy Hash: b1fdb4deff39498119a2c0a51fe69925aea789a19fa29ad25d25e172fda87085
                                                                                                                                                              • Instruction Fuzzy Hash: 5E41A023A8CB2AC6EA64CB11A54403D63A4FB9DB60F160235DE6D23794EF7CE458C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66F10 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                              • API String ID: 626452242-876015163
                                                                                                                                                              • Opcode ID: 4fdaa5e5ad00a15d4a8cc00fe9b2d566c487ae9da2689d0c339a7e1bc9427a59
                                                                                                                                                              • Instruction ID: 276f834bcc7b881b349e1ac682a4ac2d2b29dde24a6445dcf4adaf296101b112
                                                                                                                                                              • Opcode Fuzzy Hash: 4fdaa5e5ad00a15d4a8cc00fe9b2d566c487ae9da2689d0c339a7e1bc9427a59
                                                                                                                                                              • Instruction Fuzzy Hash: B441C372E08A4282EA10EB55E84057AE7A5FB44790FB44139DEAD47BA4DF3CE452C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC655A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                              			E00007FF77FF78EC655A0(void* __ecx, long long __rbx, void* __rcx, void* __rbp, void* __r8, char _a24, char _a8216, void* _a8224, signed int _a16408, void* _a16416, long long _a16448, void* _a16456) {
				void* __rdi;
				void* _t14;
				void* _t15;
				long _t18;
				void* _t19;
				void* _t24;
				void* _t27;
				int _t29;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t52;
				void* _t53;
				signed long long _t54;
				signed long long _t55;
				long long _t57;
				signed long long _t81;
				void* _t83;
				void* _t85;
				void* _t93;
				void* _t94;
				void* _t95;

				_t88 = __r8;
				_t57 = __rbx;
				_t14 = E00007FF77FF78EC6A070(0x4030, _t53, _t94, _t95);
				_t54 =  *0x8ec9d000; // 0x5e06c6841c27
				_t55 = _t54 ^ _t85 - _t53;
				_a16408 = _t55;
				_t76 = __rcx;
				r8d = 0;
				_t15 = E00007FF77FF78EC66D10(_t14, __rbx, __rcx, __rcx, _t83, __r8);
				if (_t55 != 0) goto 0x8ec655e9;
				E00007FF77FF78EC61C50(_t15, 0, _t52, _t55, "LOADER: Failed to convert runtime-tmpdir to a wide string.\n", _t76, _t88, _t93);
				goto 0x8ec656f8;
				r8d = 0x1000;
				_a16448 = _t57;
				_t18 = ExpandEnvironmentStringsW(??, ??, ??);
				_t19 = E00007FF77FF78EC73ED8(_t18, _t55,  &_a24, _t88);
				if (_t18 != 0) goto 0x8ec65626;
				E00007FF77FF78EC61C50(_t19, 0, _t52, _t55, "LOADER: Failed to expand environment variables in the runtime-tmpdir.\n",  &_a24, _t88, _t93);
				goto 0x8ec656f0;
				if (E00007FF77FF78EC668C0(0, _t57,  &_a24) == 0) goto 0x8ec65640;
				E00007FF77FF78EC75E28(_t43, _t55, _t57,  &_a24, _t83, __rbp);
				goto 0x8ec65652;
				r8d = 0x1000;
				_t24 = E00007FF77FF78EC75158(_t18, 0, _t55, _t57,  &_a24,  &_a24, _t55, _t83, _t88);
				if (_t55 != 0) goto 0x8ec6566d;
				E00007FF77FF78EC61C50(_t24, 0, _t52, _t55, "LOADER: Failed to obtain the absolute path of the runtime-tmpdir.\n",  &_a24, _t88, _t93);
				goto 0x8ec656f0;
				r8d = 0x2000;
				E00007FF77FF78EC6B7B0();
				_t27 = E00007FF77FF78EC6B624(0, 0x5c, _t55,  &_a24, _t93);
				_t81 = _t55;
				if (_t55 == 0) goto 0x8ec656e2;
				asm("o16 nop [eax+eax]");
				E00007FF77FF78EC75EAC(_t27, 0, _t42, _t44,  &_a8216, _t55, _t81, (_t81 - _t55 >> 1) + 1);
				_t29 = CreateDirectoryW(??, ??);
				_t10 = _t81 + 2; // 0x2
				E00007FF77FF78EC6B624(_t29, 0x5c, _t10, _t55, _t93);
				if (_t55 != 0) goto 0x8ec656a0;
				return E00007FF77FF78EC6A040(CreateDirectoryW(??, ??), 0, _a16408 ^ _t85 - _t53);
			}

























                                                                                                                                                              0x7ff78ec655a0
                                                                                                                                                              0x7ff78ec655a0
                                                                                                                                                              0x7ff78ec655a7
                                                                                                                                                              0x7ff78ec655af
                                                                                                                                                              0x7ff78ec655b6
                                                                                                                                                              0x7ff78ec655b9
                                                                                                                                                              0x7ff78ec655c1
                                                                                                                                                              0x7ff78ec655c4
                                                                                                                                                              0x7ff78ec655c9
                                                                                                                                                              0x7ff78ec655d4
                                                                                                                                                              0x7ff78ec655dd
                                                                                                                                                              0x7ff78ec655e4
                                                                                                                                                              0x7ff78ec655e9
                                                                                                                                                              0x7ff78ec655ef
                                                                                                                                                              0x7ff78ec655ff
                                                                                                                                                              0x7ff78ec6560a
                                                                                                                                                              0x7ff78ec65611
                                                                                                                                                              0x7ff78ec6561a
                                                                                                                                                              0x7ff78ec65621
                                                                                                                                                              0x7ff78ec65632
                                                                                                                                                              0x7ff78ec65639
                                                                                                                                                              0x7ff78ec6563e
                                                                                                                                                              0x7ff78ec65640
                                                                                                                                                              0x7ff78ec6564d
                                                                                                                                                              0x7ff78ec65658
                                                                                                                                                              0x7ff78ec65661
                                                                                                                                                              0x7ff78ec65668
                                                                                                                                                              0x7ff78ec65677
                                                                                                                                                              0x7ff78ec6567d
                                                                                                                                                              0x7ff78ec6568a
                                                                                                                                                              0x7ff78ec6568f
                                                                                                                                                              0x7ff78ec65695
                                                                                                                                                              0x7ff78ec65697
                                                                                                                                                              0x7ff78ec656b7
                                                                                                                                                              0x7ff78ec656c6
                                                                                                                                                              0x7ff78ec656d1
                                                                                                                                                              0x7ff78ec656d5
                                                                                                                                                              0x7ff78ec656e0
                                                                                                                                                              0x7ff78ec65710

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF78EC66D10: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC66D4A
                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF78EC658EF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF78EC655FF
                                                                                                                                                              Strings
                                                                                                                                                              • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF78EC6565A
                                                                                                                                                              • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF78EC65613
                                                                                                                                                              • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF78EC655D6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                              • API String ID: 2001182103-3498232454
                                                                                                                                                              • Opcode ID: 290657b37774a0ce3ad561e5240a952b336b6161949af5c28b35d9710340c8eb
                                                                                                                                                              • Instruction ID: 8d65179925b6e5c01b63d204e12892167fc7b4155011282b78634f861e38e156
                                                                                                                                                              • Opcode Fuzzy Hash: 290657b37774a0ce3ad561e5240a952b336b6161949af5c28b35d9710340c8eb
                                                                                                                                                              • Instruction Fuzzy Hash: 57315011F1D78250FA64BBA5E9552BB9291BF987C0FF44439DA4E427A6EF3CE104C620
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6C178 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 54%
                                                                                                                                                              			E00007FF77FF78EC6C178(long long __rbx, void* __rcx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				struct HINSTANCE__* _t82;
				long long _t86;
				void* _t90;
				struct HINSTANCE__* _t95;
				long _t98;
				void* _t101;
				signed long long _t102;
				WCHAR* _t105;

				 *((long long*)(_t90 + 8)) = __rbx;
				 *((long long*)(_t90 + 0x10)) = _t86;
				 *((long long*)(_t90 + 0x18)) = __rsi;
				_t102 = _t101 | 0xffffffff;
				_t61 =  *((intOrPtr*)(0x7ff78ec60000 + 0x4c710 + _t82 * 8));
				if (_t61 == _t102) goto 0x8ec6c2a7;
				if (_t61 != 0) goto 0x8ec6c2a9;
				if (__r8 == __r9) goto 0x8ec6c29f;
				_t67 =  *((intOrPtr*)(0x7ff78ec60000 + 0x4c6f8 + __rsi * 8));
				if (_t67 == 0) goto 0x8ec6c1ea;
				if (_t67 != _t102) goto 0x8ec6c281;
				goto 0x8ec6c255;
				r8d = 0x800;
				LoadLibraryExW(_t105, _t101, _t98);
				_t68 = _t61;
				if (_t61 != 0) goto 0x8ec6c261;
				if (GetLastError() != 0x57) goto 0x8ec6c243;
				_t14 = _t68 + 7; // 0x7
				r8d = _t14;
				if (E00007FF77FF78EC79E9C(_t37, __r8) == 0) goto 0x8ec6c243;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t61 != 0) goto 0x8ec6c261;
				 *((intOrPtr*)(0x7ff78ec60000 + 0x4c6f8 + __rsi * 8)) = _t102;
				goto 0x8ec6c1c8;
				_t21 = 0x7ff78ec60000 + 0x4c6f8 + __rsi * 8;
				_t65 =  *_t21;
				 *_t21 = _t61;
				if (_t65 == 0) goto 0x8ec6c281;
				FreeLibrary(_t95);
				GetProcAddress(_t82);
				if (_t65 == 0) goto 0x8ec6c29f;
				 *((intOrPtr*)(0x7ff78ec60000 + 0x4c710 + _t82 * 8)) = _t65;
				goto 0x8ec6c2a9;
				 *((intOrPtr*)(0x7ff78ec60000 + 0x4c710 + _t82 * 8)) = _t102;
				return 0;
			}















                                                                                                                                                              0x7ff78ec6c178
                                                                                                                                                              0x7ff78ec6c17d
                                                                                                                                                              0x7ff78ec6c182
                                                                                                                                                              0x7ff78ec6c19d
                                                                                                                                                              0x7ff78ec6c1aa
                                                                                                                                                              0x7ff78ec6c1b6
                                                                                                                                                              0x7ff78ec6c1bf
                                                                                                                                                              0x7ff78ec6c1c8
                                                                                                                                                              0x7ff78ec6c1d1
                                                                                                                                                              0x7ff78ec6c1dd
                                                                                                                                                              0x7ff78ec6c1e2
                                                                                                                                                              0x7ff78ec6c1e8
                                                                                                                                                              0x7ff78ec6c1f7
                                                                                                                                                              0x7ff78ec6c1fd
                                                                                                                                                              0x7ff78ec6c203
                                                                                                                                                              0x7ff78ec6c209
                                                                                                                                                              0x7ff78ec6c214
                                                                                                                                                              0x7ff78ec6c216
                                                                                                                                                              0x7ff78ec6c216
                                                                                                                                                              0x7ff78ec6c22b
                                                                                                                                                              0x7ff78ec6c22d
                                                                                                                                                              0x7ff78ec6c235
                                                                                                                                                              0x7ff78ec6c241
                                                                                                                                                              0x7ff78ec6c24d
                                                                                                                                                              0x7ff78ec6c25c
                                                                                                                                                              0x7ff78ec6c26b
                                                                                                                                                              0x7ff78ec6c26b
                                                                                                                                                              0x7ff78ec6c26b
                                                                                                                                                              0x7ff78ec6c276
                                                                                                                                                              0x7ff78ec6c27b
                                                                                                                                                              0x7ff78ec6c287
                                                                                                                                                              0x7ff78ec6c290
                                                                                                                                                              0x7ff78ec6c295
                                                                                                                                                              0x7ff78ec6c29d
                                                                                                                                                              0x7ff78ec6c29f
                                                                                                                                                              0x7ff78ec6c2c5

                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF78EC6C42A,?,?,?,00007FF78EC6C11C,?,?,00000001,00007FF78EC6BD39), ref: 00007FF78EC6C1FD
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF78EC6C42A,?,?,?,00007FF78EC6C11C,?,?,00000001,00007FF78EC6BD39), ref: 00007FF78EC6C20B
                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF78EC6C42A,?,?,?,00007FF78EC6C11C,?,?,00000001,00007FF78EC6BD39), ref: 00007FF78EC6C235
                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF78EC6C42A,?,?,?,00007FF78EC6C11C,?,?,00000001,00007FF78EC6BD39), ref: 00007FF78EC6C27B
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF78EC6C42A,?,?,?,00007FF78EC6C11C,?,?,00000001,00007FF78EC6BD39), ref: 00007FF78EC6C287
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                              • Opcode ID: c7b5a127782adb6287aa8122f4b1c4e7f8537a2c8b18c9206494bb7e0b67d0f4
                                                                                                                                                              • Instruction ID: 89bf8b8b0932952814dc48a702ffbc4e220c2c1dbe60ff0a22f7403264b55d7a
                                                                                                                                                              • Opcode Fuzzy Hash: c7b5a127782adb6287aa8122f4b1c4e7f8537a2c8b18c9206494bb7e0b67d0f4
                                                                                                                                                              • Instruction Fuzzy Hash: DB319421F1A65291FE51BBC6EC00976A394BF49BA0FAA4539DD2D573A0EF3CE444C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC66D10 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC66D4A
                                                                                                                                                                • Part of subcall function 00007FF78EC61CB0: GetLastError.KERNEL32(?,?,00000000,00007FF78EC66864,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC61CD7
                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF78EC66DD0
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                              • API String ID: 1717984340-876015163
                                                                                                                                                              • Opcode ID: 4f0c6bc7b11372aed5319b08498c5081c00d6ff21e3e848fa80df47cf50eae0a
                                                                                                                                                              • Instruction ID: e3c27138701fc728d30852258ea9ba52cfee6a4810ed45d320b9e82a424ef96a
                                                                                                                                                              • Opcode Fuzzy Hash: 4f0c6bc7b11372aed5319b08498c5081c00d6ff21e3e848fa80df47cf50eae0a
                                                                                                                                                              • Instruction Fuzzy Hash: 0E21A821F08A5292EB50EB59F9000AAE761FF847C4FA84136DB5D93B69EF3CE551C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7AAB0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AABF
                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AAD4
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AAF5
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AB22
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AB33
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AB44
                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F,?,?,?,00007FF78EC797C4), ref: 00007FF78EC7AB5F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                              • Opcode ID: d5d3ee4805e6e516b8664a4c74483aa8e1e84998336b35c50ceef389c962a333
                                                                                                                                                              • Instruction ID: 9b1faab244e59d5c2c111ec9a8b39415300cbccd7550c144f828900aa5f32f2e
                                                                                                                                                              • Opcode Fuzzy Hash: d5d3ee4805e6e516b8664a4c74483aa8e1e84998336b35c50ceef389c962a333
                                                                                                                                                              • Instruction Fuzzy Hash: 3F214521E0D20646FA98BBA9DA45079E6427F457F0FB48739E93E066D6EF3CE441C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC86FFC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                              • Opcode ID: 25a38ad91bb89dfa904c6f75e80a85761cd8d9635167a062241b29f482f95994
                                                                                                                                                              • Instruction ID: 93c6418fde1c11b4153b7e0e8c36b09e1f16d95bb72b66bc04581d9aa9530d00
                                                                                                                                                              • Opcode Fuzzy Hash: 25a38ad91bb89dfa904c6f75e80a85761cd8d9635167a062241b29f482f95994
                                                                                                                                                              • Instruction Fuzzy Hash: 4F119021F18B5186E750AB92E954329E6A0FB98BE4FA40234EE2D87794EF3CD404C750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60881028 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                                                                                                              • String ID: Invalid filter specifier for delta filter$|OO&
                                                                                                                                                              • API String ID: 3027669873-2010576982
                                                                                                                                                              • Opcode ID: 8c1d3f5d759d768c4c52f9b05bed89fb86b0302da59a321fe814cf6374ceaa4c
                                                                                                                                                              • Instruction ID: 406cd367cc11a4eed1150ff569dde55ff1320dca205643d2860d97cba04fc165
                                                                                                                                                              • Opcode Fuzzy Hash: 8c1d3f5d759d768c4c52f9b05bed89fb86b0302da59a321fe814cf6374ceaa4c
                                                                                                                                                              • Instruction Fuzzy Hash: 1A11F735B8DB6AD6EB00CB20E85856833B4FB48B55F524031C51D62360EF7DE98EC760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60880F9C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                                                                                                              • String ID: Invalid filter specifier for BCJ filter$|OO&
                                                                                                                                                              • API String ID: 3027669873-3728029529
                                                                                                                                                              • Opcode ID: cecad1496d7d895bfff6ff4c78f13344ddbc9caf70fedaee8819f3a8807dc3ff
                                                                                                                                                              • Instruction ID: 444fdb1aaa07bd80dbad031a1370b38db308a06b14ac3dc0f4ebf5234c7f5e53
                                                                                                                                                              • Opcode Fuzzy Hash: cecad1496d7d895bfff6ff4c78f13344ddbc9caf70fedaee8819f3a8807dc3ff
                                                                                                                                                              • Instruction Fuzzy Hash: 4E010535B8DB6AD5EB11CB25D88856833B4BF48B50F520031C61E62760DF3DE88DC760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7AC28 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7AC37
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7AC6D
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7AC9A
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7ACAB
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7ACBC
                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF78EC75E11,?,?,?,?,00007FF78EC7E2AF,?,?,00000000,00007FF78EC7AD46,?,?,?), ref: 00007FF78EC7ACD7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                              • Opcode ID: 9ce244104fd61bd76ba3c125a297ab6c40e0e8027d293c035a1b290d52cbf2d6
                                                                                                                                                              • Instruction ID: 9d8041dbb47259e2487608235dc44c5787888628b9d2aa134143763d72bcf258
                                                                                                                                                              • Opcode Fuzzy Hash: 9ce244104fd61bd76ba3c125a297ab6c40e0e8027d293c035a1b290d52cbf2d6
                                                                                                                                                              • Instruction Fuzzy Hash: 57115821E0C60646FA58BBA9DA4107DE2427F457B0FB48738E92E067D6EF3DE401C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6D6F4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E00007FF77FF78EC6D6F4(void* __ebx, void* __ecx, void* __edx, void* __esi, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* _a16, void* _a24, void* _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				signed int _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				intOrPtr _t58;
				void* _t81;
				signed int _t103;
				void* _t111;
				intOrPtr _t113;
				signed int* _t117;
				intOrPtr* _t138;
				void* _t141;
				void* _t144;
				void* _t146;
				void* _t160;
				void* _t161;

				_t111 = _t146;
				 *((long long*)(_t111 + 8)) = __rbx;
				 *((long long*)(_t111 + 0x10)) = __rbp;
				 *((long long*)(_t111 + 0x18)) = __rsi;
				 *((long long*)(_t111 + 0x20)) = __rdi;
				_t138 = __rcx;
				_t141 = __r9;
				_t161 = __r8;
				_t144 = __rdx;
				E00007FF77FF78EC6BF54(__r8);
				E00007FF77FF78EC6BFB0(_t111);
				_t117 = _a40;
				if ( *((intOrPtr*)(_t111 + 0x40)) != 0) goto 0x8ec6d776;
				if ( *_t138 == 0xe06d7363) goto 0x8ec6d776;
				if ( *_t138 != 0x80000029) goto 0x8ec6d75a;
				if ( *((intOrPtr*)(_t138 + 0x18)) != 0xf) goto 0x8ec6d75e;
				if ( *((long long*)(_t138 + 0x60)) == 0x19930520) goto 0x8ec6d776;
				if ( *_t138 == 0x80000026) goto 0x8ec6d776;
				if (( *_t117 & 0x1fffffff) - 0x19930522 < 0) goto 0x8ec6d776;
				if ((_t117[9] & 0x00000001) != 0) goto 0x8ec6d905;
				if (( *(_t138 + 4) & 0x00000066) == 0) goto 0x8ec6d80e;
				if (_t117[1] == 0) goto 0x8ec6d905;
				if (_a48 != 0) goto 0x8ec6d905;
				if (( *(_t138 + 4) & 0x00000020) == 0) goto 0x8ec6d7fb;
				if ( *_t138 != 0x80000026) goto 0x8ec6d7d9;
				_t58 = E00007FF77FF78EC6CAC4(_t117, __r9,  *((intOrPtr*)(__r9 + 0x20)), __r9);
				if (_t58 - 0xffffffff < 0) goto 0x8ec6d925;
				if (_t58 - _t117[1] >= 0) goto 0x8ec6d925;
				r9d = _t58;
				E00007FF77FF78EC6DC94(_t81, _t111, _t144, __r9, _t117);
				goto 0x8ec6d905;
				if ( *_t138 != 0x80000029) goto 0x8ec6d7fb;
				r9d =  *((intOrPtr*)(_t138 + 0x38));
				if (r9d - 0xffffffff < 0) goto 0x8ec6d925;
				if (r9d - _t117[1] >= 0) goto 0x8ec6d925;
				goto 0x8ec6d7c9;
				E00007FF77FF78EC6C53C(r9d - _t117[1], _t111, _t117, __r9, __r9, _t117);
				goto 0x8ec6d905;
				if (_t117[3] != 0) goto 0x8ec6d856;
				if (( *_t117 & 0x1fffffff) - 0x19930521 < 0) goto 0x8ec6d836;
				_t103 = _t117[8];
				if (_t103 == 0) goto 0x8ec6d836;
				E00007FF77FF78EC6C940(_t111);
				if (_t103 != 0) goto 0x8ec6d856;
				if (( *_t117 & 0x1fffffff) - 0x19930522 < 0) goto 0x8ec6d905;
				if ((_t117[9] >> 0x00000002 & 0x00000001) == 0) goto 0x8ec6d905;
				if ( *_t138 != 0xe06d7363) goto 0x8ec6d8cc;
				if ( *((intOrPtr*)(_t138 + 0x18)) - 3 < 0) goto 0x8ec6d8cc;
				if ( *((intOrPtr*)(_t138 + 0x20)) - 0x19930522 <= 0) goto 0x8ec6d8cc;
				_t113 =  *((intOrPtr*)(_t138 + 0x30));
				if ( *((intOrPtr*)(_t113 + 8)) == 0) goto 0x8ec6d8cc;
				E00007FF77FF78EC6C954(_t113);
				if (_t113 +  *((intOrPtr*)( *((intOrPtr*)(_t138 + 0x30)) + 8)) == 0) goto 0x8ec6d8cc;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t117;
				 *0x8ec8a360(_t160);
				goto 0x8ec6d90a;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t117;
				E00007FF77FF78EC6CEC0(__ebx, _a64 & 0x000000ff, 0x80000026, __esi, _t138, _t144, _t161, _t141, _t113 +  *((intOrPtr*)( *((intOrPtr*)(_t138 + 0x30)) + 8)));
				return 1;
			}



















                                                                                                                                                              0x7ff78ec6d6f4
                                                                                                                                                              0x7ff78ec6d6f7
                                                                                                                                                              0x7ff78ec6d6fb
                                                                                                                                                              0x7ff78ec6d6ff
                                                                                                                                                              0x7ff78ec6d703
                                                                                                                                                              0x7ff78ec6d70d
                                                                                                                                                              0x7ff78ec6d710
                                                                                                                                                              0x7ff78ec6d716
                                                                                                                                                              0x7ff78ec6d719
                                                                                                                                                              0x7ff78ec6d71c
                                                                                                                                                              0x7ff78ec6d721
                                                                                                                                                              0x7ff78ec6d726
                                                                                                                                                              0x7ff78ec6d73c
                                                                                                                                                              0x7ff78ec6d744
                                                                                                                                                              0x7ff78ec6d748
                                                                                                                                                              0x7ff78ec6d74e
                                                                                                                                                              0x7ff78ec6d758
                                                                                                                                                              0x7ff78ec6d75c
                                                                                                                                                              0x7ff78ec6d76a
                                                                                                                                                              0x7ff78ec6d770
                                                                                                                                                              0x7ff78ec6d77a
                                                                                                                                                              0x7ff78ec6d784
                                                                                                                                                              0x7ff78ec6d792
                                                                                                                                                              0x7ff78ec6d79c
                                                                                                                                                              0x7ff78ec6d7a0
                                                                                                                                                              0x7ff78ec6d7ac
                                                                                                                                                              0x7ff78ec6d7b4
                                                                                                                                                              0x7ff78ec6d7bd
                                                                                                                                                              0x7ff78ec6d7c3
                                                                                                                                                              0x7ff78ec6d7cf
                                                                                                                                                              0x7ff78ec6d7d4
                                                                                                                                                              0x7ff78ec6d7db
                                                                                                                                                              0x7ff78ec6d7dd
                                                                                                                                                              0x7ff78ec6d7e5
                                                                                                                                                              0x7ff78ec6d7ef
                                                                                                                                                              0x7ff78ec6d7f9
                                                                                                                                                              0x7ff78ec6d804
                                                                                                                                                              0x7ff78ec6d809
                                                                                                                                                              0x7ff78ec6d812
                                                                                                                                                              0x7ff78ec6d820
                                                                                                                                                              0x7ff78ec6d822
                                                                                                                                                              0x7ff78ec6d826
                                                                                                                                                              0x7ff78ec6d828
                                                                                                                                                              0x7ff78ec6d834
                                                                                                                                                              0x7ff78ec6d842
                                                                                                                                                              0x7ff78ec6d850
                                                                                                                                                              0x7ff78ec6d85c
                                                                                                                                                              0x7ff78ec6d862
                                                                                                                                                              0x7ff78ec6d86b
                                                                                                                                                              0x7ff78ec6d86d
                                                                                                                                                              0x7ff78ec6d875
                                                                                                                                                              0x7ff78ec6d877
                                                                                                                                                              0x7ff78ec6d88a
                                                                                                                                                              0x7ff78ec6d8a1
                                                                                                                                                              0x7ff78ec6d8b0
                                                                                                                                                              0x7ff78ec6d8b8
                                                                                                                                                              0x7ff78ec6d8bf
                                                                                                                                                              0x7ff78ec6d8c4
                                                                                                                                                              0x7ff78ec6d8ca
                                                                                                                                                              0x7ff78ec6d8d7
                                                                                                                                                              0x7ff78ec6d8e9
                                                                                                                                                              0x7ff78ec6d8f7
                                                                                                                                                              0x7ff78ec6d8fb
                                                                                                                                                              0x7ff78ec6d900
                                                                                                                                                              0x7ff78ec6d924

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                              • API String ID: 851805269-3733052814
                                                                                                                                                              • Opcode ID: 950ae6828b2f61cd077b98b3d11d61ed14320742099c75916b852c21ec08a04d
                                                                                                                                                              • Instruction ID: d7142d381f0b1f59a4b0e3e8f8763d7679beac808f223812fdbd7e82053567a8
                                                                                                                                                              • Opcode Fuzzy Hash: 950ae6828b2f61cd077b98b3d11d61ed14320742099c75916b852c21ec08a04d
                                                                                                                                                              • Instruction Fuzzy Hash: 7461C232D0C34286EB60BF95E44427ABBA0FB55B84FA48139DA9D47BA9CF3CE450C751
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6BB38 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 27%
                                                                                                                                                              			E00007FF77FF78EC6BB38(void* __edx, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rsi, long long __r8, intOrPtr* __r9, void* __r11) {
				void* _t81;
				void* _t82;
				intOrPtr _t100;
				intOrPtr _t102;
				void* _t112;
				void* _t117;
				void* _t129;
				long long _t132;
				intOrPtr* _t134;
				signed long long _t143;
				void* _t149;
				signed long long _t153;
				void* _t155;
				long long _t157;
				intOrPtr* _t158;
				void* _t160;
				void* _t161;
				signed long long _t165;
				void* _t170;
				intOrPtr _t171;
				void* _t173;
				void* _t174;
				void* _t176;
				void* _t178;
				void* _t180;
				intOrPtr* _t181;

				 *((long long*)(_t160 + 8)) = __rbx;
				 *((long long*)(_t160 + 0x10)) = _t157;
				 *((long long*)(_t160 + 0x18)) = __rsi;
				_t161 = _t160 - 0x40;
				_t158 = __rcx;
				_t181 = __r9;
				_t174 = __rdx;
				E00007FF77FF78EC6BF54(__r8);
				_t171 =  *((intOrPtr*)(__r9 + 8));
				_t134 =  *((intOrPtr*)(__r9 + 0x38));
				_t178 =  *__r9 - _t171;
				_t102 =  *((intOrPtr*)(__r9 + 0x48));
				if (( *(_t158 + 4) & 0x00000066) != 0) goto 0x8ec6bc60;
				 *((long long*)(_t161 + 0x30)) = _t158;
				 *((long long*)(_t161 + 0x38)) = __r8;
				if (_t102 -  *_t134 >= 0) goto 0x8ec6bd0c;
				_t153 = __r8 + __r8;
				if (_t178 - _t129 < 0) goto 0x8ec6bc52;
				if (_t178 - _t129 >= 0) goto 0x8ec6bc52;
				if ( *((intOrPtr*)(_t134 + 0x10 + _t153 * 8)) == 0) goto 0x8ec6bc52;
				if ( *((intOrPtr*)(_t134 + 0xc + _t153 * 8)) == 1) goto 0x8ec6bbde;
				_t112 =  *((long long*)(_t129 + _t171))(_t180, _t176, _t173, _t170, _t149);
				if (_t112 < 0) goto 0x8ec6bc59;
				if (_t112 <= 0) goto 0x8ec6bc52;
				if ( *_t158 != 0xe06d7363) goto 0x8ec6bc0f;
				if ( *0x8ec903f0 == 0) goto 0x8ec6bc0f;
				if (E00007FF77FF78EC88F70(_t129 + _t171, _t134, 0x8ec903f0) == 0) goto 0x8ec6bc0f;
				_t81 =  *0x8ec903f0();
				r8d = 1;
				_t82 = E00007FF77FF78EC6BF20(_t81, _t158 + _t171, _t174);
				_t100 =  *((intOrPtr*)(_t134 + 0x10 + _t153 * 8));
				r9d =  *_t158;
				 *((long long*)(_t161 + 0x28)) =  *((intOrPtr*)(_t181 + 0x40));
				_t132 =  *((intOrPtr*)(_t181 + 0x28));
				 *((long long*)(_t161 + 0x20)) = _t132;
				__imp__RtlUnwindEx();
				E00007FF77FF78EC6BF50(_t82);
				goto 0x8ec6bb8e;
				goto 0x8ec6bd11;
				_t155 =  *((intOrPtr*)(_t181 + 0x20)) - _t171;
				goto 0x8ec6bd02;
				_t143 = _t174 + _t174;
				if (_t178 - _t132 < 0) goto 0x8ec6bd00;
				_t117 = _t178 - _t132;
				if (_t117 >= 0) goto 0x8ec6bd00;
				r10d =  *(_t158 + 4);
				r10d = r10d & 0x00000020;
				if (_t117 == 0) goto 0x8ec6bcd5;
				r9d = 0;
				if (_t100 == 0) goto 0x8ec6bcd0;
				r8d = r9d;
				_t165 = _t158 + _t158;
				if (_t155 - _t132 < 0) goto 0x8ec6bcc8;
				if (_t155 - _t132 >= 0) goto 0x8ec6bcc8;
				if ( *((intOrPtr*)(_t134 + 0x10 + _t165 * 8)) !=  *((intOrPtr*)(_t134 + 0x10 + _t143 * 8))) goto 0x8ec6bcc8;
				if ( *((intOrPtr*)(_t134 + 0xc + _t165 * 8)) ==  *((intOrPtr*)(_t134 + 0xc + _t143 * 8))) goto 0x8ec6bcd0;
				r9d = r9d + 1;
				if (r9d - _t100 < 0) goto 0x8ec6bc98;
				if (r9d != _t100) goto 0x8ec6bd0c;
				if ( *((intOrPtr*)(_t134 + 0x10 + _t143 * 8)) == 0) goto 0x8ec6bce9;
				if (_t155 != _t132) goto 0x8ec6bd00;
				if (r10d != 0) goto 0x8ec6bd0c;
				goto 0x8ec6bd00;
				 *((intOrPtr*)(_t181 + 0x48)) = _t149 + 1;
				r8d =  *((intOrPtr*)(_t134 + 0xc + _t143 * 8));
				 *((long long*)(_t165 + _t171))();
				if (_t102 + 2 -  *_t134 < 0) goto 0x8ec6bc6c;
				return 1;
			}





























                                                                                                                                                              0x7ff78ec6bb38
                                                                                                                                                              0x7ff78ec6bb3d
                                                                                                                                                              0x7ff78ec6bb42
                                                                                                                                                              0x7ff78ec6bb50
                                                                                                                                                              0x7ff78ec6bb54
                                                                                                                                                              0x7ff78ec6bb57
                                                                                                                                                              0x7ff78ec6bb60
                                                                                                                                                              0x7ff78ec6bb63
                                                                                                                                                              0x7ff78ec6bb68
                                                                                                                                                              0x7ff78ec6bb6f
                                                                                                                                                              0x7ff78ec6bb73
                                                                                                                                                              0x7ff78ec6bb7a
                                                                                                                                                              0x7ff78ec6bb7e
                                                                                                                                                              0x7ff78ec6bb84
                                                                                                                                                              0x7ff78ec6bb89
                                                                                                                                                              0x7ff78ec6bb90
                                                                                                                                                              0x7ff78ec6bb98
                                                                                                                                                              0x7ff78ec6bba2
                                                                                                                                                              0x7ff78ec6bbaf
                                                                                                                                                              0x7ff78ec6bbba
                                                                                                                                                              0x7ff78ec6bbc5
                                                                                                                                                              0x7ff78ec6bbd8
                                                                                                                                                              0x7ff78ec6bbda
                                                                                                                                                              0x7ff78ec6bbdc
                                                                                                                                                              0x7ff78ec6bbe5
                                                                                                                                                              0x7ff78ec6bbef
                                                                                                                                                              0x7ff78ec6bbff
                                                                                                                                                              0x7ff78ec6bc09
                                                                                                                                                              0x7ff78ec6bc13
                                                                                                                                                              0x7ff78ec6bc1f
                                                                                                                                                              0x7ff78ec6bc2b
                                                                                                                                                              0x7ff78ec6bc32
                                                                                                                                                              0x7ff78ec6bc39
                                                                                                                                                              0x7ff78ec6bc3e
                                                                                                                                                              0x7ff78ec6bc42
                                                                                                                                                              0x7ff78ec6bc47
                                                                                                                                                              0x7ff78ec6bc4d
                                                                                                                                                              0x7ff78ec6bc54
                                                                                                                                                              0x7ff78ec6bc5b
                                                                                                                                                              0x7ff78ec6bc64
                                                                                                                                                              0x7ff78ec6bc67
                                                                                                                                                              0x7ff78ec6bc6e
                                                                                                                                                              0x7ff78ec6bc78
                                                                                                                                                              0x7ff78ec6bc82
                                                                                                                                                              0x7ff78ec6bc85
                                                                                                                                                              0x7ff78ec6bc87
                                                                                                                                                              0x7ff78ec6bc8b
                                                                                                                                                              0x7ff78ec6bc8f
                                                                                                                                                              0x7ff78ec6bc91
                                                                                                                                                              0x7ff78ec6bc96
                                                                                                                                                              0x7ff78ec6bc98
                                                                                                                                                              0x7ff78ec6bc9b
                                                                                                                                                              0x7ff78ec6bca6
                                                                                                                                                              0x7ff78ec6bcb0
                                                                                                                                                              0x7ff78ec6bcbb
                                                                                                                                                              0x7ff78ec6bcc6
                                                                                                                                                              0x7ff78ec6bcc8
                                                                                                                                                              0x7ff78ec6bcce
                                                                                                                                                              0x7ff78ec6bcd3
                                                                                                                                                              0x7ff78ec6bcdb
                                                                                                                                                              0x7ff78ec6bce0
                                                                                                                                                              0x7ff78ec6bce5
                                                                                                                                                              0x7ff78ec6bce7
                                                                                                                                                              0x7ff78ec6bcef
                                                                                                                                                              0x7ff78ec6bcf3
                                                                                                                                                              0x7ff78ec6bcfd
                                                                                                                                                              0x7ff78ec6bd06
                                                                                                                                                              0x7ff78ec6bd2e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                              • String ID: csm$f
                                                                                                                                                              • API String ID: 2395640692-629598281
                                                                                                                                                              • Opcode ID: 6900edcc1fa400eb38c1eb5f42e136e427448ac8628f1593a5b885d2bf070d95
                                                                                                                                                              • Instruction ID: ddeddd603ca61e1fb76f4aa01ac06116933edec61eacad89a07d2e68e4e17751
                                                                                                                                                              • Opcode Fuzzy Hash: 6900edcc1fa400eb38c1eb5f42e136e427448ac8628f1593a5b885d2bf070d95
                                                                                                                                                              • Instruction Fuzzy Hash: B851C632E0960296EB14EF55E444A7ABB95FB50BC8FA08138DE1E47758DF78E941C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC6087FBC8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PySequence_Size.PYTHON310(00000000,00007FFC60EF77F8,00000000,00007FFC6087FB78), ref: 00007FFC6087FBF0
                                                                                                                                                              • PySequence_GetItem.PYTHON310 ref: 00007FFC6087FC23
                                                                                                                                                                • Part of subcall function 00007FFC6087FCAC: PyMapping_Check.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FCD1
                                                                                                                                                                • Part of subcall function 00007FFC6087FCAC: PyMapping_GetItemString.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FCEB
                                                                                                                                                                • Part of subcall function 00007FFC6087FCAC: PyLong_AsUnsignedLongLong.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FD00
                                                                                                                                                                • Part of subcall function 00007FFC6087FCAC: PyErr_Occurred.PYTHON310(?,?,?,?,?,?,?,00007FFC6087FC3F), ref: 00007FFC6087FD13
                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 00007FFC608853DD
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_ItemLongMapping_Sequence_$CheckFormatLong_OccurredSizeStringUnsigned
                                                                                                                                                              • String ID: Too many filters - liblzma supports a maximum of %d
                                                                                                                                                              • API String ID: 1062705235-2617632755
                                                                                                                                                              • Opcode ID: 1080529dd15ba81415bc5f107ce17588a7d1efff25946e9705e92833aaacb3f1
                                                                                                                                                              • Instruction ID: 11e8326ee0f1adb0cb21f8b98c3123f5321ceb0db8c4183c4a839a9dcd176c83
                                                                                                                                                              • Opcode Fuzzy Hash: 1080529dd15ba81415bc5f107ce17588a7d1efff25946e9705e92833aaacb3f1
                                                                                                                                                              • Instruction Fuzzy Hash: 9A214161A8C66AC4E655CB2768401796250BF99BF5F190730ED3E567D6DE3CE049C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC6087F6D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00007FFC7FFC6087F6D0(void* __rcx, void* __rdx, void* __r9) {
				signed int _v40;
				char _v152;
				void* __rbx;
				void* _t6;
				void* _t10;
				void* _t13;
				signed long long _t18;
				signed long long _t19;
				void* _t29;
				void* _t30;
				signed long long _t31;
				void* _t33;

				_t32 = __r9;
				_t18 =  *0x60893008; // 0x43705f8cd96c
				_t19 = _t18 ^ _t31;
				_v40 = _t19;
				_t13 = _t32 - __imp___Py_NoneStruct; // 0x7ffc60ef77f8
				r10d = r8d;
				_t29 = __rcx;
				if (_t13 != 0) goto 0x608852e4;
				if (E00007FFC7FFC608804F8(r8d, _t19,  &_v152, _t30, __r9, _t33) != 0) goto 0x608852ca;
				_t6 = E00007FFC7FFC6087F760(E00007FFC7FFC608804F8(r8d, _t19,  &_v152, _t30, __r9, _t33), __rdx, __rdx,  &_v152);
				__imp__PyErr_Occurred();
				if (_t19 != 0) goto 0x6087f759;
				if (E00007FFC7FFC608784E4(_t6, _t29) != 0) goto 0x6087f759;
				return E00007FFC7FFC60882EC0(_t7, _t10, _v40 ^ _t31);
			}















                                                                                                                                                              0x7ffc6087f6d0
                                                                                                                                                              0x7ffc6087f6da
                                                                                                                                                              0x7ffc6087f6e1
                                                                                                                                                              0x7ffc6087f6e4
                                                                                                                                                              0x7ffc6087f6ec
                                                                                                                                                              0x7ffc6087f6f3
                                                                                                                                                              0x7ffc6087f6f9
                                                                                                                                                              0x7ffc6087f6fc
                                                                                                                                                              0x7ffc6087f711
                                                                                                                                                              0x7ffc6087f71f
                                                                                                                                                              0x7ffc6087f726
                                                                                                                                                              0x7ffc6087f72f
                                                                                                                                                              0x7ffc6087f73d
                                                                                                                                                              0x7ffc6087f758

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_$FormatOccurred
                                                                                                                                                              • String ID: Invalid compression preset: %u$Invalid filter chain for FORMAT_ALONE - must be a single LZMA1 filter
                                                                                                                                                              • API String ID: 4038069558-4068623215
                                                                                                                                                              • Opcode ID: 96cf2e1ca3f010a80e08bf21fc9f52e6ffae3d7de764e770f9a589263fce165f
                                                                                                                                                              • Instruction ID: e565fb58697222914669882c096f6b8f394faf102260a9ce62d0d310cff227e0
                                                                                                                                                              • Opcode Fuzzy Hash: 96cf2e1ca3f010a80e08bf21fc9f52e6ffae3d7de764e770f9a589263fce165f
                                                                                                                                                              • Instruction Fuzzy Hash: EF214C15A8CBAAC1EA24D726E4403792260BF9D7E5F410232D96E667D6DF2CE40DC720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60FFD60C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00007FFC60FFEEF8), ref: 00007FFC60FFD631
                                                                                                                                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00007FFC60FFEEF8), ref: 00007FFC60FFD63D
                                                                                                                                                                • Part of subcall function 00007FFC60FFD710: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FFC60FFD721
                                                                                                                                                              • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,?,00007FFC60FFEEF8), ref: 00007FFC60FFD66F
                                                                                                                                                              • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00007FFC60FFEEF8), ref: 00007FFC60FFD690
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                              • Opcode ID: a7527d7c958e88b7a470d175e70615f5c762764475a5e5c50c5f4dd4f1ad084e
                                                                                                                                                              • Instruction ID: 3781a8ab8bffb6ad1d0aa04cafac7db41c1b6cc37b6d8f03d96f7db96d93c1b3
                                                                                                                                                              • Opcode Fuzzy Hash: a7527d7c958e88b7a470d175e70615f5c762764475a5e5c50c5f4dd4f1ad084e
                                                                                                                                                              • Instruction Fuzzy Hash: 73118E36A1CA59C2EB208F56E4457A97360FB88F9AF104135DE4E47714CF3CD854CB21
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC78D90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                              • Opcode ID: f4d1d4ada2980999414c083bf883c8cbbe26688c97fecdee198fdf72bb517a28
                                                                                                                                                              • Instruction ID: 46675544313bf9791096704b5ddab8cc6e53f90febf6cd2046eeb08168e03f48
                                                                                                                                                              • Opcode Fuzzy Hash: f4d1d4ada2980999414c083bf883c8cbbe26688c97fecdee198fdf72bb517a28
                                                                                                                                                              • Instruction Fuzzy Hash: 58F06262E1971281FB14ABA4E84537AA360FF59761FE40635CA6E452F4DF3CD448D320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F933D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                              • Opcode ID: d87a420c425093582bf0768a505271f7d8736b4892105bec4a5daca04c7c3215
                                                                                                                                                              • Instruction ID: c04bee670d083c35fd7c55ad35ebb9ea15841ef6ebe24390e66c7871a76b2f14
                                                                                                                                                              • Opcode Fuzzy Hash: d87a420c425093582bf0768a505271f7d8736b4892105bec4a5daca04c7c3215
                                                                                                                                                              • Instruction Fuzzy Hash: 0C119122EDCF3BC5F656916CE84637513406F56374F470A35E97E663E68E2CA881C122
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC8874C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E00007FF77FF78EC8874C(void* __eax, void* __ebx, signed int __ecx, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rdi, long long __rsi, long long _a8, long long _a16) {
				signed int _t44;
				signed int _t45;
				signed int _t46;
				signed int _t48;

				_t54 = __rcx;
				_t52 = __rbx;
				_t51 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				if ((__ecx & 0x00000008) == 0) goto 0x8ec8877e;
				if (sil >= 0) goto 0x8ec8877e;
				E00007FF77FF78EC88EE4(__rax, __rbx, __rcx);
				goto 0x8ec887d5;
				_t44 = 0x00000004 & dil;
				if (_t44 == 0) goto 0x8ec88799;
				asm("dec eax");
				if (_t44 >= 0) goto 0x8ec88799;
				E00007FF77FF78EC88EE4(__rax, __rbx, __rcx);
				goto 0x8ec887d5;
				_t45 = dil & 0x00000001;
				if (_t45 == 0) goto 0x8ec887b5;
				asm("dec eax");
				if (_t45 >= 0) goto 0x8ec887b5;
				E00007FF77FF78EC88EE4(__rax, _t52, __rcx);
				goto 0x8ec887d5;
				_t46 = dil & 0x00000002;
				if (_t46 == 0) goto 0x8ec887d5;
				asm("dec eax");
				if (_t46 >= 0) goto 0x8ec887d5;
				if ((dil & 0x00000010) == 0) goto 0x8ec887d2;
				E00007FF77FF78EC88EE4(_t51, _t52, _t54);
				_t48 = dil & 0x00000010;
				if (_t48 == 0) goto 0x8ec887ef;
				asm("dec eax");
				if (_t48 >= 0) goto 0x8ec887ef;
				E00007FF77FF78EC88EE4(_t51, _t52, _t54);
				return;
			}







                                                                                                                                                              0x7ff78ec8874c
                                                                                                                                                              0x7ff78ec8874c
                                                                                                                                                              0x7ff78ec8874c
                                                                                                                                                              0x7ff78ec8874c
                                                                                                                                                              0x7ff78ec88751
                                                                                                                                                              0x7ff78ec88768
                                                                                                                                                              0x7ff78ec8876d
                                                                                                                                                              0x7ff78ec88774
                                                                                                                                                              0x7ff78ec8877c
                                                                                                                                                              0x7ff78ec88783
                                                                                                                                                              0x7ff78ec88786
                                                                                                                                                              0x7ff78ec88788
                                                                                                                                                              0x7ff78ec8878d
                                                                                                                                                              0x7ff78ec8878f
                                                                                                                                                              0x7ff78ec88797
                                                                                                                                                              0x7ff78ec88799
                                                                                                                                                              0x7ff78ec8879d
                                                                                                                                                              0x7ff78ec8879f
                                                                                                                                                              0x7ff78ec887a4
                                                                                                                                                              0x7ff78ec887ab
                                                                                                                                                              0x7ff78ec887b3
                                                                                                                                                              0x7ff78ec887b5
                                                                                                                                                              0x7ff78ec887b9
                                                                                                                                                              0x7ff78ec887bb
                                                                                                                                                              0x7ff78ec887c0
                                                                                                                                                              0x7ff78ec887c6
                                                                                                                                                              0x7ff78ec887cd
                                                                                                                                                              0x7ff78ec887d5
                                                                                                                                                              0x7ff78ec887d9
                                                                                                                                                              0x7ff78ec887db
                                                                                                                                                              0x7ff78ec887e0
                                                                                                                                                              0x7ff78ec887e7
                                                                                                                                                              0x7ff78ec88805

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                              • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                              • Instruction ID: 7d5c1ccc49f8429606bd752d0badddabb6bee1496051485e9de8bf1adc0b573b
                                                                                                                                                              • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                              • Instruction Fuzzy Hash: B3119027E58A6202F66431AAD64737580617F54374FE40631F6AE06EDADF3C6840C134
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7ACF0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7AD0F
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7AD2E
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7AD56
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7AD67
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF78EC79F0F,?,?,00000000,00007FF78EC7A1AA,?,?,?,?,?,00007FF78EC71866), ref: 00007FF78EC7AD78
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                              • Opcode ID: 6728b7d977397776de26f75ab37ffda3896520667df03ebd1ec06d9289aa86ed
                                                                                                                                                              • Instruction ID: 9aafed39d83cf9285ea7c8e07a087652e416a78d0e2f522f043178b8a20b0547
                                                                                                                                                              • Opcode Fuzzy Hash: 6728b7d977397776de26f75ab37ffda3896520667df03ebd1ec06d9289aa86ed
                                                                                                                                                              • Instruction Fuzzy Hash: A2115921E0C60245FB59BBA9DD451BAD242BF557B0FA49738E83E066D6EF3CF401C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7AB84 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F), ref: 00007FF78EC7AB95
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F), ref: 00007FF78EC7ABB4
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F), ref: 00007FF78EC7ABDC
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F), ref: 00007FF78EC7ABED
                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF78EC827C7,?,?,?,00007FF78EC7D060,?,?,00000000,00007FF78EC7360F), ref: 00007FF78EC7ABFE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                              • Opcode ID: 0ec0e55cd492d785cc6101c1277f9bff6f61e17e090361b6a6b80eeb1b6637d2
                                                                                                                                                              • Instruction ID: 222c12681337dd487b3194eceed61e1be3800942471a6afa3c9aefd0bf3c0483
                                                                                                                                                              • Opcode Fuzzy Hash: 0ec0e55cd492d785cc6101c1277f9bff6f61e17e090361b6a6b80eeb1b6637d2
                                                                                                                                                              • Instruction Fuzzy Hash: 6A11DA21E0D20746FA587AE9DC111B992466F45774EF49B39E93D1A2D2EF3DF841C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60882874 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Dealloc$Module_State
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3434497292-0
                                                                                                                                                              • Opcode ID: 3fa7ef51a04d4a79dd6fe26c0949162ce7c8410eb6a9896d66d75aacbc1dd113
                                                                                                                                                              • Instruction ID: 2ac7ab24971085aa6bea2a4d496d228e9fb7bacb9428ab1da76c8c8581fdae0a
                                                                                                                                                              • Opcode Fuzzy Hash: 3fa7ef51a04d4a79dd6fe26c0949162ce7c8410eb6a9896d66d75aacbc1dd113
                                                                                                                                                              • Instruction Fuzzy Hash: F011F766E9EA2AC1FF69DF74985833822A0BF5CB54F1A4134C91E257918F3CED48D320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7F554 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00007FF77FF78EC7F554(void* __ebp, long long __rbx, signed int* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				signed int _t31;
				signed int _t33;
				signed int _t36;
				signed int _t49;
				signed int _t56;
				void* _t61;
				void* _t84;
				signed int _t90;
				void* _t91;
				signed int _t95;
				signed int _t110;
				intOrPtr* _t130;
				signed short* _t132;
				signed short* _t133;
				long long _t137;
				signed int _t139;
				signed short* _t143;
				signed short* _t144;
				void* _t145;

				_t110 = _t139;
				 *((long long*)(_t110 + 8)) = __rbx;
				 *((long long*)(_t110 + 0x10)) = _t137;
				 *((long long*)(_t110 + 0x18)) = __rsi;
				 *((long long*)(_t110 + 0x20)) = __rdi;
				 *__rcx = _t110;
				__rcx[2] = 0;
				r14d = 0x20;
				_t31 =  *0x8ecaca0c; // 0x0
				__rcx[1] = _t31;
				goto 0x8ec7f597;
				_t143 = __rdx + 2;
				_t33 =  *_t143 & 0x0000ffff;
				if (_t33 == r14w) goto 0x8ec7f58f;
				if (_t33 == 0x61) goto 0x8ec7f5c4;
				if (_t33 == 0x72) goto 0x8ec7f5bb;
				if (_t33 != 0x77) goto 0x8ec7f828;
				 *__rcx = 0x301;
				goto 0x8ec7f5ca;
				__rcx[1] = 1;
				goto 0x8ec7f5d1;
				 *__rcx = 0x109;
				__rcx[1] = 2;
				_t144 =  &(_t143[1]);
				r9b = bpl;
				dil = bpl;
				r10b = bpl;
				r11b = bpl;
				_t9 = _t137 + 0xa; // 0xa
				if ( *_t144 == 0) goto 0x8ec7f73a;
				_t56 =  *_t144 & 0x0000ffff;
				_t84 = _t56 - 0x53;
				if (_t84 > 0) goto 0x8ec7f6a4;
				if (_t84 == 0) goto 0x8ec7f68d;
				if (_t84 == 0) goto 0x8ec7f725;
				if (_t84 == 0) goto 0x8ec7f65b;
				if (_t84 == 0) goto 0x8ec7f653;
				if (_t84 == 0) goto 0x8ec7f641;
				_t61 = _t56 - r14d - 0xfffffffffffffff2 - _t9;
				if (_t84 == 0) goto 0x8ec7f638;
				if (_t61 != 4) goto 0x8ec7f828;
				if (r10b != 0) goto 0x8ec7f718;
				 *__rcx =  *__rcx | 0x00000010;
				goto 0x8ec7f699;
				asm("bts dword [ebx], 0x7");
				goto 0x8ec7f723;
				if (( *__rcx & 0x00000040) != 0) goto 0x8ec7f718;
				goto 0x8ec7f721;
				r11b = 1;
				goto 0x8ec7f718;
				if (dil != 0) goto 0x8ec7f718;
				_t36 =  *__rcx;
				dil = 1;
				if ((_t36 & 0x00000002) != 0) goto 0x8ec7f718;
				 *__rcx = _t36 & 0xfffffffe | 0x00000002;
				__rcx[1] = __rcx[1] & 0xfffffffc | 0x00000004;
				goto 0x8ec7f725;
				_t90 = r10b;
				if (_t90 != 0) goto 0x8ec7f718;
				 *__rcx =  *__rcx | r14d;
				r10b = 1;
				goto 0x8ec7f725;
				if (_t90 == 0) goto 0x8ec7f710;
				if (_t90 == 0) goto 0x8ec7f701;
				if (_t90 == 0) goto 0x8ec7f6ef;
				if (_t90 == 0) goto 0x8ec7f6e3;
				if (_t90 == 0) goto 0x8ec7f6d4;
				_t91 = _t61 - 0x34 - 4;
				if (_t91 != 0) goto 0x8ec7f828;
				asm("bt eax, 0x9");
				if (_t91 >= 0) goto 0x8ec7f718;
				asm("bts eax, 0xa");
				goto 0x8ec7f721;
				if (( *__rcx & 0x0000c000) != 0) goto 0x8ec7f718;
				asm("bts eax, 0xe");
				goto 0x8ec7f721;
				if (r9b != 0) goto 0x8ec7f718;
				asm("btr dword [ebx+0x4], 0xb");
				goto 0x8ec7f6f9;
				if (r9b != 0) goto 0x8ec7f718;
				asm("bts dword [ebx+0x4], 0xb");
				r9b = 1;
				goto 0x8ec7f725;
				_t95 =  *__rcx & 0x0000c000;
				if (_t95 != 0) goto 0x8ec7f718;
				asm("bts eax, 0xf");
				goto 0x8ec7f721;
				asm("bt eax, 0xc");
				if (_t95 >= 0) goto 0x8ec7f71d;
				goto 0x8ec7f725;
				asm("bts eax, 0xc");
				asm("dec eax");
				_t145 = _t144 + __rcx;
				if (1 != 0) goto 0x8ec7f5e8;
				_t129 =  ==  ? _t145 : _t145 + 2;
				goto 0x8ec7f74b;
				_t130 = ( ==  ? _t145 : _t145 + 2) + 2;
				if ( *_t130 == r14w) goto 0x8ec7f747;
				if (r11b != 0) goto 0x8ec7f768;
				if ( *_t130 != 0) goto 0x8ec7f828;
				__rcx[2] = 1;
				goto 0x8ec7f838;
				r8d = 3;
				if (E00007FF77FF78EC79E9C( ~1, _t145) != 0) goto 0x8ec7f828;
				goto 0x8ec7f78f;
				_t132 = _t130 + 8;
				_t49 =  *_t132 & 0x0000ffff;
				if (_t49 == r14w) goto 0x8ec7f78b;
				if (_t49 != 0x3d) goto 0x8ec7f828;
				_t133 =  &(_t132[1]);
				if ( *_t133 == r14w) goto 0x8ec7f7a2;
				r8d = 5;
				if (E00007FF77FF78EC85418(_t110, _t133) != 0) goto 0x8ec7f7cb;
				asm("bts dword [ebx], 0x12");
				goto 0x8ec7f80d;
				r8d = 8;
				if (E00007FF77FF78EC85418(_t110, _t133) != 0) goto 0x8ec7f7ed;
				asm("bts dword [ebx], 0x11");
				goto 0x8ec7f80d;
				r8d = 7;
				if (E00007FF77FF78EC85418(_t110, _t133) != 0) goto 0x8ec7f828;
				asm("bts dword [ebx], 0x10");
				goto 0x8ec7f817;
				if (( *(_t133 + __rsi + 2) & 0x0000ffff) == r14w) goto 0x8ec7f813;
				goto 0x8ec7f759;
				E00007FF77FF78EC75E08(_t110);
				 *_t110 = 0x16;
				return E00007FF77FF78EC7A250();
			}






















                                                                                                                                                              0x7ff78ec7f554
                                                                                                                                                              0x7ff78ec7f557
                                                                                                                                                              0x7ff78ec7f55b
                                                                                                                                                              0x7ff78ec7f55f
                                                                                                                                                              0x7ff78ec7f563
                                                                                                                                                              0x7ff78ec7f572
                                                                                                                                                              0x7ff78ec7f578
                                                                                                                                                              0x7ff78ec7f57b
                                                                                                                                                              0x7ff78ec7f581
                                                                                                                                                              0x7ff78ec7f587
                                                                                                                                                              0x7ff78ec7f58d
                                                                                                                                                              0x7ff78ec7f58f
                                                                                                                                                              0x7ff78ec7f593
                                                                                                                                                              0x7ff78ec7f59b
                                                                                                                                                              0x7ff78ec7f5a1
                                                                                                                                                              0x7ff78ec7f5a7
                                                                                                                                                              0x7ff78ec7f5ad
                                                                                                                                                              0x7ff78ec7f5b3
                                                                                                                                                              0x7ff78ec7f5b9
                                                                                                                                                              0x7ff78ec7f5bb
                                                                                                                                                              0x7ff78ec7f5c2
                                                                                                                                                              0x7ff78ec7f5c4
                                                                                                                                                              0x7ff78ec7f5ca
                                                                                                                                                              0x7ff78ec7f5d1
                                                                                                                                                              0x7ff78ec7f5d9
                                                                                                                                                              0x7ff78ec7f5dc
                                                                                                                                                              0x7ff78ec7f5df
                                                                                                                                                              0x7ff78ec7f5e2
                                                                                                                                                              0x7ff78ec7f5e5
                                                                                                                                                              0x7ff78ec7f5ec
                                                                                                                                                              0x7ff78ec7f5f2
                                                                                                                                                              0x7ff78ec7f5f6
                                                                                                                                                              0x7ff78ec7f5f9
                                                                                                                                                              0x7ff78ec7f5ff
                                                                                                                                                              0x7ff78ec7f608
                                                                                                                                                              0x7ff78ec7f611
                                                                                                                                                              0x7ff78ec7f616
                                                                                                                                                              0x7ff78ec7f61b
                                                                                                                                                              0x7ff78ec7f61d
                                                                                                                                                              0x7ff78ec7f61f
                                                                                                                                                              0x7ff78ec7f624
                                                                                                                                                              0x7ff78ec7f62d
                                                                                                                                                              0x7ff78ec7f633
                                                                                                                                                              0x7ff78ec7f636
                                                                                                                                                              0x7ff78ec7f638
                                                                                                                                                              0x7ff78ec7f63c
                                                                                                                                                              0x7ff78ec7f645
                                                                                                                                                              0x7ff78ec7f64e
                                                                                                                                                              0x7ff78ec7f653
                                                                                                                                                              0x7ff78ec7f656
                                                                                                                                                              0x7ff78ec7f65e
                                                                                                                                                              0x7ff78ec7f664
                                                                                                                                                              0x7ff78ec7f666
                                                                                                                                                              0x7ff78ec7f66b
                                                                                                                                                              0x7ff78ec7f67a
                                                                                                                                                              0x7ff78ec7f685
                                                                                                                                                              0x7ff78ec7f688
                                                                                                                                                              0x7ff78ec7f68d
                                                                                                                                                              0x7ff78ec7f690
                                                                                                                                                              0x7ff78ec7f696
                                                                                                                                                              0x7ff78ec7f699
                                                                                                                                                              0x7ff78ec7f69f
                                                                                                                                                              0x7ff78ec7f6a7
                                                                                                                                                              0x7ff78ec7f6ac
                                                                                                                                                              0x7ff78ec7f6b1
                                                                                                                                                              0x7ff78ec7f6b6
                                                                                                                                                              0x7ff78ec7f6bb
                                                                                                                                                              0x7ff78ec7f6bd
                                                                                                                                                              0x7ff78ec7f6c0
                                                                                                                                                              0x7ff78ec7f6c8
                                                                                                                                                              0x7ff78ec7f6cc
                                                                                                                                                              0x7ff78ec7f6ce
                                                                                                                                                              0x7ff78ec7f6d2
                                                                                                                                                              0x7ff78ec7f6db
                                                                                                                                                              0x7ff78ec7f6dd
                                                                                                                                                              0x7ff78ec7f6e1
                                                                                                                                                              0x7ff78ec7f6e6
                                                                                                                                                              0x7ff78ec7f6e8
                                                                                                                                                              0x7ff78ec7f6ed
                                                                                                                                                              0x7ff78ec7f6f2
                                                                                                                                                              0x7ff78ec7f6f4
                                                                                                                                                              0x7ff78ec7f6f9
                                                                                                                                                              0x7ff78ec7f6ff
                                                                                                                                                              0x7ff78ec7f703
                                                                                                                                                              0x7ff78ec7f708
                                                                                                                                                              0x7ff78ec7f70a
                                                                                                                                                              0x7ff78ec7f70e
                                                                                                                                                              0x7ff78ec7f712
                                                                                                                                                              0x7ff78ec7f716
                                                                                                                                                              0x7ff78ec7f71b
                                                                                                                                                              0x7ff78ec7f71d
                                                                                                                                                              0x7ff78ec7f729
                                                                                                                                                              0x7ff78ec7f72f
                                                                                                                                                              0x7ff78ec7f734
                                                                                                                                                              0x7ff78ec7f741
                                                                                                                                                              0x7ff78ec7f745
                                                                                                                                                              0x7ff78ec7f747
                                                                                                                                                              0x7ff78ec7f74f
                                                                                                                                                              0x7ff78ec7f754
                                                                                                                                                              0x7ff78ec7f759
                                                                                                                                                              0x7ff78ec7f75f
                                                                                                                                                              0x7ff78ec7f763
                                                                                                                                                              0x7ff78ec7f768
                                                                                                                                                              0x7ff78ec7f77f
                                                                                                                                                              0x7ff78ec7f789
                                                                                                                                                              0x7ff78ec7f78b
                                                                                                                                                              0x7ff78ec7f78f
                                                                                                                                                              0x7ff78ec7f796
                                                                                                                                                              0x7ff78ec7f79c
                                                                                                                                                              0x7ff78ec7f7a2
                                                                                                                                                              0x7ff78ec7f7aa
                                                                                                                                                              0x7ff78ec7f7ac
                                                                                                                                                              0x7ff78ec7f7c3
                                                                                                                                                              0x7ff78ec7f7c5
                                                                                                                                                              0x7ff78ec7f7c9
                                                                                                                                                              0x7ff78ec7f7cb
                                                                                                                                                              0x7ff78ec7f7e2
                                                                                                                                                              0x7ff78ec7f7e4
                                                                                                                                                              0x7ff78ec7f7eb
                                                                                                                                                              0x7ff78ec7f7ed
                                                                                                                                                              0x7ff78ec7f804
                                                                                                                                                              0x7ff78ec7f806
                                                                                                                                                              0x7ff78ec7f811
                                                                                                                                                              0x7ff78ec7f81e
                                                                                                                                                              0x7ff78ec7f823
                                                                                                                                                              0x7ff78ec7f828
                                                                                                                                                              0x7ff78ec7f82d
                                                                                                                                                              0x7ff78ec7f855

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                              • Opcode ID: 4c5a14b365211e3e93dbed1b4a307768974a75985a14d7ac45fb1570d02ad6a4
                                                                                                                                                              • Instruction ID: 1255c9a2c2b36b2aa7d11aa81700c00519a93a821b246fdbfee5d9107a6b726a
                                                                                                                                                              • Opcode Fuzzy Hash: 4c5a14b365211e3e93dbed1b4a307768974a75985a14d7ac45fb1570d02ad6a4
                                                                                                                                                              • Instruction Fuzzy Hash: 2781AF72E0C28A85FB656FADD99027CA6A0FB11B88FF58035CA0957294DF3DE801D761
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6D398 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF78EC6D398(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t19;
				void* _t27;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;

				_t27 = _t45;
				 *((long long*)(_t27 + 0x20)) = __rbx;
				 *((long long*)(_t27 + 0x18)) = __r8;
				 *((long long*)(_t27 + 0x10)) = __rdx;
				_t43 = _t27 - 0x3f;
				_t46 = _t45 - 0xc0;
				if ( *__rcx == 0x80000003) goto 0x8ec6d43c;
				E00007FF77FF78EC6BFB0(_t27);
				r12d =  *((intOrPtr*)(_t43 + 0x6f));
				if ( *((long long*)(_t27 + 0x10)) == 0) goto 0x8ec6d457;
				__imp__EncodePointer(_t59, _t56, _t54, _t52, _t36, _t39, _t42);
				E00007FF77FF78EC6BFB0(_t27);
				if ( *((intOrPtr*)(_t27 + 0x10)) == _t27) goto 0x8ec6d457;
				if ( *__rcx == 0xe0434f4d) goto 0x8ec6d457;
				r13d =  *((intOrPtr*)(_t43 + 0x77));
				if ( *__rcx == 0xe0434352) goto 0x8ec6d45b;
				 *((intOrPtr*)(_t46 + 0x38)) = r12d;
				 *((long long*)(_t46 + 0x30)) =  *((intOrPtr*)(_t43 + 0x7f));
				 *((intOrPtr*)(_t46 + 0x28)) = r13d;
				 *((long long*)(_t46 + 0x20)) =  *((intOrPtr*)(_t43 + 0x67));
				_t19 = E00007FF77FF78EC6C458(__rcx,  *((intOrPtr*)(_t43 + 0x4f)), __r8, __r9);
				if (_t19 == 0) goto 0x8ec6d45b;
				return _t19;
			}















                                                                                                                                                              0x7ff78ec6d398
                                                                                                                                                              0x7ff78ec6d39b
                                                                                                                                                              0x7ff78ec6d39f
                                                                                                                                                              0x7ff78ec6d3a3
                                                                                                                                                              0x7ff78ec6d3b2
                                                                                                                                                              0x7ff78ec6d3b6
                                                                                                                                                              0x7ff78ec6d3cc
                                                                                                                                                              0x7ff78ec6d3ce
                                                                                                                                                              0x7ff78ec6d3d3
                                                                                                                                                              0x7ff78ec6d3e0
                                                                                                                                                              0x7ff78ec6d3e4
                                                                                                                                                              0x7ff78ec6d3ed
                                                                                                                                                              0x7ff78ec6d3f6
                                                                                                                                                              0x7ff78ec6d3ff
                                                                                                                                                              0x7ff78ec6d408
                                                                                                                                                              0x7ff78ec6d40c
                                                                                                                                                              0x7ff78ec6d41c
                                                                                                                                                              0x7ff78ec6d424
                                                                                                                                                              0x7ff78ec6d429
                                                                                                                                                              0x7ff78ec6d42e
                                                                                                                                                              0x7ff78ec6d433
                                                                                                                                                              0x7ff78ec6d43a
                                                                                                                                                              0x7ff78ec6d456

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                              • Opcode ID: b811f9d035f1e051f4446d81a48ba224ae6f3274d3e91807cb4f46dd0d23d8c6
                                                                                                                                                              • Instruction ID: 344e3b50cd80a5cf331a7e8ccd17df615961743d9959d4305d636d02a62c11a3
                                                                                                                                                              • Opcode Fuzzy Hash: b811f9d035f1e051f4446d81a48ba224ae6f3274d3e91807cb4f46dd0d23d8c6
                                                                                                                                                              • Instruction Fuzzy Hash: D4615D72E08B458AE710AFA5D4407AEBBA0FB44B8CF644229EF4D17BA5CF38E555C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60FCD5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFC60FCF23F), ref: 00007FFC60FCD648
                                                                                                                                                              • CompareStringW.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFC60FCF23F), ref: 00007FFC60FCD710
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressCompareProcString
                                                                                                                                                              • String ID: AppPolicyGetThreadInitializationType$CompareStringEx
                                                                                                                                                              • API String ID: 108076903-1200376162
                                                                                                                                                              • Opcode ID: aa9721124bbc1be26fdb9ae6b67df0e1d7e2398948356b7dae4485f8b19b2e75
                                                                                                                                                              • Instruction ID: 24ad801bce3ea5c9e1d830fb5a57ec4a985082e01bfc30cc4016b8be257a50a2
                                                                                                                                                              • Opcode Fuzzy Hash: aa9721124bbc1be26fdb9ae6b67df0e1d7e2398948356b7dae4485f8b19b2e75
                                                                                                                                                              • Instruction Fuzzy Hash: A631BE21B8CA69C2EB54CB25E8017AA63E0BB48FE4F054235EE5D57798EF3CE845C750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60882A30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E00007FFC7FFC60882A30(void* __rax, long long __rbx, intOrPtr* __rcx, long long _a8) {
				void* _t7;
				void* _t12;
				intOrPtr* _t45;
				intOrPtr* _t46;
				void* _t47;

				_a8 = __rbx;
				_t45 = __rcx;
				__imp__PyDict_New();
				if (__rax == 0) goto 0x60882b4e;
				_t51 =  *__rcx;
				if (E00007FFC7FFC60882B54(_t7, __rax, __rax, __rax, 0x60893060, _t47,  *__rcx) == 0xffffffff) goto 0x60885a82;
				if ( *_t45 == 3) goto 0x60885ac1;
				if ( *_t45 == 4) goto 0x60885aae;
				if ( *_t45 == 5) goto 0x60885aae;
				if ( *_t45 == 6) goto 0x60885aae;
				if ( *_t45 == 7) goto 0x60885aae;
				if ( *_t45 == 8) goto 0x60885aae;
				if ( *_t45 == 9) goto 0x60885aae;
				if ( *_t45 == 0x21) goto 0x60885a9b;
				if ( *_t45 != 0x1) goto 0x60885a68;
				_t46 =  *((intOrPtr*)(_t45 + 8));
				r8d =  *((intOrPtr*)(_t46 + 0x14));
				if (E00007FFC7FFC60882B54(_t8, 0x1, __rax, __rax, 0x60893080, _t47, _t51) == 0xffffffff) goto 0x60885a82;
				r8d =  *((intOrPtr*)(_t46 + 0x18));
				if (E00007FFC7FFC60882B54(_t9, 0x1, __rax, __rax, 0x60893050, _t47, _t51) == 0xffffffff) goto 0x60885a82;
				r8d =  *((intOrPtr*)(_t46 + 0x1c));
				if (E00007FFC7FFC60882B54(_t10, 0x1, __rax, __rax, 0x60893040, _t47, _t51) == 0xffffffff) goto 0x60885a82;
				r8d =  *_t46;
				_t12 = E00007FFC7FFC60882B54(_t11, 0x1, __rax, __rax, 0x60893070, _t47, _t51);
				if (_t12 == 0xffffffff) goto 0x60885a82;
				return _t12;
			}








                                                                                                                                                              0x7ffc60882a30
                                                                                                                                                              0x7ffc60882a3a
                                                                                                                                                              0x7ffc60882a3d
                                                                                                                                                              0x7ffc60882a49
                                                                                                                                                              0x7ffc60882a4f
                                                                                                                                                              0x7ffc60882a64
                                                                                                                                                              0x7ffc60882a6e
                                                                                                                                                              0x7ffc60882a78
                                                                                                                                                              0x7ffc60882a82
                                                                                                                                                              0x7ffc60882a8c
                                                                                                                                                              0x7ffc60882a96
                                                                                                                                                              0x7ffc60882aa0
                                                                                                                                                              0x7ffc60882aaa
                                                                                                                                                              0x7ffc60882ab4
                                                                                                                                                              0x7ffc60882ac7
                                                                                                                                                              0x7ffc60882acd
                                                                                                                                                              0x7ffc60882adb
                                                                                                                                                              0x7ffc60882ae7
                                                                                                                                                              0x7ffc60882aed
                                                                                                                                                              0x7ffc60882b03
                                                                                                                                                              0x7ffc60882b09
                                                                                                                                                              0x7ffc60882b1f
                                                                                                                                                              0x7ffc60882b25
                                                                                                                                                              0x7ffc60882b32
                                                                                                                                                              0x7ffc60882b3a
                                                                                                                                                              0x7ffc60882b4d

                                                                                                                                                              APIs
                                                                                                                                                              • PyDict_New.PYTHON310(?,?,?,00007FFC60882A0E,?,?,?,?,00000000,00007FFC60882999), ref: 00007FFC60882A3D
                                                                                                                                                                • Part of subcall function 00007FFC60882B54: PyLong_FromUnsignedLongLong.PYTHON310(?,?,?,00007FFC60882A61,?,?,?,00007FFC60882A0E,?,?,?,?,00000000,00007FFC60882999), ref: 00007FFC60882B6C
                                                                                                                                                                • Part of subcall function 00007FFC60882B54: _PyDict_SetItemId.PYTHON310(?,?,?,00007FFC60882A61,?,?,?,00007FFC60882A0E,?,?,?,?,00000000,00007FFC60882999), ref: 00007FFC60882B83
                                                                                                                                                              • PyErr_Format.PYTHON310(?,?,?,00007FFC60882A0E,?,?,?,?,00000000,00007FFC60882999), ref: 00007FFC60885A7C
                                                                                                                                                              • _Py_Dealloc.PYTHON310(?,?,?,00007FFC60882A0E,?,?,?,?,00000000,00007FFC60882999), ref: 00007FFC60885A8F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Dict_Long$DeallocErr_FormatFromItemLong_Unsigned
                                                                                                                                                              • String ID: Invalid filter ID: %llu
                                                                                                                                                              • API String ID: 4092983888-255534617
                                                                                                                                                              • Opcode ID: 02f90e097727a90f364709a2ffa96d8793c5f1fcc7efac9aca69cdc4377c510a
                                                                                                                                                              • Instruction ID: 3883c069663299f6c1c134201cc2750a05f957c562a815910b1a492bb1f491ec
                                                                                                                                                              • Opcode Fuzzy Hash: 02f90e097727a90f364709a2ffa96d8793c5f1fcc7efac9aca69cdc4377c510a
                                                                                                                                                              • Instruction Fuzzy Hash: 2741DC31A8CB2BD1EA29DF1995841782360FF0D7A4B465231C61E677A4EF2CE96DC320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F73360 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,00000000,00007FFC60F72DA4,?,?,?,00007FFC60FB3A07,?,?,?,?,00007FFC60F7720A,?,?,?), ref: 00007FFC60F733D9
                                                                                                                                                              • TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00007FFC60F72DA4,?,?,?,00007FFC60FB3A07,?,?,?,?,00007FFC60F7720A,?,?,?), ref: 00007FFC60FABC5E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressProcValue
                                                                                                                                                              • String ID: FlsGetValue$LCMapStringEx
                                                                                                                                                              • API String ID: 1414840956-552164261
                                                                                                                                                              • Opcode ID: 057292a9f8eaf09dec05bf75a1bb2fd3eb35b4e290f2ce56d0f51df6153956ce
                                                                                                                                                              • Instruction ID: 20beb0289a8d492710b1d6c7cfa1d7904d5934175dc3e6118349ad9f6bda9953
                                                                                                                                                              • Opcode Fuzzy Hash: 057292a9f8eaf09dec05bf75a1bb2fd3eb35b4e290f2ce56d0f51df6153956ce
                                                                                                                                                              • Instruction Fuzzy Hash: 1F210020B0D72AC2FF448B19E8541382392AF48FB1F055B38C92E573D8DE2CE449C321
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC62CB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                              			E00007FF77FF78EC62CB0(void* __ecx, void* __fp0, void* __rcx, char _a24, signed int _a8216) {
				void* __rbx;
				void* _t10;
				void* _t21;
				signed long long _t22;
				signed long long _t23;
				void* _t24;
				void* _t34;
				void* _t35;
				void* _t36;
				void* _t39;
				void* _t40;
				void* _t41;
				void* _t42;

				E00007FF77FF78EC6A070(0x2030, _t21, _t41, _t42);
				_t22 =  *0x8ec9d000; // 0x5e06c6841c27
				_t23 = _t22 ^ _t36 - _t21;
				_a8216 = _t23;
				_t24 = __rcx;
				r8d = 0x1000;
				if (GetModuleFileNameW(??, ??, ??) != 0) goto 0x8ec62d02;
				E00007FF77FF78EC61CB0("GetModuleFileNameW", "Failed to get executable path.\n", _t39, _t40);
				goto 0x8ec62d2f;
				r8d = 0x1000;
				_t10 = E00007FF77FF78EC66E20(0, __fp0, _t24, _t24,  &_a24, _t34, _t35, _t39);
				if (_t23 != 0) goto 0x8ec62d2a;
				E00007FF77FF78EC61C50(_t10, 0, __fp0, _t23, "Failed to convert executable path to UTF-8.\n",  &_a24, _t39, _t40);
				goto 0x8ec62d2f;
				return E00007FF77FF78EC6A040(1, 0, _a8216 ^ _t36 - _t21);
			}
















                                                                                                                                                              0x7ff78ec62cb7
                                                                                                                                                              0x7ff78ec62cbf
                                                                                                                                                              0x7ff78ec62cc6
                                                                                                                                                              0x7ff78ec62cc9
                                                                                                                                                              0x7ff78ec62cd1
                                                                                                                                                              0x7ff78ec62cdb
                                                                                                                                                              0x7ff78ec62ce9
                                                                                                                                                              0x7ff78ec62cf9
                                                                                                                                                              0x7ff78ec62d00
                                                                                                                                                              0x7ff78ec62d02
                                                                                                                                                              0x7ff78ec62d10
                                                                                                                                                              0x7ff78ec62d18
                                                                                                                                                              0x7ff78ec62d21
                                                                                                                                                              0x7ff78ec62d28
                                                                                                                                                              0x7ff78ec62d47

                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF78EC627A9,?,?,?,?,?,?), ref: 00007FF78EC62CE1
                                                                                                                                                                • Part of subcall function 00007FF78EC61CB0: GetLastError.KERNEL32(?,?,00000000,00007FF78EC66864,?,?,?,?,?,?,?,?,?,?,?,00007FF78EC61023), ref: 00007FF78EC61CD7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                              • API String ID: 2776309574-1977442011
                                                                                                                                                              • Opcode ID: 0cff5fcce7856d25588ac3ac501d08191fab4f7710d19473910b57b7792c85b8
                                                                                                                                                              • Instruction ID: 4ed4d230c5822de5a0ca8173e066d5a3b5a2302273fc6ee52a4493869ed2df2e
                                                                                                                                                              • Opcode Fuzzy Hash: 0cff5fcce7856d25588ac3ac501d08191fab4f7710d19473910b57b7792c85b8
                                                                                                                                                              • Instruction Fuzzy Hash: 9F018421F1D64295FA65B7A0E8153F79291BF58384FE00439DD4E866A6EF3CE104C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60880F58 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PyLong_AsUnsignedLongLong.PYTHON310(?,?,00000006,00007FFC6087FE48), ref: 00007FFC60880F65
                                                                                                                                                              • PyErr_Occurred.PYTHON310(?,?,00000006,00007FFC6087FE48), ref: 00007FFC60880F6E
                                                                                                                                                              • PyErr_SetString.PYTHON310(?,?,00000006,00007FFC6087FE48), ref: 00007FFC60885723
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                                              • String ID: Value too large for uint32_t type
                                                                                                                                                              • API String ID: 944333170-1712686559
                                                                                                                                                              • Opcode ID: d33b282b86ab7943e29c954141a95f9a9e46f931ae877c3def03cda94fcc601f
                                                                                                                                                              • Instruction ID: 97581a24854fdc7d839f8d5a6de52721e751bdb28a0451c4a78a1789b047d0e5
                                                                                                                                                              • Opcode Fuzzy Hash: d33b282b86ab7943e29c954141a95f9a9e46f931ae877c3def03cda94fcc601f
                                                                                                                                                              • Instruction Fuzzy Hash: A8F05E20B8D61BC6EB60DB15F4841352360BB4CB84F058030EA0E56361EF3CE84CC720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60885C7C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                                              • String ID: Value too large for lzma_match_finder type
                                                                                                                                                              • API String ID: 944333170-1161044407
                                                                                                                                                              • Opcode ID: 4086c47cd6e7815f8148df810710cdc45b33633cb648597e27ca0eea8bd09408
                                                                                                                                                              • Instruction ID: f77a6482f66ecea96d6258b6aaba20d8955a4766740ad267e5153fb7c6e21c2b
                                                                                                                                                              • Opcode Fuzzy Hash: 4086c47cd6e7815f8148df810710cdc45b33633cb648597e27ca0eea8bd09408
                                                                                                                                                              • Instruction Fuzzy Hash: 4DF03421B8C72AC2EA50CB15F58413823A1BF4CB84F0A4435DA0E26361DF3CE898CB20
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60885CD4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                                              • String ID: Value too large for lzma_mode type
                                                                                                                                                              • API String ID: 944333170-1290617251
                                                                                                                                                              • Opcode ID: dcc1551f3ad05c8d1233d96a3a6489de10d3a06da822f928179e18d0b042b23e
                                                                                                                                                              • Instruction ID: b2b6b19025e7cc0afde48345b7ef226df9d9dc6235859977d8166da4975b60e5
                                                                                                                                                              • Opcode Fuzzy Hash: dcc1551f3ad05c8d1233d96a3a6489de10d3a06da822f928179e18d0b042b23e
                                                                                                                                                              • Instruction Fuzzy Hash: E6F0D421B9C76BC2EA548F55F5841386361BF4CB85F1A9034DA1F56360DE3CE498C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F73220 Relevance: 6.3, APIs: 5, Instructions: 84COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                              			E00007FFC7FFC60F73220(signed long long __rax, long long __rbx, long long __rsi) {
				long _t11;
				void* _t12;
				long _t14;
				void* _t15;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t21;
				signed long long _t26;
				signed long long _t28;
				void* _t33;
				signed long long _t34;
				long long _t37;
				intOrPtr _t38;
				long long _t40;
				void* _t44;

				_t37 = __rsi;
				_t31 = __rbx;
				_t28 = __rax;
				 *((long long*)(_t44 + 0x10)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = _t40;
				_t11 = GetLastError();
				_t18 =  *0x6104f484; // 0x6
				if (_t18 == 0xffffffff) goto 0x60f732e4;
				_t12 = E00007FFC7FFC60F73360(_t11, _t18, __rbx, __rsi, _t33);
				_t34 = _t28;
				if (_t28 == 0) goto 0x60fb2eea;
				if (_t28 == 0xffffffff) goto 0x60f7331f;
				_t26 = _t34;
				if (_t26 == 0) goto 0x60f7331f;
				_t19 =  *0x6104f480; // 0x5
				E00007FFC7FFC60F73360(_t12, _t19, _t31, _t37);
				SetLastError(??);
				if (_t26 == 0) goto 0x60f73327;
				 *((long long*)(_t44 - 0x20 + 0x30)) = _t37;
				_t38 =  *((intOrPtr*)(_t28 * 0x3c8 + _t34 + 0x90));
				_t14 = GetLastError();
				_t21 =  *0x6104f480; // 0x5
				_t15 = E00007FFC7FFC60F73360(_t14, _t21, _t31, _t38);
				SetLastError(??);
				if (_t38 !=  *((intOrPtr*)(0x61050db0 + _t28 * 8))) goto 0x60fb2f0a;
				return _t15;
			}


















                                                                                                                                                              0x7ffc60f73220
                                                                                                                                                              0x7ffc60f73220
                                                                                                                                                              0x7ffc60f73220
                                                                                                                                                              0x7ffc60f73220
                                                                                                                                                              0x7ffc60f73225
                                                                                                                                                              0x7ffc60f7322f
                                                                                                                                                              0x7ffc60f73235
                                                                                                                                                              0x7ffc60f73240
                                                                                                                                                              0x7ffc60f73246
                                                                                                                                                              0x7ffc60f7324b
                                                                                                                                                              0x7ffc60f73251
                                                                                                                                                              0x7ffc60f7325b
                                                                                                                                                              0x7ffc60f73261
                                                                                                                                                              0x7ffc60f73264
                                                                                                                                                              0x7ffc60f7326a
                                                                                                                                                              0x7ffc60f73270
                                                                                                                                                              0x7ffc60f7327e
                                                                                                                                                              0x7ffc60f73287
                                                                                                                                                              0x7ffc60f7328d
                                                                                                                                                              0x7ffc60f73292
                                                                                                                                                              0x7ffc60f73299
                                                                                                                                                              0x7ffc60f7329f
                                                                                                                                                              0x7ffc60f732a7
                                                                                                                                                              0x7ffc60f732b1
                                                                                                                                                              0x7ffc60f732c2
                                                                                                                                                              0x7ffc60f732e3

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                                              • Opcode ID: 95e35b2fe7fb6bc5e969033803e6b2634b05f674bd949e16d4268eb74969d5e0
                                                                                                                                                              • Instruction ID: 2b4624213d0847afd1fecbe736bf993556f50ef41324f8887a34d38238815157
                                                                                                                                                              • Opcode Fuzzy Hash: 95e35b2fe7fb6bc5e969033803e6b2634b05f674bd949e16d4268eb74969d5e0
                                                                                                                                                              • Instruction Fuzzy Hash: 95316220E4C67AC6FB546BA5A5911B92355AF44FA2F050234D52E277D6DE2CE800C723
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F730C0 Relevance: 6.3, APIs: 5, Instructions: 84COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                              			E00007FFC7FFC60F730C0(signed long long __rax, long long __rbx, long long __rsi) {
				long _t11;
				void* _t12;
				long _t14;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t22;
				signed long long _t27;
				signed long long _t29;
				void* _t33;
				signed long long _t34;
				long long _t37;
				intOrPtr _t38;
				long long _t40;
				void* _t44;

				_t37 = __rsi;
				_t31 = __rbx;
				_t29 = __rax;
				 *((long long*)(_t44 + 0x10)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = _t40;
				_t11 = GetLastError();
				_t19 =  *0x6104f484; // 0x6
				if (_t19 == 0xffffffff) goto 0x60f73180;
				_t12 = E00007FFC7FFC60F73360(_t11, _t19, __rbx, __rsi, _t33);
				_t34 = _t29;
				if (_t29 == 0) goto 0x60fb2eca;
				if (_t29 == 0xffffffff) goto 0x60f731bb;
				_t27 = _t34;
				if (_t27 == 0) goto 0x60f731bb;
				_t20 =  *0x6104f480; // 0x5
				E00007FFC7FFC60F73360(_t12, _t20, _t31, _t37);
				SetLastError(??);
				if (_t27 == 0) goto 0x60f731c3;
				 *((long long*)(_t44 - 0x20 + 0x30)) = _t37;
				_t38 =  *((intOrPtr*)(_t29 * 0x3c8 + _t34 + 0x90));
				_t14 = GetLastError();
				_t22 =  *0x6104f480; // 0x5
				E00007FFC7FFC60F73360(_t14, _t22, _t31, _t38);
				SetLastError(??);
				if (_t38 !=  *((intOrPtr*)(0x61050db0 + _t29 * 8))) goto 0x60f731ed;
				return  *((intOrPtr*)(_t38 + 0xc));
			}

















                                                                                                                                                              0x7ffc60f730c0
                                                                                                                                                              0x7ffc60f730c0
                                                                                                                                                              0x7ffc60f730c0
                                                                                                                                                              0x7ffc60f730c0
                                                                                                                                                              0x7ffc60f730c5
                                                                                                                                                              0x7ffc60f730cf
                                                                                                                                                              0x7ffc60f730d5
                                                                                                                                                              0x7ffc60f730e0
                                                                                                                                                              0x7ffc60f730e6
                                                                                                                                                              0x7ffc60f730eb
                                                                                                                                                              0x7ffc60f730f1
                                                                                                                                                              0x7ffc60f730fb
                                                                                                                                                              0x7ffc60f73101
                                                                                                                                                              0x7ffc60f73104
                                                                                                                                                              0x7ffc60f7310a
                                                                                                                                                              0x7ffc60f73110
                                                                                                                                                              0x7ffc60f7311e
                                                                                                                                                              0x7ffc60f73127
                                                                                                                                                              0x7ffc60f7312d
                                                                                                                                                              0x7ffc60f73132
                                                                                                                                                              0x7ffc60f73139
                                                                                                                                                              0x7ffc60f7313f
                                                                                                                                                              0x7ffc60f73147
                                                                                                                                                              0x7ffc60f73151
                                                                                                                                                              0x7ffc60f73162
                                                                                                                                                              0x7ffc60f7317f

                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFC60F62468,?,?,00000000,?,00000000,00007FFC60F62036), ref: 00007FFC60F730CF
                                                                                                                                                              • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFC60F62468,?,?,00000000,?,00000000,00007FFC60F62036), ref: 00007FFC60F7311E
                                                                                                                                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFC60F62468,?,?,00000000,?,00000000,00007FFC60F62036), ref: 00007FFC60F73139
                                                                                                                                                              • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFC60F62468,?,?,00000000,?,00000000,00007FFC60F62036), ref: 00007FFC60F73151
                                                                                                                                                              • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFC60F62468,?,?,00000000,?,00000000,00007FFC60F62036), ref: 00007FFC60F731BD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                                              • Opcode ID: 4b072c4f41e0c29ffac2bdd6793fe4eaca542d2c3dc99b5baaaa218d0e2c50a0
                                                                                                                                                              • Instruction ID: 7f30073587cee242dffe401694e80493de6ee38336a4f7bb8c73bb6c060b72b3
                                                                                                                                                              • Opcode Fuzzy Hash: 4b072c4f41e0c29ffac2bdd6793fe4eaca542d2c3dc99b5baaaa218d0e2c50a0
                                                                                                                                                              • Instruction Fuzzy Hash: 80319320E4C63ED6FB54A7A5A9811792395AF44FA2F050634D52E277D6DE6CF800C333
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7BF30 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E00007FF77FF78EC7BF30(signed int __edx, void* __edi, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t182;
				signed int _t186;
				signed int _t193;
				signed int _t198;
				void* _t212;
				signed char _t213;
				void* _t229;
				void* _t230;
				void* _t263;
				signed long long _t264;
				signed long long _t267;
				long long _t269;
				signed long long _t271;
				long long _t276;
				long long _t278;
				long long _t280;
				intOrPtr* _t289;
				intOrPtr _t294;
				long long _t295;
				long long _t318;
				void* _t326;
				long long _t327;
				void* _t328;
				long long _t329;
				intOrPtr* _t330;
				long long _t331;
				signed char* _t332;
				signed char* _t333;
				signed char* _t334;
				intOrPtr* _t335;
				void* _t336;
				void* _t337;
				signed long long _t338;
				intOrPtr _t341;
				signed long long _t343;
				void* _t345;
				intOrPtr* _t347;
				intOrPtr _t351;
				signed long long _t356;
				signed long long _t359;
				signed long long _t361;
				void* _t364;
				long long _t365;
				long long _t367;
				char _t368;
				void* _t372;
				signed char* _t373;
				signed long long _t375;

				_t263 = _t337;
				_t336 = _t263 - 0x57;
				_t338 = _t337 - 0xe0;
				 *((long long*)(_t336 - 9)) = 0xfffffffe;
				 *((long long*)(_t263 + 8)) = __rbx;
				_t264 =  *0x8ec9d000; // 0x5e06c6841c27
				 *(_t336 + 0x17) = _t264 ^ _t338;
				_t330 = __r8;
				 *((long long*)(_t336 - 0x49)) = __r8;
				_t289 = __rcx;
				_t367 =  *((intOrPtr*)(_t336 + 0x7f));
				 *((long long*)(_t336 - 0x51)) = _t367;
				 *(_t336 - 0x19) = __edx;
				_t267 = __edx >> 6;
				 *(_t336 - 0x59) = _t267;
				 *(_t336 - 0x11) = __edx;
				_t375 = __edx + __edx * 8;
				_t269 =  *((intOrPtr*)( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t267 * 8)) + 0x28 + _t375 * 8));
				 *((long long*)(_t336 - 0x29)) = _t269;
				r12d = r9d;
				_t365 = _t364 + __r8;
				 *((long long*)(_t336 - 0x71)) = _t365;
				 *((intOrPtr*)(_t336 - 0x61)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)(_t367 + 0x28)) != dil) goto 0x8ec7bfd0;
				E00007FF77FF78EC735D0(_t269, __rcx, _t367, __r8);
				_t24 = _t367 + 0x18; // 0x58d48cccccccccc
				_t294 =  *_t24;
				r8d =  *(_t294 + 0xc);
				 *(_t336 - 0x5d) = r8d;
				 *_t289 = _t269;
				 *((intOrPtr*)(_t289 + 8)) = 0;
				if ( *((intOrPtr*)(_t336 - 0x49)) - _t365 >= 0) goto 0x8ec7c390;
				_t271 = __edx >> 6;
				 *(_t336 - 0x21) = _t271;
				 *((char*)(_t338 + 0x40)) =  *_t330;
				 *((intOrPtr*)(_t336 - 0x7d)) = 0;
				r12d = 1;
				if (r8d != 0xfde9) goto 0x8ec7c198;
				_t347 = 0x3e + _t375 * 8 +  *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t271 * 8));
				if ( *_t347 == dil) goto 0x8ec7c04c;
				_t372 = _t329 + 1;
				if (_t372 - 5 < 0) goto 0x8ec7c039;
				if (_t372 == 0) goto 0x8ec7c12a;
				r12d =  *((char*)(_t294 + 0x7ff78ec9d2d0));
				r12d = r12d + 1;
				_t182 = r12d - 1;
				 *((intOrPtr*)(_t336 - 0x69)) = _t182;
				_t341 = _t182;
				if (_t341 -  *((intOrPtr*)(_t336 - 0x71)) - _t330 > 0) goto 0x8ec7c2ff;
				_t295 = _t329;
				 *((char*)(_t336 + _t295 - 1)) =  *_t347;
				if (_t295 + 1 - _t372 < 0) goto 0x8ec7c091;
				if (_t341 <= 0) goto 0x8ec7c0c2;
				E00007FF77FF78EC6ADF0();
				_t318 = _t329;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 +  *(_t336 - 0x59) * 8)) + _t318 + 0x3e + _t375 * 8)) = dil;
				if (_t318 + 1 - _t372 < 0) goto 0x8ec7c0c5;
				 *((long long*)(_t336 - 0x41)) = _t329;
				_t276 = _t336 - 1;
				 *((long long*)(_t336 - 0x39)) = _t276;
				_t186 = (0 | r12d == 0x00000004) + 1;
				r12d = _t186;
				r8d = _t186;
				 *((long long*)(_t338 + 0x20)) = _t367;
				E00007FF77FF78EC7F938(_t186, _t289, _t336 - 0x7d, _t336 - 0x39, _t330, _t341, _t336 - 0x41);
				if (_t276 == 0xffffffff) goto 0x8ec7c390;
				_t331 = _t330 +  *((intOrPtr*)(_t336 - 0x69)) - 1;
				goto 0x8ec7c22d;
				_t368 =  *((char*)(_t276 + 0x7ff78ec9d2d0));
				_t212 = _t368 + 1;
				_t343 =  *((intOrPtr*)(_t336 - 0x71)) - _t331;
				if (_t212 - _t343 > 0) goto 0x8ec7c32d;
				 *((long long*)(_t336 - 0x69)) = _t329;
				 *((long long*)(_t336 - 0x31)) = _t331;
				_t193 = (0 | _t212 == 0x00000004) + 1;
				r14d = _t193;
				r8d = _t193;
				_t278 =  *((intOrPtr*)(_t336 - 0x51));
				 *((long long*)(_t338 + 0x20)) = _t278;
				E00007FF77FF78EC7F938(_t193, _t289, _t336 - 0x7d, _t336 - 0x31, _t331, _t343, _t336 - 0x69);
				if (_t278 == 0xffffffff) goto 0x8ec7c390;
				_t332 = _t331 + _t368;
				r12d = r14d;
				_t369 =  *((intOrPtr*)(_t336 - 0x51));
				goto 0x8ec7c22d;
				_t359 =  *(_t336 - 0x59);
				_t351 =  *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t359 * 8));
				_t213 =  *(_t351 + 0x3d + _t375 * 8);
				if ((_t213 & 0x00000004) == 0) goto 0x8ec7c1cf;
				 *((char*)(_t336 + 7)) =  *((intOrPtr*)(_t351 + 0x3e + _t375 * 8));
				 *((char*)(_t336 + 8)) =  *_t332;
				 *(_t351 + 0x3d + _t375 * 8) = _t213 & 0x000000fb;
				r8d = 2;
				goto 0x8ec7c218;
				r8d =  *_t332 & 0x000000ff;
				_t102 = _t369 + 0x18; // 0x58d48cccccccccc
				if ( *((intOrPtr*)( *((intOrPtr*)( *_t102)) + _t343 * 2)) >= 0) goto 0x8ec7c212;
				_t373 =  &(_t332[1]);
				if (_t373 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0x8ec7c36b;
				r8d = 2;
				if (E00007FF77FF78EC7E0A0(_t230, _t289, _t336 - 0x7d, _t332, _t329, _t332, _t336, _t343,  *((intOrPtr*)(_t336 - 0x51))) == 0xffffffff) goto 0x8ec7c390;
				_t333 = _t373;
				goto 0x8ec7c22d;
				_t198 = E00007FF77FF78EC7E0A0(_t230, _t289, _t336 - 0x7d, _t333, _t329, _t333, _t336, _t365,  *((intOrPtr*)(_t336 - 0x51)));
				if (_t198 == 0xffffffff) goto 0x8ec7c390;
				_t334 =  &(_t333[1]);
				 *((long long*)(_t338 + 0x38)) = _t329;
				 *((long long*)(_t338 + 0x30)) = _t329;
				 *((intOrPtr*)(_t338 + 0x28)) = 5;
				_t280 = _t336 + 0xf;
				 *((long long*)(_t338 + 0x20)) = _t280;
				r9d = r12d;
				_t345 = _t336 - 0x7d;
				E00007FF77FF78EC7F4A4();
				r14d = _t198;
				if (_t198 == 0) goto 0x8ec7c390;
				 *((long long*)(_t338 + 0x20)) = _t329;
				r8d = _t198;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8ec7c388;
				 *((intOrPtr*)(_t289 + 4)) = _t229 -  *((intOrPtr*)(_t336 - 0x49)) +  *((intOrPtr*)(_t289 + 8));
				if ( *((intOrPtr*)(_t336 - 0x79)) - r14d < 0) goto 0x8ec7c390;
				if ( *((char*)(_t338 + 0x40)) != 0xa) goto 0x8ec7c2e8;
				 *((short*)(_t338 + 0x40)) = 0xd;
				 *((long long*)(_t338 + 0x20)) = _t329;
				_t128 = _t280 - 0xc; // 0x1
				r8d = _t128;
				_t326 = _t338 + 0x40;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8ec7c388;
				if ( *((intOrPtr*)(_t336 - 0x79)) - 1 < 0) goto 0x8ec7c390;
				 *((intOrPtr*)(_t289 + 8)) =  *((intOrPtr*)(_t289 + 8)) + 1;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + 1;
				if (_t334 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0x8ec7c390;
				r8d =  *(_t336 - 0x5d);
				goto 0x8ec7bffb;
				if (_t326 <= 0) goto 0x8ec7c328;
				_t335 = _t334 - _t373;
				 *((char*)( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t359 * 8)) + _t373 + 0x3e + _t375 * 8)) =  *((intOrPtr*)(_t335 + _t373));
				if (1 - _t326 < 0) goto 0x8ec7c307;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) +  *((intOrPtr*)(_t289 + 4));
				goto 0x8ec7c390;
				if (_t345 <= 0) goto 0x8ec7c365;
				_t327 = _t329;
				_t361 =  *(_t336 - 0x19) >> 6;
				_t356 =  *(_t336 - 0x11) +  *(_t336 - 0x11) * 8;
				 *((char*)( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t361 * 8)) + _t356 * 8 + _t327 + 0x3e)) =  *((intOrPtr*)(_t327 + _t335));
				_t328 = _t327 + 1;
				if (2 - _t345 < 0) goto 0x8ec7c345;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + r8d;
				goto 0x8ec7c390;
				 *((char*)(_t356 + 0x3e + _t375 * 8)) =  *_t335;
				 *( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t361 * 8)) + 0x3d + _t375 * 8) =  *( *((intOrPtr*)(0x7ff78ec60000 + 0x4ca50 + _t361 * 8)) + 0x3d + _t375 * 8) | 0x00000004;
				_t174 = _t328 + 1; // 0x1
				 *((intOrPtr*)(_t289 + 4)) = _t174;
				goto 0x8ec7c390;
				 *_t289 = GetLastError();
				return E00007FF77FF78EC6A040(_t206,  *((intOrPtr*)(_t336 - 0x61)),  *(_t336 + 0x17) ^ _t338);
			}






















































                                                                                                                                                              0x7ff78ec7bf30
                                                                                                                                                              0x7ff78ec7bf3e
                                                                                                                                                              0x7ff78ec7bf42
                                                                                                                                                              0x7ff78ec7bf49
                                                                                                                                                              0x7ff78ec7bf51
                                                                                                                                                              0x7ff78ec7bf55
                                                                                                                                                              0x7ff78ec7bf5f
                                                                                                                                                              0x7ff78ec7bf63
                                                                                                                                                              0x7ff78ec7bf66
                                                                                                                                                              0x7ff78ec7bf6d
                                                                                                                                                              0x7ff78ec7bf70
                                                                                                                                                              0x7ff78ec7bf74
                                                                                                                                                              0x7ff78ec7bf7b
                                                                                                                                                              0x7ff78ec7bf82
                                                                                                                                                              0x7ff78ec7bf86
                                                                                                                                                              0x7ff78ec7bf94
                                                                                                                                                              0x7ff78ec7bf98
                                                                                                                                                              0x7ff78ec7bfa4
                                                                                                                                                              0x7ff78ec7bfa9
                                                                                                                                                              0x7ff78ec7bfad
                                                                                                                                                              0x7ff78ec7bfb0
                                                                                                                                                              0x7ff78ec7bfb3
                                                                                                                                                              0x7ff78ec7bfbd
                                                                                                                                                              0x7ff78ec7bfc6
                                                                                                                                                              0x7ff78ec7bfcb
                                                                                                                                                              0x7ff78ec7bfd0
                                                                                                                                                              0x7ff78ec7bfd0
                                                                                                                                                              0x7ff78ec7bfd4
                                                                                                                                                              0x7ff78ec7bfd8
                                                                                                                                                              0x7ff78ec7bfde
                                                                                                                                                              0x7ff78ec7bfe1
                                                                                                                                                              0x7ff78ec7bfe8
                                                                                                                                                              0x7ff78ec7bff1
                                                                                                                                                              0x7ff78ec7bff5
                                                                                                                                                              0x7ff78ec7bffd
                                                                                                                                                              0x7ff78ec7c001
                                                                                                                                                              0x7ff78ec7c004
                                                                                                                                                              0x7ff78ec7c018
                                                                                                                                                              0x7ff78ec7c033
                                                                                                                                                              0x7ff78ec7c03c
                                                                                                                                                              0x7ff78ec7c040
                                                                                                                                                              0x7ff78ec7c04a
                                                                                                                                                              0x7ff78ec7c04f
                                                                                                                                                              0x7ff78ec7c067
                                                                                                                                                              0x7ff78ec7c070
                                                                                                                                                              0x7ff78ec7c076
                                                                                                                                                              0x7ff78ec7c078
                                                                                                                                                              0x7ff78ec7c082
                                                                                                                                                              0x7ff78ec7c088
                                                                                                                                                              0x7ff78ec7c08e
                                                                                                                                                              0x7ff78ec7c094
                                                                                                                                                              0x7ff78ec7c0a1
                                                                                                                                                              0x7ff78ec7c0a6
                                                                                                                                                              0x7ff78ec7c0b2
                                                                                                                                                              0x7ff78ec7c0c2
                                                                                                                                                              0x7ff78ec7c0d0
                                                                                                                                                              0x7ff78ec7c0db
                                                                                                                                                              0x7ff78ec7c0dd
                                                                                                                                                              0x7ff78ec7c0e1
                                                                                                                                                              0x7ff78ec7c0e5
                                                                                                                                                              0x7ff78ec7c0f2
                                                                                                                                                              0x7ff78ec7c0f4
                                                                                                                                                              0x7ff78ec7c0f7
                                                                                                                                                              0x7ff78ec7c0fa
                                                                                                                                                              0x7ff78ec7c10b
                                                                                                                                                              0x7ff78ec7c114
                                                                                                                                                              0x7ff78ec7c122
                                                                                                                                                              0x7ff78ec7c125
                                                                                                                                                              0x7ff78ec7c12d
                                                                                                                                                              0x7ff78ec7c136
                                                                                                                                                              0x7ff78ec7c13e
                                                                                                                                                              0x7ff78ec7c147
                                                                                                                                                              0x7ff78ec7c14d
                                                                                                                                                              0x7ff78ec7c151
                                                                                                                                                              0x7ff78ec7c15d
                                                                                                                                                              0x7ff78ec7c15f
                                                                                                                                                              0x7ff78ec7c162
                                                                                                                                                              0x7ff78ec7c165
                                                                                                                                                              0x7ff78ec7c169
                                                                                                                                                              0x7ff78ec7c17a
                                                                                                                                                              0x7ff78ec7c183
                                                                                                                                                              0x7ff78ec7c189
                                                                                                                                                              0x7ff78ec7c18c
                                                                                                                                                              0x7ff78ec7c18f
                                                                                                                                                              0x7ff78ec7c193
                                                                                                                                                              0x7ff78ec7c198
                                                                                                                                                              0x7ff78ec7c19c
                                                                                                                                                              0x7ff78ec7c1a4
                                                                                                                                                              0x7ff78ec7c1ac
                                                                                                                                                              0x7ff78ec7c1b3
                                                                                                                                                              0x7ff78ec7c1b8
                                                                                                                                                              0x7ff78ec7c1be
                                                                                                                                                              0x7ff78ec7c1c3
                                                                                                                                                              0x7ff78ec7c1cd
                                                                                                                                                              0x7ff78ec7c1cf
                                                                                                                                                              0x7ff78ec7c1d3
                                                                                                                                                              0x7ff78ec7c1df
                                                                                                                                                              0x7ff78ec7c1e1
                                                                                                                                                              0x7ff78ec7c1e9
                                                                                                                                                              0x7ff78ec7c1f2
                                                                                                                                                              0x7ff78ec7c207
                                                                                                                                                              0x7ff78ec7c20d
                                                                                                                                                              0x7ff78ec7c210
                                                                                                                                                              0x7ff78ec7c21f
                                                                                                                                                              0x7ff78ec7c227
                                                                                                                                                              0x7ff78ec7c22d
                                                                                                                                                              0x7ff78ec7c230
                                                                                                                                                              0x7ff78ec7c235
                                                                                                                                                              0x7ff78ec7c23a
                                                                                                                                                              0x7ff78ec7c242
                                                                                                                                                              0x7ff78ec7c246
                                                                                                                                                              0x7ff78ec7c24b
                                                                                                                                                              0x7ff78ec7c24e
                                                                                                                                                              0x7ff78ec7c257
                                                                                                                                                              0x7ff78ec7c25c
                                                                                                                                                              0x7ff78ec7c261
                                                                                                                                                              0x7ff78ec7c267
                                                                                                                                                              0x7ff78ec7c270
                                                                                                                                                              0x7ff78ec7c286
                                                                                                                                                              0x7ff78ec7c294
                                                                                                                                                              0x7ff78ec7c29b
                                                                                                                                                              0x7ff78ec7c2a6
                                                                                                                                                              0x7ff78ec7c2ad
                                                                                                                                                              0x7ff78ec7c2b2
                                                                                                                                                              0x7ff78ec7c2bb
                                                                                                                                                              0x7ff78ec7c2bb
                                                                                                                                                              0x7ff78ec7c2bf
                                                                                                                                                              0x7ff78ec7c2cf
                                                                                                                                                              0x7ff78ec7c2d9
                                                                                                                                                              0x7ff78ec7c2df
                                                                                                                                                              0x7ff78ec7c2e2
                                                                                                                                                              0x7ff78ec7c2ec
                                                                                                                                                              0x7ff78ec7c2f6
                                                                                                                                                              0x7ff78ec7c2fa
                                                                                                                                                              0x7ff78ec7c302
                                                                                                                                                              0x7ff78ec7c304
                                                                                                                                                              0x7ff78ec7c316
                                                                                                                                                              0x7ff78ec7c326
                                                                                                                                                              0x7ff78ec7c328
                                                                                                                                                              0x7ff78ec7c32b
                                                                                                                                                              0x7ff78ec7c330
                                                                                                                                                              0x7ff78ec7c332
                                                                                                                                                              0x7ff78ec7c339
                                                                                                                                                              0x7ff78ec7c341
                                                                                                                                                              0x7ff78ec7c354
                                                                                                                                                              0x7ff78ec7c35a
                                                                                                                                                              0x7ff78ec7c363
                                                                                                                                                              0x7ff78ec7c365
                                                                                                                                                              0x7ff78ec7c369
                                                                                                                                                              0x7ff78ec7c36d
                                                                                                                                                              0x7ff78ec7c37a
                                                                                                                                                              0x7ff78ec7c380
                                                                                                                                                              0x7ff78ec7c383
                                                                                                                                                              0x7ff78ec7c386
                                                                                                                                                              0x7ff78ec7c38e
                                                                                                                                                              0x7ff78ec7c3b9

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2718003287-0
                                                                                                                                                              • Opcode ID: 462450d4d902cffcc5a3d4bd936668fc75f0525f5455500ffb60ea8cc1aab69e
                                                                                                                                                              • Instruction ID: d1dd2c036b67977e59942677afcf8d8bddb20bbc5f7ed20d0531c9be7ba05a64
                                                                                                                                                              • Opcode Fuzzy Hash: 462450d4d902cffcc5a3d4bd936668fc75f0525f5455500ffb60ea8cc1aab69e
                                                                                                                                                              • Instruction Fuzzy Hash: F8D1E332F08A8299E710DFB9D8405ACBBB1FB48798B604236DE5E57B95DF38D406C750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC85A38 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00007FF77FF78EC85A38(void* __ebx, void* __ecx, void* __eflags, intOrPtr* __rax, long long __rbx, signed char* __rcx, void* __rdx, long long __rbp, void* __r9, long long _a8, char _a16, long long _a24) {
				signed int _t43;
				signed int _t55;
				signed int _t57;
				signed int _t73;
				signed int _t75;
				void* _t98;
				signed int _t108;
				signed char* _t114;

				_a8 = __rbx;
				_a24 = __rbp;
				_t114 = __rcx;
				 *((char*)(__rcx)) = 0;
				r14d = r9d;
				_t75 = _t73;
				if (__eflags == 0) goto 0x8ec85aad;
				if (__eflags == 0) goto 0x8ec85a89;
				if ((_t73 & 0x00000003) - 1 == 1) goto 0x8ec85a82;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec85ab2;
				goto 0x8ec85ab2;
				asm("sbb ecx, ecx");
				goto 0x8ec85ab2;
				_t114[4] = 0x80000000;
				_t43 = _t75 & 0x00000700;
				if ((dil & 0x00000008) == 0) goto 0x8ec85b21;
				if (_t43 == 0x100) goto 0x8ec85b1a;
				if (_t43 == 0x200) goto 0x8ec85b13;
				if (_t43 == 0x300) goto 0x8ec85b0c;
				if (_t43 == 0x400) goto 0x8ec85b21;
				if (_t43 == 0x500) goto 0x8ec85b05;
				if (_t43 == 0x600) goto 0x8ec85b13;
				_t98 = _t43 - 0x700;
				if (_t98 == 0) goto 0x8ec85b05;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec85b26;
				goto 0x8ec85b26;
				goto 0x8ec85b26;
				goto 0x8ec85b26;
				goto 0x8ec85b26;
				_t114[8] = 3;
				if (_t98 == 0) goto 0x8ec85b77;
				if (_t98 == 0) goto 0x8ec85b70;
				if (_t98 == 0) goto 0x8ec85b69;
				if (_t98 == 0) goto 0x8ec85b62;
				if (r8d - 0xffffffffffffffe0 == 0x40) goto 0x8ec85b54;
				E00007FF77FF78EC75E08(__rax);
				 *__rax = 0x16;
				E00007FF77FF78EC7A250();
				goto 0x8ec85b79;
				sil = _t114[4] == 0x80000000;
				goto 0x8ec85b79;
				goto 0x8ec85b79;
				goto 0x8ec85b79;
				goto 0x8ec85b79;
				_t114[0x14] = _t114[0x14] & 0x00000000;
				_t114[0xc] = 0;
				_t114[0x10] = 0x80;
				if (dil >= 0) goto 0x8ec85b8f;
				 *_t114 =  *_t114 | 0x00000010;
				if ((0x00008000 & _t75) != 0) goto 0x8ec85bb7;
				if ((_t75 & 0x00074000) != 0) goto 0x8ec85bb4;
				if (E00007FF77FF78EC7557C(_t114[4], __rax,  &_a16) != 0) goto 0x8ec85c2c;
				if (_a16 == 0x8000) goto 0x8ec85bb7;
				 *_t114 =  *_t114 | 0x00000080;
				if ((0x00000100 & _t75) == 0) goto 0x8ec85bd6;
				_t55 =  *0x8ecad3b8; // 0x0
				_t57 =  !_t55 & r14d;
				if (_t57 < 0) goto 0x8ec85bd6;
				_t114[0x10] = 1;
				_t108 = dil & 0x00000040;
				if (_t108 == 0) goto 0x8ec85bea;
				asm("bts dword [ebx+0x14], 0x1a");
				asm("bts dword [ebx+0x4], 0x10");
				_t114[0xc] = _t114[0xc] | 0x00000004;
				asm("bt edi, 0xc");
				if (_t108 >= 0) goto 0x8ec85bf3;
				_t114[0x10] = _t114[0x10] | 0x00000100;
				asm("bt edi, 0xd");
				if (_t108 >= 0) goto 0x8ec85bfe;
				asm("bts dword [ebx+0x14], 0x19");
				if ((dil & 0x00000020) == 0) goto 0x8ec85c0b;
				asm("bts dword [ebx+0x14], 0x1b");
				goto 0x8ec85c16;
				if ((dil & 0x00000010) == 0) goto 0x8ec85c16;
				asm("bts dword [ebx+0x14], 0x1c");
				return _t57;
			}











                                                                                                                                                              0x7ff78ec85a38
                                                                                                                                                              0x7ff78ec85a3d
                                                                                                                                                              0x7ff78ec85a4a
                                                                                                                                                              0x7ff78ec85a4d
                                                                                                                                                              0x7ff78ec85a52
                                                                                                                                                              0x7ff78ec85a58
                                                                                                                                                              0x7ff78ec85a62
                                                                                                                                                              0x7ff78ec85a67
                                                                                                                                                              0x7ff78ec85a6c
                                                                                                                                                              0x7ff78ec85a6e
                                                                                                                                                              0x7ff78ec85a73
                                                                                                                                                              0x7ff78ec85a79
                                                                                                                                                              0x7ff78ec85a80
                                                                                                                                                              0x7ff78ec85a87
                                                                                                                                                              0x7ff78ec85a9d
                                                                                                                                                              0x7ff78ec85aab
                                                                                                                                                              0x7ff78ec85ab4
                                                                                                                                                              0x7ff78ec85abc
                                                                                                                                                              0x7ff78ec85abe
                                                                                                                                                              0x7ff78ec85ac5
                                                                                                                                                              0x7ff78ec85acc
                                                                                                                                                              0x7ff78ec85ad3
                                                                                                                                                              0x7ff78ec85ada
                                                                                                                                                              0x7ff78ec85ae1
                                                                                                                                                              0x7ff78ec85ae8
                                                                                                                                                              0x7ff78ec85aea
                                                                                                                                                              0x7ff78ec85aec
                                                                                                                                                              0x7ff78ec85aee
                                                                                                                                                              0x7ff78ec85af3
                                                                                                                                                              0x7ff78ec85af9
                                                                                                                                                              0x7ff78ec85b03
                                                                                                                                                              0x7ff78ec85b0a
                                                                                                                                                              0x7ff78ec85b11
                                                                                                                                                              0x7ff78ec85b18
                                                                                                                                                              0x7ff78ec85b1f
                                                                                                                                                              0x7ff78ec85b26
                                                                                                                                                              0x7ff78ec85b2c
                                                                                                                                                              0x7ff78ec85b31
                                                                                                                                                              0x7ff78ec85b36
                                                                                                                                                              0x7ff78ec85b3b
                                                                                                                                                              0x7ff78ec85b40
                                                                                                                                                              0x7ff78ec85b42
                                                                                                                                                              0x7ff78ec85b47
                                                                                                                                                              0x7ff78ec85b4d
                                                                                                                                                              0x7ff78ec85b52
                                                                                                                                                              0x7ff78ec85b5c
                                                                                                                                                              0x7ff78ec85b60
                                                                                                                                                              0x7ff78ec85b67
                                                                                                                                                              0x7ff78ec85b6e
                                                                                                                                                              0x7ff78ec85b75
                                                                                                                                                              0x7ff78ec85b79
                                                                                                                                                              0x7ff78ec85b7d
                                                                                                                                                              0x7ff78ec85b80
                                                                                                                                                              0x7ff78ec85b8a
                                                                                                                                                              0x7ff78ec85b8c
                                                                                                                                                              0x7ff78ec85b96
                                                                                                                                                              0x7ff78ec85b9e
                                                                                                                                                              0x7ff78ec85bac
                                                                                                                                                              0x7ff78ec85bb2
                                                                                                                                                              0x7ff78ec85bb4
                                                                                                                                                              0x7ff78ec85bbe
                                                                                                                                                              0x7ff78ec85bc0
                                                                                                                                                              0x7ff78ec85bc8
                                                                                                                                                              0x7ff78ec85bcd
                                                                                                                                                              0x7ff78ec85bcf
                                                                                                                                                              0x7ff78ec85bd6
                                                                                                                                                              0x7ff78ec85bda
                                                                                                                                                              0x7ff78ec85bdc
                                                                                                                                                              0x7ff78ec85be1
                                                                                                                                                              0x7ff78ec85be6
                                                                                                                                                              0x7ff78ec85bea
                                                                                                                                                              0x7ff78ec85bee
                                                                                                                                                              0x7ff78ec85bf0
                                                                                                                                                              0x7ff78ec85bf3
                                                                                                                                                              0x7ff78ec85bf7
                                                                                                                                                              0x7ff78ec85bf9
                                                                                                                                                              0x7ff78ec85c02
                                                                                                                                                              0x7ff78ec85c04
                                                                                                                                                              0x7ff78ec85c09
                                                                                                                                                              0x7ff78ec85c0f
                                                                                                                                                              0x7ff78ec85c11
                                                                                                                                                              0x7ff78ec85c2b

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 72036449-0
                                                                                                                                                              • Opcode ID: 8a406785a72c892738552bbb2d3a95dfeca04d9c4dd013807edb0ef2ae62de69
                                                                                                                                                              • Instruction ID: 96e18da4cb21ae8345940b5a14e844e49c220d24b005e955262596af12a3d768
                                                                                                                                                              • Opcode Fuzzy Hash: 8a406785a72c892738552bbb2d3a95dfeca04d9c4dd013807edb0ef2ae62de69
                                                                                                                                                              • Instruction Fuzzy Hash: 1151A032E0C22246F7696AA8D605379E680FB60714FF94039DA0D472D6DBBCE840C672
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC608781B4 Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PyType_GetModuleState.PYTHON310(?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC608781E9
                                                                                                                                                                • Part of subcall function 00007FFC60881CD4: PyBytes_FromStringAndSize.PYTHON310(?,?,?,00007FFC60878203,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60881D0B
                                                                                                                                                                • Part of subcall function 00007FFC60881CD4: PyList_New.PYTHON310(?,?,?,00007FFC60878203,?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60881D1E
                                                                                                                                                              • PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60878210
                                                                                                                                                              • PyEval_RestoreThread.PYTHON310(?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC60878229
                                                                                                                                                              • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFC60877E54), ref: 00007FFC608782EB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Eval_Thread$Bytes_DeallocFromList_ModuleRestoreSaveSizeStateStringType_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2935988267-0
                                                                                                                                                              • Opcode ID: b2d55186a9b686756c7200328398f67dd0c02e46fff0e496fb409e8ccbb23f85
                                                                                                                                                              • Instruction ID: 848eecf83a2926ebd5562f164c0fa3bb3c7f1928958d26edafbc6d810d146648
                                                                                                                                                              • Opcode Fuzzy Hash: b2d55186a9b686756c7200328398f67dd0c02e46fff0e496fb409e8ccbb23f85
                                                                                                                                                              • Instruction Fuzzy Hash: F641C432B9DA5AC5EA64CB25944417D23A1FF8CB8AF560031DE0D6775ADF7CE448C310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F81150 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 28%
                                                                                                                                                              			E00007FFC7FFC60F81150(void* __edx, void* __rax, long long __rbx, void* __rcx, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16, char _a24, intOrPtr _a40, intOrPtr* _a48) {
				long long _v16;
				intOrPtr _v24;
				intOrPtr _t14;
				void* _t24;
				long long _t25;
				intOrPtr* _t33;

				_t24 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				if (__r8 == 0) goto 0x60fb7288;
				E00007FFC7FFC60F811EC(__rax, __rbx, __r8, __r9, __rcx, __r8);
				if (_t24 == 0) goto 0x60f811e1;
				_t25 =  &_a24;
				_v16 = _t25;
				_v24 = _a40;
				CreateThread(??, ??, ??, ??, ??, ??);
				if (_t25 == 0) goto 0x60fb729f;
				_t33 = _a48;
				if (_t33 == 0) goto 0x60f811c3;
				_t14 = _a24;
				 *_t33 = _t14;
				if (_t24 != 0) goto 0x60fb72b2;
				return _t14;
			}









                                                                                                                                                              0x7ffc60f81150
                                                                                                                                                              0x7ffc60f81150
                                                                                                                                                              0x7ffc60f81155
                                                                                                                                                              0x7ffc60f81167
                                                                                                                                                              0x7ffc60f81173
                                                                                                                                                              0x7ffc60f8117e
                                                                                                                                                              0x7ffc60f81180
                                                                                                                                                              0x7ffc60f81187
                                                                                                                                                              0x7ffc60f8119d
                                                                                                                                                              0x7ffc60f811a1
                                                                                                                                                              0x7ffc60f811ad
                                                                                                                                                              0x7ffc60f811b3
                                                                                                                                                              0x7ffc60f811bb
                                                                                                                                                              0x7ffc60f811bd
                                                                                                                                                              0x7ffc60f811c1
                                                                                                                                                              0x7ffc60f811c8
                                                                                                                                                              0x7ffc60f811e0

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFC60F811EC: GetModuleHandleExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFC60F81178), ref: 00007FFC60F81230
                                                                                                                                                              • CreateThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFC60F811A1
                                                                                                                                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFC60FB729F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateErrorHandleLastModuleThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 182981130-0
                                                                                                                                                              • Opcode ID: a5b4c46c7fbfc90a5948d51b1be21cada93777eb68ff9d6607fe3b31c7df1402
                                                                                                                                                              • Instruction ID: 4b1b8d7758e14759ebdfd4cbb8deef875210df6bdf3b2b5eeb34904a26c3fc1c
                                                                                                                                                              • Opcode Fuzzy Hash: a5b4c46c7fbfc90a5948d51b1be21cada93777eb68ff9d6607fe3b31c7df1402
                                                                                                                                                              • Instruction Fuzzy Hash: D1217125B4DB6AC2FF54DBA194540B9B3A8BF84B80F194531EA1E63795DE3CE400CA62
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC6087771C Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FFC7FFC6087771C(long long __rbx, void* __rcx, long long _a8) {
				void* _t12;
				long long* _t14;
				void* _t18;
				long long* _t23;
				long long* _t26;

				_a8 = __rbx;
				_t18 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0xc8)) != 0) goto 0x6087778c;
				E00007FFC7FFC60877888(__rcx + 0x28);
				_t23 =  *(_t18 + 0xb8);
				_t14 = _t23;
				if (_t14 == 0) goto 0x60877758;
				 *(_t18 + 0xb8) =  *(_t18 + 0xb8) & 0x00000000;
				 *_t23 =  *_t23 - 1;
				if (_t14 == 0) goto 0x60877794;
				if ( *((intOrPtr*)(_t18 + 0xd8)) == 0) goto 0x6087776a;
				__imp__PyThread_free_lock();
				_t26 =  *((intOrPtr*)(_t18 + 8));
				_t12 =  *((intOrPtr*)(_t26 + 0x140))();
				 *_t26 =  *_t26 - 1;
				if ( *_t26 == 0) goto 0x608844dc;
				return _t12;
			}








                                                                                                                                                              0x7ffc6087771c
                                                                                                                                                              0x7ffc60877726
                                                                                                                                                              0x7ffc60877733
                                                                                                                                                              0x7ffc60877739
                                                                                                                                                              0x7ffc6087773e
                                                                                                                                                              0x7ffc60877745
                                                                                                                                                              0x7ffc60877748
                                                                                                                                                              0x7ffc6087774a
                                                                                                                                                              0x7ffc60877752
                                                                                                                                                              0x7ffc60877756
                                                                                                                                                              0x7ffc60877762
                                                                                                                                                              0x7ffc60877764
                                                                                                                                                              0x7ffc6087776a
                                                                                                                                                              0x7ffc60877771
                                                                                                                                                              0x7ffc60877777
                                                                                                                                                              0x7ffc6087777b
                                                                                                                                                              0x7ffc6087778b

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DeallocFreeMem_Thread_free_lock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2783890233-0
                                                                                                                                                              • Opcode ID: d38373450a2ed08bf34deded8d24ef8bdaac219c85135b76418293156686232c
                                                                                                                                                              • Instruction ID: fe0197205fa067ce5bc0be60c927be1141f65d24e41473ca911e418107e0cc95
                                                                                                                                                              • Opcode Fuzzy Hash: d38373450a2ed08bf34deded8d24ef8bdaac219c85135b76418293156686232c
                                                                                                                                                              • Instruction Fuzzy Hash: 8A010C22A9D69AC1EB5CCF61E49437C2364EF4DB95F1A4030DA1E26758CF2CD459C320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F7C5BC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFC60F72900: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFC60FD2861), ref: 00007FFC60F7290A
                                                                                                                                                                • Part of subcall function 00007FFC60F72900: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFC60FD2861), ref: 00007FFC60F72950
                                                                                                                                                              • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,00000092,?,?,?,?,00007FFC60F6FA5B), ref: 00007FFC60F7C661
                                                                                                                                                              • IsValidCodePage.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 00007FFC60F7C67F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CodePageValid
                                                                                                                                                              • String ID: utf8
                                                                                                                                                              • API String ID: 943130320-905460609
                                                                                                                                                              • Opcode ID: a1b9c38fbbb88349f7fd5a6c21530e343503cacf08c1f65a8fa259db4b71df2e
                                                                                                                                                              • Instruction ID: 5ba88f223683e861784432c32c39bf9b73b1a9b2b94ac943f420bf1e09fd3417
                                                                                                                                                              • Opcode Fuzzy Hash: a1b9c38fbbb88349f7fd5a6c21530e343503cacf08c1f65a8fa259db4b71df2e
                                                                                                                                                              • Instruction Fuzzy Hash: 5E91D062A4C6ABC1EB609F61E4406BA33A4BF44B85F464434CE0D67791EF3CE945C7A3
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F8A400 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                              • String ID: !$fmod
                                                                                                                                                              • API String ID: 1757819995-3213614193
                                                                                                                                                              • Opcode ID: 9594e93d67916e3089a32797a5ef1f6c1e779e4e1450da6f11e5191fcb85c646
                                                                                                                                                              • Instruction ID: a9fc68454cdcc4b675a7b62f30971a56a5f9d79e8abf079423fb5d0b968ae170
                                                                                                                                                              • Opcode Fuzzy Hash: 9594e93d67916e3089a32797a5ef1f6c1e779e4e1450da6f11e5191fcb85c646
                                                                                                                                                              • Instruction Fuzzy Hash: 2951E611C2CBA9C5E6235B7190167B5A7E8BFA27C4F029332ED4E31AA1EB1DA143C610
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC84CE4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                              			E00007FF77FF78EC84CE4(void* __ebx, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, long long __r8, void* __r9, void* __r10, long long _a8, long long _a16, void* _a12245829) {
				char _v16;
				intOrPtr _v32;
				char _v40;
				signed long long _v48;
				signed long long _v56;
				intOrPtr _v64;
				long long _v72;
				void* _t28;
				long long _t57;

				_t43 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_t57 = __r8;
				if (E00007FF77FF78EC80C50(__ebx, __rax, __r9, __rdx, __rdx, __r8, __rbp, __rcx, __r9) != 0) goto 0x8ec84db1;
				E00007FF77FF78EC74824(_t43, __r9,  &_v40, __rdx, __r8);
				if ( *((intOrPtr*)(_v32 + 0xc)) != 0xfde9) goto 0x8ec84d44;
				if (_v16 == 0) goto 0x8ec84d7b;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				goto 0x8ec84d7b;
				_t28 = E00007FF77FF78EC7E4D8(_v16, _v40);
				if (_t28 != 0) goto 0x8ec84d66;
				if (_v16 == _t28) goto 0x8ec84d5f;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				goto 0x8ec84d7b;
				if (_v16 == 0) goto 0x8ec84d79;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				_v48 = _v48 & 0x00000000;
				r9d = __ebx;
				_v56 = _v56 & 0x00000000;
				_v64 = 0x3f;
				_v72 = _t57;
				E00007FF77FF78EC7F4A4();
				return _t28;
			}












                                                                                                                                                              0x7ff78ec84ce4
                                                                                                                                                              0x7ff78ec84ce4
                                                                                                                                                              0x7ff78ec84ce9
                                                                                                                                                              0x7ff78ec84cf6
                                                                                                                                                              0x7ff78ec84d10
                                                                                                                                                              0x7ff78ec84d1b
                                                                                                                                                              0x7ff78ec84d2d
                                                                                                                                                              0x7ff78ec84d34
                                                                                                                                                              0x7ff78ec84d3b
                                                                                                                                                              0x7ff78ec84d42
                                                                                                                                                              0x7ff78ec84d44
                                                                                                                                                              0x7ff78ec84d4b
                                                                                                                                                              0x7ff78ec84d51
                                                                                                                                                              0x7ff78ec84d58
                                                                                                                                                              0x7ff78ec84d64
                                                                                                                                                              0x7ff78ec84d6b
                                                                                                                                                              0x7ff78ec84d72
                                                                                                                                                              0x7ff78ec84d7b
                                                                                                                                                              0x7ff78ec84d81
                                                                                                                                                              0x7ff78ec84d84
                                                                                                                                                              0x7ff78ec84d8d
                                                                                                                                                              0x7ff78ec84d97
                                                                                                                                                              0x7ff78ec84d9c
                                                                                                                                                              0x7ff78ec84db0

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                              • String ID: ?
                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                              • Opcode ID: 008f63234d60cbf89411b9e07f0def23d73f48e3a4e62ffd13137b30df282f77
                                                                                                                                                              • Instruction ID: b89861414213570f6006d0c03a1c7fcc3ba20e74c22f0db98c4c78a4fec0d86f
                                                                                                                                                              • Opcode Fuzzy Hash: 008f63234d60cbf89411b9e07f0def23d73f48e3a4e62ffd13137b30df282f77
                                                                                                                                                              • Instruction Fuzzy Hash: 5741F722E0869242FB60ABA5E6113BAE690FB81BA4FA04235EF5C06BD5DF3CD441C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC78314 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                              			E00007FF77FF78EC78314(void* __ecx, void* __edx, void* __edi, void* __esi, long long __rbx, void* __rcx, void* __r8, long long _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t30;
				intOrPtr _t36;
				intOrPtr _t42;
				intOrPtr* _t67;
				intOrPtr* _t68;
				long long _t74;
				void* _t76;
				long long _t90;
				signed int _t91;
				intOrPtr* _t92;
				void* _t102;

				_t76 = __rcx;
				_a8 = __rbx;
				r14d = __ecx;
				if (__ecx == 0) goto 0x8ec78483;
				_t2 = _t76 - 1; // -1
				if (_t2 - 1 <= 0) goto 0x8ec78352;
				E00007FF77FF78EC75E08(_t67);
				_t3 = _t91 + 0x16; // 0x16
				_t42 = _t3;
				 *_t67 = _t42;
				E00007FF77FF78EC7A250();
				goto 0x8ec78483;
				r8d = 0x104;
				GetModuleFileNameW(??, ??, ??);
				_t92 =  *0x8ecac768; // 0x26c17d4228a
				 *0x8ecac740 = 0x8ecac7c0;
				if (_t92 == 0) goto 0x8ec78382;
				if ( *_t92 != _t42) goto 0x8ec78385;
				_t68 =  &_a32;
				_a24 = _t91;
				_v56 = _t68;
				r8d = 0;
				_a32 = _t91;
				_t30 = E00007FF77FF78EC78110(__esi, 0x8ecac7c0, 0x8ecac7c0, 0x8ecac7c0, _t91, 0x8ecac7c0, __r8,  &_a24, _t102);
				r8d = 2;
				E00007FF77FF78EC782B4(_t30, _a24, _a32, __r8);
				_t74 = _t68;
				if (_t68 != 0) goto 0x8ec783dd;
				E00007FF77FF78EC75E08(_t68);
				 *_t68 = 0xc;
				E00007FF77FF78EC7A2B8(_t68, _a24);
				goto 0x8ec7834b;
				_v56 =  &_a32;
				E00007FF77FF78EC78110(__esi, _t74, 0x8ecac7c0, _t74, _t91, 0x8ecac7c0, _t68 + _a24 * 8,  &_a24, _t102);
				if (r14d != 1) goto 0x8ec78415;
				_t36 = _a24 - 1;
				 *0x8ecac758 = _t74;
				 *0x8ecac748 = _t36;
				goto 0x8ec7847e;
				_a16 = _t91;
				0x8ec812e0();
				if (_t36 == 0) goto 0x8ec78444;
				E00007FF77FF78EC7A2B8( &_a32, _a16);
				_a16 = _t91;
				E00007FF77FF78EC7A2B8( &_a32, _t74);
				goto 0x8ec78483;
				_t90 = _a16;
				if ( *_t90 == _t91) goto 0x8ec7845f;
				if ( *((intOrPtr*)(_t90 + 8)) != _t91) goto 0x8ec78453;
				 *0x8ecac748 = 0;
				_a16 = _t91;
				 *0x8ecac758 = _t90;
				E00007FF77FF78EC7A2B8(_t90 + 8, _t91 + 1);
				_a16 = _t91;
				E00007FF77FF78EC7A2B8(_t90 + 8, _t74);
				return _t36;
			}



















                                                                                                                                                              0x7ff78ec78314
                                                                                                                                                              0x7ff78ec78314
                                                                                                                                                              0x7ff78ec78329
                                                                                                                                                              0x7ff78ec7832e
                                                                                                                                                              0x7ff78ec78334
                                                                                                                                                              0x7ff78ec7833a
                                                                                                                                                              0x7ff78ec7833c
                                                                                                                                                              0x7ff78ec78341
                                                                                                                                                              0x7ff78ec78341
                                                                                                                                                              0x7ff78ec78344
                                                                                                                                                              0x7ff78ec78346
                                                                                                                                                              0x7ff78ec7834d
                                                                                                                                                              0x7ff78ec78359
                                                                                                                                                              0x7ff78ec78364
                                                                                                                                                              0x7ff78ec7836a
                                                                                                                                                              0x7ff78ec78371
                                                                                                                                                              0x7ff78ec7837b
                                                                                                                                                              0x7ff78ec78380
                                                                                                                                                              0x7ff78ec78385
                                                                                                                                                              0x7ff78ec78389
                                                                                                                                                              0x7ff78ec78391
                                                                                                                                                              0x7ff78ec78396
                                                                                                                                                              0x7ff78ec78399
                                                                                                                                                              0x7ff78ec783a2
                                                                                                                                                              0x7ff78ec783ab
                                                                                                                                                              0x7ff78ec783b8
                                                                                                                                                              0x7ff78ec783bd
                                                                                                                                                              0x7ff78ec783c3
                                                                                                                                                              0x7ff78ec783c5
                                                                                                                                                              0x7ff78ec783d1
                                                                                                                                                              0x7ff78ec783d3
                                                                                                                                                              0x7ff78ec783d8
                                                                                                                                                              0x7ff78ec783ef
                                                                                                                                                              0x7ff78ec783f4
                                                                                                                                                              0x7ff78ec783fd
                                                                                                                                                              0x7ff78ec78402
                                                                                                                                                              0x7ff78ec78404
                                                                                                                                                              0x7ff78ec7840b
                                                                                                                                                              0x7ff78ec78413
                                                                                                                                                              0x7ff78ec78419
                                                                                                                                                              0x7ff78ec78420
                                                                                                                                                              0x7ff78ec78429
                                                                                                                                                              0x7ff78ec7842f
                                                                                                                                                              0x7ff78ec78437
                                                                                                                                                              0x7ff78ec7843b
                                                                                                                                                              0x7ff78ec78442
                                                                                                                                                              0x7ff78ec78444
                                                                                                                                                              0x7ff78ec78451
                                                                                                                                                              0x7ff78ec7845d
                                                                                                                                                              0x7ff78ec7845f
                                                                                                                                                              0x7ff78ec78467
                                                                                                                                                              0x7ff78ec7846b
                                                                                                                                                              0x7ff78ec78472
                                                                                                                                                              0x7ff78ec7847a
                                                                                                                                                              0x7ff78ec7847e
                                                                                                                                                              0x7ff78ec78495

                                                                                                                                                              APIs
                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF78EC78346
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: HeapFree.KERNEL32(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2CE
                                                                                                                                                                • Part of subcall function 00007FF78EC7A2B8: GetLastError.KERNEL32(?,?,?,00007FF78EC821CA,?,?,?,00007FF78EC82207,?,?,00000000,00007FF78EC826D8,?,?,00000000,00007FF78EC8260B), ref: 00007FF78EC7A2D8
                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF78EC6A115), ref: 00007FF78EC78364
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                              • String ID: C:\Users\user\Desktop\CapsuleFarmer.exe
                                                                                                                                                              • API String ID: 3580290477-3420502662
                                                                                                                                                              • Opcode ID: b8348896c48c033e400506358eb925058f8d48dcc8e679e6ffe20bb3b130d090
                                                                                                                                                              • Instruction ID: df3073f1a285a1878f79d74559a3852df2f328d8fdbb38272ed16cafb53a7f2c
                                                                                                                                                              • Opcode Fuzzy Hash: b8348896c48c033e400506358eb925058f8d48dcc8e679e6ffe20bb3b130d090
                                                                                                                                                              • Instruction Fuzzy Hash: 4C415D32E08A6286EB14AFAAD8500BDA794FB447D0BE44035EE4E43B85DF3DE481C360
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F7C3E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFC60F6D610: RtlAllocateHeap.NTDLL(?,?,00000000,00007FFC60F72DE9,?,?,?,00007FFC60FB3A07,?,?,?,?,00007FFC60F7720A,?,?,?), ref: 00007FFC60F6D658
                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FFC60F7ED3E,?,?,?,?,?,00007FFC60F7EA46), ref: 00007FFC60FB5BFA
                                                                                                                                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,00007FFC60F7ED3E,?,?,?,?,?,00007FFC60F7EA46), ref: 00007FFC60FB5C10
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressAllocateCountCriticalHeapInitializeProcSectionSpin
                                                                                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                                                                                              • API String ID: 3806826319-3084827643
                                                                                                                                                              • Opcode ID: e6b0f287d53f26e5be93056ec9cfaf0c0e2b74da1eebeb5a130f902328db4281
                                                                                                                                                              • Instruction ID: ac8cdf54eddbf94467eb300fb73488d48c42aa992d4de6532e9ecb09d566cb5a
                                                                                                                                                              • Opcode Fuzzy Hash: e6b0f287d53f26e5be93056ec9cfaf0c0e2b74da1eebeb5a130f902328db4281
                                                                                                                                                              • Instruction Fuzzy Hash: DC41CF22B1CB6AC2EB149F99E45027933A0FB48B60F858639DA6D577C4DF3CE815C351
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7C5DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 29%
                                                                                                                                                              			E00007FF77FF78EC7C5DC(void* __eax, void* __ecx, signed int __edx, void* __esi, void* __ebp, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				signed int _t43;
				void* _t49;
				void* _t65;
				signed long long _t66;
				short* _t71;
				signed int* _t72;
				void* _t95;
				void* _t101;
				void* _t103;
				void* _t106;
				void* _t107;

				_a8 = __rbx;
				_a24 = __rbp;
				E00007FF77FF78EC6A070(0x1470, _t65, _t101, _t103);
				_t66 =  *0x8ec9d000; // 0x5e06c6841c27
				_a5176 = _t66 ^ _t95 - _t65;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t107 = _t106 + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0x8ecaca50 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t107 >= 0) goto 0x8ec7c71d;
				_t71 =  &_a40;
				if (__r8 - _t107 >= 0) goto 0x8ec7c686;
				_t43 =  *__r8 & 0x0000ffff;
				if (_t43 != 0xa) goto 0x8ec7c672;
				 *_t71 = 0xd;
				_t72 = _t71 + 2;
				 *_t72 = _t43;
				if ( &(_t72[0]) -  &_a1744 < 0) goto 0x8ec7c654;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FF77FF78EC7F4A4();
				if (0 == 0) goto 0x8ec7c715;
				if (0 == 0) goto 0x8ec7c705;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8ec7c715;
				if (0 + _a24 < 0) goto 0x8ec7c6d2;
				 *((intOrPtr*)(__rcx + 4)) = _t49 - r15d;
				goto 0x8ec7c649;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E00007FF77FF78EC6A040(_t40, 0, _a5176 ^ _t95 - _t65);
			}
















                                                                                                                                                              0x7ff78ec7c5dc
                                                                                                                                                              0x7ff78ec7c5e1
                                                                                                                                                              0x7ff78ec7c5f3
                                                                                                                                                              0x7ff78ec7c5fb
                                                                                                                                                              0x7ff78ec7c605
                                                                                                                                                              0x7ff78ec7c616
                                                                                                                                                              0x7ff78ec7c624
                                                                                                                                                              0x7ff78ec7c628
                                                                                                                                                              0x7ff78ec7c640
                                                                                                                                                              0x7ff78ec7c646
                                                                                                                                                              0x7ff78ec7c649
                                                                                                                                                              0x7ff78ec7c64f
                                                                                                                                                              0x7ff78ec7c657
                                                                                                                                                              0x7ff78ec7c659
                                                                                                                                                              0x7ff78ec7c664
                                                                                                                                                              0x7ff78ec7c66b
                                                                                                                                                              0x7ff78ec7c66e
                                                                                                                                                              0x7ff78ec7c672
                                                                                                                                                              0x7ff78ec7c684
                                                                                                                                                              0x7ff78ec7c686
                                                                                                                                                              0x7ff78ec7c691
                                                                                                                                                              0x7ff78ec7c69f
                                                                                                                                                              0x7ff78ec7c6b2
                                                                                                                                                              0x7ff78ec7c6b7
                                                                                                                                                              0x7ff78ec7c6c1
                                                                                                                                                              0x7ff78ec7c6ca
                                                                                                                                                              0x7ff78ec7c6d0
                                                                                                                                                              0x7ff78ec7c6d2
                                                                                                                                                              0x7ff78ec7c6e7
                                                                                                                                                              0x7ff78ec7c6f0
                                                                                                                                                              0x7ff78ec7c6fb
                                                                                                                                                              0x7ff78ec7c703
                                                                                                                                                              0x7ff78ec7c70a
                                                                                                                                                              0x7ff78ec7c710
                                                                                                                                                              0x7ff78ec7c71b
                                                                                                                                                              0x7ff78ec7c74b

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                              • String ID: U
                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                              • Opcode ID: 35d1ba7b3e06cf66a9a63fc15f9cdb867b526454cddcb1cc7585018f3c01db52
                                                                                                                                                              • Instruction ID: a660aec01d79664d96c2c31e29c831d90976ca5b9fb853a6e2c91cf10783d533
                                                                                                                                                              • Opcode Fuzzy Hash: 35d1ba7b3e06cf66a9a63fc15f9cdb867b526454cddcb1cc7585018f3c01db52
                                                                                                                                                              • Instruction Fuzzy Hash: 5641C532B1CA4296DB60EF69E8447AAA760FB987D4FA04031EE4D87794EF3CD541C750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60FA1620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: EntryInterlockedListNamePush__un
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 524438517-3916222277
                                                                                                                                                              • Opcode ID: e41d497225cde52b0ab13a8d295de25a175a81526d6415c0a7e7937b6b353a80
                                                                                                                                                              • Instruction ID: 9a8708174d3813b27412c87ad4c7faa0d91f32f9649e86e7aecf600aacee92ee
                                                                                                                                                              • Opcode Fuzzy Hash: e41d497225cde52b0ab13a8d295de25a175a81526d6415c0a7e7937b6b353a80
                                                                                                                                                              • Instruction Fuzzy Hash: BC31E216A9DB6AD0FB11CB29980556933A0FF48FE0B5B8631DD2D53384EE39D442C361
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F7A200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,00002000,00007FFC60F793D1,?,?,00000000,00007FFC60F79319,?,?,?,00007FFC60F79088), ref: 00007FFC60F7A283
                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00002000,00007FFC60F793D1,?,?,00000000,00007FFC60F79319,?,?,?,00007FFC60F79088), ref: 00007FFC60FB4E25
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressCountCriticalInitializeProcSectionSpin
                                                                                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                                                                                              • API String ID: 1498394645-3084827643
                                                                                                                                                              • Opcode ID: 909cbea8ef6e0169b8147f9c897fcf70ffcd4c43e8c559146e0a9d6b551cb605
                                                                                                                                                              • Instruction ID: 3a0aa8866403a965112273c03610d0d9f9d3cfe7c55dd49a8ab7f82cebcbd947
                                                                                                                                                              • Opcode Fuzzy Hash: 909cbea8ef6e0169b8147f9c897fcf70ffcd4c43e8c559146e0a9d6b551cb605
                                                                                                                                                              • Instruction Fuzzy Hash: 0E21EF20B5C62AC2FF448B99E91167513D1AF88FD9F055235ED1E53B98EF2CE800C761
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7E928 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                              			E00007FF77FF78EC7E928(void* __eax, void* __ecx, void* __edi, long long __rbx, long long __rsi, long long _a8, long long _a16) {
				void* _v8;
				signed int _v24;
				short _v550;
				signed int _v552;
				void* _t41;
				signed long long _t57;
				signed long long _t58;
				signed short* _t60;
				signed short* _t62;
				void* _t70;

				_a8 = __rbx;
				_a16 = __rsi;
				_t57 =  *0x8ec9d000; // 0x5e06c6841c27
				_t58 = _t57 ^ _t70 - 0x00000240;
				_v24 = _t58;
				_t62 =  &_v552;
				r8d = 0x20a;
				E00007FF77FF78EC6B7B0();
				if (GetCurrentDirectoryW(??, ??) - 0x104 > 0) goto 0x8ec7e99c;
				if (_v552 == 0) goto 0x8ec7e9f7;
				if (_v550 != 0x3a) goto 0x8ec7e9f7;
				_t40 =  >  ? _v552 & 0x0000ffff : _t62 - 0x20;
				_t41 = ( >  ? _v552 & 0x0000ffff : _t62 - 0x20) - 0x40;
				goto 0x8ec7e9f7;
				E00007FF77FF78EC7E248(_t62 - 0x61, _t62,  &_v552);
				_t60 = _t58;
				if (_t58 == 0) goto 0x8ec7e9c4;
				if (GetCurrentDirectoryW(??, ??) != 0) goto 0x8ec7e9d1;
				E00007FF77FF78EC75E08(_t58);
				 *_t58 = 0xc;
				goto 0x8ec7e9ef;
				if ( *_t60 == 0) goto 0x8ec7e9ef;
				if (_t60[1] != 0x3a) goto 0x8ec7e9ef;
				_t44 =  >  ?  *_t60 & 0x0000ffff : _t62 - 0x20;
				_t45 = ( >  ?  *_t60 & 0x0000ffff : _t62 - 0x20) - 0x40;
				E00007FF77FF78EC7A2B8(_t58, _t60);
				_t27 = ( >  ?  *_t60 & 0x0000ffff : _t62 - 0x20) - 0x40;
				return E00007FF77FF78EC6A040(( >  ?  *_t60 & 0x0000ffff : _t62 - 0x20) - 0x40,  *_t60 & 0x0000ffff, _v24 ^ _t70 - 0x00000240);
			}













                                                                                                                                                              0x7ff78ec7e928
                                                                                                                                                              0x7ff78ec7e92d
                                                                                                                                                              0x7ff78ec7e93a
                                                                                                                                                              0x7ff78ec7e941
                                                                                                                                                              0x7ff78ec7e944
                                                                                                                                                              0x7ff78ec7e94e
                                                                                                                                                              0x7ff78ec7e953
                                                                                                                                                              0x7ff78ec7e959
                                                                                                                                                              0x7ff78ec7e973
                                                                                                                                                              0x7ff78ec7e97c
                                                                                                                                                              0x7ff78ec7e984
                                                                                                                                                              0x7ff78ec7e994
                                                                                                                                                              0x7ff78ec7e997
                                                                                                                                                              0x7ff78ec7e99a
                                                                                                                                                              0x7ff78ec7e9a6
                                                                                                                                                              0x7ff78ec7e9ad
                                                                                                                                                              0x7ff78ec7e9b3
                                                                                                                                                              0x7ff78ec7e9c2
                                                                                                                                                              0x7ff78ec7e9c4
                                                                                                                                                              0x7ff78ec7e9c9
                                                                                                                                                              0x7ff78ec7e9cf
                                                                                                                                                              0x7ff78ec7e9d4
                                                                                                                                                              0x7ff78ec7e9db
                                                                                                                                                              0x7ff78ec7e9e9
                                                                                                                                                              0x7ff78ec7e9ec
                                                                                                                                                              0x7ff78ec7e9f2
                                                                                                                                                              0x7ff78ec7e9f7
                                                                                                                                                              0x7ff78ec7ea1d

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                              • String ID: :
                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                              • Opcode ID: e2d514df125eb250883dc636bf6501e4931e74ce80a096ab54729c379fca9a35
                                                                                                                                                              • Instruction ID: fbea40fef6953d7904da8c200e734f53f283e0e8fcd8969cdd30329ab7e2d03c
                                                                                                                                                              • Opcode Fuzzy Hash: e2d514df125eb250883dc636bf6501e4931e74ce80a096ab54729c379fca9a35
                                                                                                                                                              • Instruction Fuzzy Hash: A621E433E1868185FB64AF59D8442AEB3B1FB84B44FE58139DA8D03285DF7CE945C760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC6E230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                              • String ID: csm
                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                              • Opcode ID: ed93e57f905e8d2c307eff59956c4c6cc3209cab66e14db4cfb89e499c7c97d1
                                                                                                                                                              • Instruction ID: bf241f30933d89ebe4ae0d0937122651dfa577613badf6141820811fa774733a
                                                                                                                                                              • Opcode Fuzzy Hash: ed93e57f905e8d2c307eff59956c4c6cc3209cab66e14db4cfb89e499c7c97d1
                                                                                                                                                              • Instruction Fuzzy Hash: 24114F32A08B4182EB509F55E54026AB7A1FB88B94F684235EE8C07B65DF3CD551C700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F99090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _handle_errorf_raise_excf
                                                                                                                                                              • String ID: !$cosf
                                                                                                                                                              • API String ID: 3848079588-2208875612
                                                                                                                                                              • Opcode ID: 6d660574a6daef804eef7dfa845e6527840e46695afe343621e211181e8e6ee1
                                                                                                                                                              • Instruction ID: fdd41a8ac1f3e0449e1140d607f1c0a165128231d48c15a27e4cbe9a66e3d974
                                                                                                                                                              • Opcode Fuzzy Hash: 6d660574a6daef804eef7dfa845e6527840e46695afe343621e211181e8e6ee1
                                                                                                                                                              • Instruction Fuzzy Hash: 0201D67291CA5587F314CB2AA48036AB690FBD4784F314225F74916B78DF3CD1809F00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F990B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _handle_error_raise_exc
                                                                                                                                                              • String ID: !$sin
                                                                                                                                                              • API String ID: 1935476177-1565623160
                                                                                                                                                              • Opcode ID: 15776cdf7e7771a0a0892c17dc8b27b35bcd0c59846728f0e4c1eb6cb7fe8e0b
                                                                                                                                                              • Instruction ID: bd6da9cd810d4748c3f4b7d33f86f5c51929c7cb68bd9d0e6a7de8dd5e9bd152
                                                                                                                                                              • Opcode Fuzzy Hash: 15776cdf7e7771a0a0892c17dc8b27b35bcd0c59846728f0e4c1eb6cb7fe8e0b
                                                                                                                                                              • Instruction Fuzzy Hash: ED01D432A1CF8986DA14CF22D80037A6262FF9ABD4F514324E95D16B98EF7CD0808B01
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF78EC7F3FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E00007FF77FF78EC7F3FC(void* __ebx, void* __ecx, void* __rcx) {
				signed int _v16;
				short _v18;
				intOrPtr _v22;
				short _v24;
				signed long long _t27;
				signed long long _t28;
				signed long long _t34;

				_t27 =  *0x8ec9d000; // 0x5e06c6841c27
				_t28 = _t27 ^ _t34;
				_v16 = _t28;
				if (__ecx - 0x1a <= 0) goto 0x8ec7f435;
				E00007FF77FF78EC75DE8(_t28);
				 *_t28 = 0xf;
				E00007FF77FF78EC75E08(_t28);
				 *_t28 = 0xd;
				E00007FF77FF78EC7A250();
				goto 0x8ec7f469;
				if (__ecx != 0) goto 0x8ec7f440;
				goto 0x8ec7f469;
				_v22 = 0x5c003a;
				_v24 = __ecx + 0x40;
				_v18 = 0;
				return E00007FF77FF78EC6A040(0 | GetDriveTypeW(??) - 0x00000002 >= 0x00000000, __ecx + 0x40, _v16 ^ _t34);
			}










                                                                                                                                                              0x7ff78ec7f402
                                                                                                                                                              0x7ff78ec7f409
                                                                                                                                                              0x7ff78ec7f40c
                                                                                                                                                              0x7ff78ec7f414
                                                                                                                                                              0x7ff78ec7f416
                                                                                                                                                              0x7ff78ec7f41b
                                                                                                                                                              0x7ff78ec7f421
                                                                                                                                                              0x7ff78ec7f426
                                                                                                                                                              0x7ff78ec7f42c
                                                                                                                                                              0x7ff78ec7f433
                                                                                                                                                              0x7ff78ec7f439
                                                                                                                                                              0x7ff78ec7f43e
                                                                                                                                                              0x7ff78ec7f444
                                                                                                                                                              0x7ff78ec7f44c
                                                                                                                                                              0x7ff78ec7f456
                                                                                                                                                              0x7ff78ec7f47b

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.378878151.00007FF78EC61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF78EC60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.378859402.00007FF78EC60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378916318.00007FF78EC8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378958831.00007FF78EC9D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378970788.00007FF78ECA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.378983388.00007FF78ECAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379010657.00007FF78ECAE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ff78ec60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: :
                                                                                                                                                              • API String ID: 3215553584-336475711
                                                                                                                                                              • Opcode ID: af30997fc9b2bda5339abb9cf150afc1d24e6460e7359128a80d95a47095e053
                                                                                                                                                              • Instruction ID: dea0907e7b69f9723483b77f2b4d3463ac65f02498023d8da9ebc2f6914bc7b6
                                                                                                                                                              • Opcode Fuzzy Hash: af30997fc9b2bda5339abb9cf150afc1d24e6460e7359128a80d95a47095e053
                                                                                                                                                              • Instruction Fuzzy Hash: 9A01AD22E1C24686F730BFA4E89227EA3A0FF48744FE00435E95E46691DF3CE144CA24
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F99200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _handle_errorf_raise_excf
                                                                                                                                                              • String ID: !$sinf
                                                                                                                                                              • API String ID: 3848079588-676365165
                                                                                                                                                              • Opcode ID: 87baaba2b3233784b5bab0be6761438bc72616c16a81b8b5cc63b73ea8544fda
                                                                                                                                                              • Instruction ID: b0db8a5e4d2228b50b7224ba24283ff2fa3c7ca937e405514b1845b9ba8608e6
                                                                                                                                                              • Opcode Fuzzy Hash: 87baaba2b3233784b5bab0be6761438bc72616c16a81b8b5cc63b73ea8544fda
                                                                                                                                                              • Instruction Fuzzy Hash: 56015272A1CA9687F310CB2AA88436AB691FBD4784F214225E649566B8DF7CD5809F01
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60F6C3C4 Relevance: 5.3, APIs: 4, Instructions: 265COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,00000000,00000000,?,?,00000000,00007FFC60F6C2E1), ref: 00007FFC60F6C506
                                                                                                                                                              • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,00000000,00000000,?,?,00000000,00007FFC60F6C2E1), ref: 00007FFC60F6C559
                                                                                                                                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,00000000,00000000,?,?,00000000,00007FFC60F6C2E1), ref: 00007FFC60FB0A37
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.382125884.00007FFC60F61000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFC60F60000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.382101294.00007FFC60F60000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383129830.00007FFC61015000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383318245.00007FFC6104F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.383365577.00007FFC61052000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60f60000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1717984340-0
                                                                                                                                                              • Opcode ID: 051a976b41ae5000dd40afa6a0ea54f0385873d016dffbb0923626a41e3e7557
                                                                                                                                                              • Instruction ID: 63e486d3aa0372e861127a996b235d1691dd009569f21ce626367b45fbef00be
                                                                                                                                                              • Opcode Fuzzy Hash: 051a976b41ae5000dd40afa6a0ea54f0385873d016dffbb0923626a41e3e7557
                                                                                                                                                              • Instruction Fuzzy Hash: 18B11B21E9C27AC5FF749B64C46057D2794EF44754F2A4636DA9E62BC0CF6CE840C263
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFC60879BA0 Relevance: 5.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000009.00000002.379055005.00007FFC60871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFC60870000, based on PE: true
                                                                                                                                                              • Associated: 00000009.00000002.379043995.00007FFC60870000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379096329.00007FFC60887000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379127320.00007FFC60893000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              • Associated: 00000009.00000002.379144378.00007FFC60894000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffc60870000_CapsuleFarmer.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: memmove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2162964266-0
                                                                                                                                                              • Opcode ID: de68fb9914a93d6f8ee7ec23a95596aaf9d5e86910464e33aab0ee8e1cd49438
                                                                                                                                                              • Instruction ID: 5150033f9e992da03d6fbdb261649fef6d37b84e9d8d786114a310f60b78ef8d
                                                                                                                                                              • Opcode Fuzzy Hash: de68fb9914a93d6f8ee7ec23a95596aaf9d5e86910464e33aab0ee8e1cd49438
                                                                                                                                                              • Instruction Fuzzy Hash: 2B213332B4C658C3DA10DF2AA40402DB7A1F788BE0B2A0138DF8E27B55DE7DE845C744
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:7%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:0.9%
                                                                                                                                                              Total number of Nodes:1089
                                                                                                                                                              Total number of Limit Nodes:11
                                                                                                                                                              execution_graph 5616 4046c0 5617 4046e3 5616->5617 5618 4046ec GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 5616->5618 5617->5618 5619 40471e 5618->5619 5623 4047d3 5618->5623 5636 382ab0 5619->5636 5625 40476b GetCurrentThread GetThreadPriority 5623->5625 5628 40477c 5625->5628 5627 404794 5628->5627 5672 404d10 GetHandleVerifier 5628->5672 5629 404742 5631 504ef0 111 API calls 5629->5631 5633 404759 GetCurrentThreadId 5631->5633 5669 5056f0 5633->5669 5637 382abd GetLastError 5636->5637 5638 382af3 5636->5638 5639 382afa 5637->5639 5641 382acf 5637->5641 5647 504ef0 5638->5647 5642 404d10 GetHandleVerifier 5639->5642 5640 382aec SetLastError 5640->5638 5641->5640 5676 404ce0 GetHandleVerifier 5641->5676 5644 382b0b 5642->5644 5646 404cc0 GetHandleVerifier 5644->5646 5646->5641 5648 504f04 5647->5648 5651 404730 GetCurrentThreadId 5647->5651 5678 3dd980 5648->5678 5650 504f0e 5650->5651 5684 82cb74 5650->5684 5657 504f50 5651->5657 5653 504f1c 5694 504e10 5653->5694 5655 504f28 5706 3dda20 5655->5706 5658 504f6d 5657->5658 5660 82cb74 3 API calls 5658->5660 5662 504fb5 5658->5662 5664 505071 5658->5664 5659 1f2510 66 API calls 5661 505005 5659->5661 5660->5662 5663 505950 3 API calls 5661->5663 5662->5659 5668 505021 5663->5668 5665 5050b4 ReleaseSRWLockExclusive 5664->5665 5666 5050c7 5665->5666 5666->5629 5667 82cb74 3 API calls 5667->5664 5668->5664 5668->5667 5671 505701 5669->5671 5670 5058d4 ReleaseSRWLockExclusive 5670->5625 5671->5670 5673 4047be 5672->5673 5674 404cc0 GetHandleVerifier 5673->5674 5675 404cd3 5674->5675 5675->5627 5677 382ae9 5676->5677 5677->5640 5679 3dd9bc 5678->5679 5680 3dd9a7 5678->5680 5679->5680 5681 3dd9fc 5679->5681 5710 404000 5679->5710 5680->5650 5746 403ff0 Sleep 5681->5746 5685 82cb79 5684->5685 5686 404d80 ___std_exception_copy 2 API calls 5685->5686 5687 82cb93 5685->5687 5690 82cb95 5685->5690 5881 83b006 5685->5881 5686->5685 5687->5653 5689 82d619 5691 82e90c RaiseException 5689->5691 5690->5689 5693 82e90c RaiseException 5690->5693 5692 82d636 5691->5692 5692->5653 5693->5689 5695 504e2a 5694->5695 5696 82cb74 3 API calls 5695->5696 5697 504e6c 5696->5697 5895 1f2510 5697->5895 5699 504e7e 5700 1f2510 66 API calls 5699->5700 5701 504e9e 5700->5701 5913 505950 5701->5913 5703 504eba 5704 504ec8 ReleaseSRWLockExclusive 5703->5704 5705 504ed9 5704->5705 5705->5655 5707 3dda2f 5706->5707 5709 3dda3f 5706->5709 5707->5709 6305 3d3f90 5707->6305 5709->5651 5747 4069f0 5710->5747 5712 404027 5713 404054 5712->5713 5714 4041c4 5712->5714 5715 4069f0 QueryPerformanceCounter 5713->5715 5716 504ef0 102 API calls 5714->5716 5717 4040a3 5715->5717 5718 4041eb 5716->5718 5719 404130 5717->5719 5720 4040b6 5717->5720 5750 505110 5718->5750 5719->5679 5723 4040ce Sleep 5720->5723 5722 4041f3 5725 404210 5722->5725 5778 82cc77 EnterCriticalSection 5722->5778 5724 4069f0 QueryPerformanceCounter 5723->5724 5726 4040db 5724->5726 5728 40425b IsDebuggerPresent 5725->5728 5775 3f05a0 5725->5775 5726->5719 5736 40410b Sleep 5726->5736 5729 404265 5728->5729 5730 4042bb GetCurrentThreadId 5728->5730 5729->5679 5788 4042e0 RaiseException 5730->5788 5731 404281 5731->5725 5732 40428d GetModuleHandleW GetProcAddress 5731->5732 5783 82cced EnterCriticalSection LeaveCriticalSection 5732->5783 5739 4069f0 QueryPerformanceCounter 5736->5739 5738 404234 GetCurrentThread SetThreadDescription 5738->5728 5742 404250 5738->5742 5743 404118 5739->5743 5740 4042b3 5740->5725 5742->5728 5743->5719 5744 40415a Sleep 5743->5744 5745 4069f0 QueryPerformanceCounter 5744->5745 5745->5743 5746->5679 5748 406a16 QueryPerformanceCounter 5747->5748 5749 406a49 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5747->5749 5748->5749 5749->5712 5789 3d1db0 GetCurrentThreadId 5750->5789 5752 82cb74 RaiseException EnterCriticalSection LeaveCriticalSection 5753 505264 5752->5753 5754 3ce640 43 API calls 5753->5754 5755 505271 5754->5755 5756 505a80 43 API calls 5755->5756 5757 50528d 5756->5757 5758 5052fd 5757->5758 5759 82cc77 __Init_thread_header 6 API calls 5757->5759 5760 3f2a30 20 API calls 5758->5760 5761 50554d 5759->5761 5773 505316 5760->5773 5761->5758 5762 3f2a70 21 API calls 5761->5762 5764 505569 5762->5764 5763 5054be ReleaseSRWLockExclusive 5766 505498 5763->5766 5767 82cced __Init_thread_footer 5 API calls 5764->5767 5765 50512d 5765->5752 5765->5757 5766->5722 5767->5758 5768 505479 ReleaseSRWLockExclusive 5770 505490 5768->5770 5769 82cb74 RaiseException EnterCriticalSection LeaveCriticalSection 5774 50543f 5769->5774 5772 507ce0 82 API calls 5770->5772 5771 5053f4 5771->5768 5771->5769 5772->5766 5773->5763 5773->5771 5774->5768 5790 3efcf0 5775->5790 5777 3f05d4 5777->5738 5780 82cc8b 5778->5780 5779 82cc90 LeaveCriticalSection 5779->5731 5780->5779 5876 82cd37 5780->5876 5784 82cd85 5783->5784 5785 82cd90 WakeAllConditionVariable 5784->5785 5786 82cda1 SetEvent ResetEvent 5784->5786 5785->5740 5786->5740 5788->5729 5791 3efd11 5790->5791 5792 3efd1c 5791->5792 5793 3efe19 5791->5793 5800 3efd4f 5792->5800 5801 3d03d0 5792->5801 5813 3cfe40 5793->5813 5796 3efe25 5797 3cfe40 43 API calls 5796->5797 5796->5800 5798 3eff9d 5797->5798 5817 3cffa0 5798->5817 5800->5777 5802 3d04ae 5801->5802 5805 3d03ee 5801->5805 5832 3ce600 5802->5832 5804 3d04b3 5835 3ccbe0 5804->5835 5805->5804 5806 3d0430 5805->5806 5808 82cb74 3 API calls 5806->5808 5812 3d043f ___std_exception_copy 5808->5812 5810 3d04f4 5810->5800 5811 3d03d0 43 API calls 5811->5810 5812->5800 5814 3cfe55 5813->5814 5815 3d03d0 43 API calls 5814->5815 5816 3cfe65 5814->5816 5815->5816 5816->5796 5816->5816 5818 3d0106 5817->5818 5822 3cffdb 5817->5822 5819 3ce600 43 API calls 5818->5819 5820 3d010b 5819->5820 5821 3ccbe0 43 API calls 5820->5821 5823 3d0115 5821->5823 5825 3d004a 5822->5825 5826 3d0062 5822->5826 5831 3d0028 ___std_exception_copy 5822->5831 5824 3ccbe0 43 API calls 5823->5824 5824->5831 5825->5820 5827 3d0052 5825->5827 5826->5823 5828 3d006d 5826->5828 5829 82cb74 3 API calls 5827->5829 5830 82cb74 3 API calls 5828->5830 5829->5831 5830->5831 5831->5800 5833 3ccbe0 43 API calls 5832->5833 5834 3ce60d 5833->5834 5842 381080 5835->5842 5837 3ccbf4 5845 82e90c 5837->5845 5839 3ccbff 5848 82eee4 5839->5848 5841 3ccc24 5841->5810 5841->5811 5843 82eee4 ___std_exception_copy 42 API calls 5842->5843 5844 3810b8 5843->5844 5844->5837 5846 82e953 RaiseException 5845->5846 5847 82e926 5845->5847 5846->5839 5847->5846 5849 82ef1e ___std_exception_copy 5848->5849 5850 82eef1 5848->5850 5849->5841 5850->5849 5854 404d80 5850->5854 5855 404d8f 5854->5855 5857 404da7 5855->5857 5867 506b00 5855->5867 5857->5849 5858 84a239 5857->5858 5859 84a246 5858->5859 5860 84a254 5858->5860 5859->5860 5865 84a26b 5859->5865 5870 83d86a 5860->5870 5862 84a25c 5873 83f62c 5862->5873 5864 84a266 5864->5849 5865->5864 5866 83d86a _free 14 API calls 5865->5866 5866->5862 5868 83b042 ___std_exception_copy EnterCriticalSection LeaveCriticalSection 5867->5868 5869 506b08 5868->5869 5869->5855 5871 84b481 _free 14 API calls 5870->5871 5872 83d86f 5871->5872 5872->5862 5874 83f7b8 ___std_exception_copy 42 API calls 5873->5874 5875 83f638 5874->5875 5875->5864 5877 82cd45 SleepConditionVariableCS 5876->5877 5878 82cd5e LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 5876->5878 5879 82cd82 5877->5879 5878->5879 5879->5780 5884 83b042 5881->5884 5885 83b04e ___std_exception_copy 5884->5885 5890 84c1f1 EnterCriticalSection 5885->5890 5887 83b059 5891 83b095 5887->5891 5890->5887 5894 84c208 LeaveCriticalSection 5891->5894 5893 83b011 5893->5685 5894->5893 5896 1f252c _strlen 5895->5896 5897 1f258d 5896->5897 5898 1f2534 5896->5898 5899 3ce600 43 API calls 5897->5899 5901 82cb74 3 API calls 5898->5901 5903 1f2539 ___std_exception_copy 5898->5903 5900 1f2594 5899->5900 5902 1f2677 5900->5902 5909 1f25da 5900->5909 5917 3b07e0 5900->5917 5901->5903 5942 1f2800 5902->5942 5903->5699 5906 1f267f 5906->5699 5908 1f265a 5908->5902 5937 3b25c0 5908->5937 5912 1f2609 5909->5912 5926 3c92d0 5909->5926 5933 1f26a0 5912->5933 5916 505974 5913->5916 5914 5059ec 5914->5703 5915 82cb74 3 API calls 5915->5914 5916->5914 5916->5915 5918 3b081a 5917->5918 5925 3b0886 5917->5925 5919 3b087e 5918->5919 5921 3b07e0 66 API calls 5918->5921 5922 3b0842 5918->5922 5920 1f2800 66 API calls 5919->5920 5920->5925 5921->5922 5922->5919 5923 3b0899 5922->5923 5948 3b25f0 5923->5948 5925->5909 5927 3c92f8 5926->5927 5928 3c9311 5926->5928 6013 3ce3e0 5927->6013 5932 3c9331 5928->5932 6029 2827b0 5928->6029 5931 3c934b 5931->5912 5932->5912 5934 1f26c2 5933->5934 5936 1f270c ___std_exception_copy 5933->5936 5935 82cb74 3 API calls 5934->5935 5934->5936 5935->5936 5936->5908 5938 3b25db 5937->5938 5939 3b25d7 5937->5939 5940 3b25f0 66 API calls 5938->5940 5939->5902 5941 3b25e5 5940->5941 5943 1f2815 5942->5943 5947 1f281c 5942->5947 5943->5947 6275 3afb10 5943->6275 5946 3b25c0 66 API calls 5946->5947 5947->5906 5957 3b2510 5948->5957 5953 82e90c RaiseException 5954 3b2627 5953->5954 5968 3c91e0 5954->5968 5958 3b2537 5957->5958 5964 3b2530 5957->5964 5959 82cc77 __Init_thread_header 6 API calls 5958->5959 5960 3b2541 5959->5960 5960->5964 5971 82d16d 5960->5971 5963 82cced __Init_thread_footer 5 API calls 5963->5964 5965 3b2580 5964->5965 5994 3d12a0 5965->5994 5967 3b2596 5967->5953 6003 3c90a0 5968->6003 5974 82d182 5971->5974 5975 82d191 5974->5975 5976 82d198 5974->5976 5980 83d27d 5975->5980 5983 83d21d 5976->5983 5979 3b2557 5979->5963 5981 83d21d 14 API calls 5980->5981 5982 83d28f 5981->5982 5982->5979 5986 83d496 5983->5986 5987 83d4a2 ___std_exception_copy 5986->5987 5988 84c1f1 ___std_exception_copy EnterCriticalSection 5987->5988 5989 83d4b0 5988->5989 5990 83d293 14 API calls 5989->5990 5991 83d4bd 5990->5991 5992 83d4e5 LeaveCriticalSection 5991->5992 5993 83d24e 5992->5993 5993->5979 5995 1f2510 66 API calls 5994->5995 5996 3d12f3 5995->5996 5999 3ce5a0 5996->5999 5998 3d1319 5998->5967 6000 3ce5bd 5999->6000 6001 82eee4 ___std_exception_copy 42 API calls 6000->6001 6002 3ce5e0 6001->6002 6002->5998 6004 3c9100 6003->6004 6010 3b267f 6003->6010 6005 82cc77 __Init_thread_header 6 API calls 6004->6005 6006 3c910a 6005->6006 6007 3c9133 6006->6007 6008 82cc77 __Init_thread_header 6 API calls 6006->6008 6006->6010 6009 82cced __Init_thread_footer 5 API calls 6007->6009 6011 3c9164 6008->6011 6009->6010 6010->5925 6011->6007 6012 82cced __Init_thread_footer 5 API calls 6011->6012 6012->6007 6032 3d1d50 AcquireSRWLockExclusive 6013->6032 6015 3ce419 6016 3ce423 6015->6016 6037 3d1d80 SleepConditionVariableSRW 6015->6037 6018 3ce429 6016->6018 6019 3ce4a6 6016->6019 6033 3d1d60 ReleaseSRWLockExclusive 6018->6033 6038 3d1d60 ReleaseSRWLockExclusive 6019->6038 6022 3ce440 6034 3d1d50 AcquireSRWLockExclusive 6022->6034 6024 3ce458 6035 3d1d60 ReleaseSRWLockExclusive 6024->6035 6026 3ce46e 6036 3d1d70 WakeAllConditionVariable 6026->6036 6028 3ce47b 6028->5928 6039 841b75 6029->6039 6031 2827b8 6031->5931 6032->6015 6033->6022 6034->6024 6035->6026 6036->6028 6037->6015 6038->6028 6050 847f1c 6039->6050 6043 841bae 6084 83ad6a 6043->6084 6044 841b8f IsProcessorFeaturePresent 6046 841b9b 6044->6046 6045 841b85 6045->6043 6045->6044 6080 83f670 6046->6080 6087 8481a0 6050->6087 6053 847f43 6054 847f4f ___std_exception_copy 6053->6054 6058 847f7c ___std_exception_copy 6054->6058 6061 847f76 ___std_exception_copy 6054->6061 6098 84b481 GetLastError 6054->6098 6056 847fc3 6057 83d86a _free 14 API calls 6056->6057 6059 847fc8 6057->6059 6060 847fef 6058->6060 6121 84c1f1 EnterCriticalSection 6058->6121 6062 83f62c ___std_exception_copy 42 API calls 6059->6062 6065 848031 6060->6065 6066 848122 6060->6066 6076 848060 6060->6076 6061->6056 6061->6058 6079 847fad 6061->6079 6062->6079 6065->6076 6122 84b32a GetLastError 6065->6122 6067 84812d 6066->6067 6176 84c208 LeaveCriticalSection 6066->6176 6070 83ad6a ___std_exception_copy 23 API calls 6067->6070 6071 848135 6070->6071 6073 848055 6075 84b32a ___std_exception_copy 42 API calls 6073->6075 6074 84b32a ___std_exception_copy 42 API calls 6077 8480b5 6074->6077 6075->6076 6172 8480cf 6076->6172 6078 84b32a ___std_exception_copy 42 API calls 6077->6078 6077->6079 6078->6079 6079->6045 6081 83f68c ___std_exception_copy 6080->6081 6082 83f6b8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6081->6082 6083 83f789 ___std_exception_copy 6082->6083 6083->6043 6227 83ae7b 6084->6227 6088 8481ac ___std_exception_copy 6087->6088 6093 84c1f1 EnterCriticalSection 6088->6093 6090 8481ba 6094 8481f8 6090->6094 6093->6090 6097 84c208 LeaveCriticalSection 6094->6097 6096 841b7a 6096->6045 6096->6053 6097->6096 6099 84b49e 6098->6099 6100 84b498 6098->6100 6118 84b4a4 SetLastError 6099->6118 6177 84bad3 6099->6177 6189 84ba94 6100->6189 6107 84b4d4 6109 84bad3 _free 6 API calls 6107->6109 6108 84b4eb 6110 84bad3 _free 6 API calls 6108->6110 6119 84b4e2 6109->6119 6111 84b4f7 6110->6111 6112 84b50c 6111->6112 6113 84b4fb 6111->6113 6200 84b5ac 6112->6200 6116 84bad3 _free 6 API calls 6113->6116 6116->6119 6118->6061 6194 84acbe 6119->6194 6120 84acbe _free 12 API calls 6120->6118 6121->6060 6123 84b341 6122->6123 6124 84b347 6122->6124 6125 84ba94 _free 6 API calls 6123->6125 6126 84bad3 _free 6 API calls 6124->6126 6151 84b34d SetLastError 6124->6151 6125->6124 6127 84b365 6126->6127 6128 84ac61 _free 14 API calls 6127->6128 6127->6151 6129 84b375 6128->6129 6131 84b394 6129->6131 6132 84b37d 6129->6132 6137 84bad3 _free 6 API calls 6131->6137 6135 84bad3 _free 6 API calls 6132->6135 6133 84b3e1 6136 841b75 ___std_exception_copy 40 API calls 6133->6136 6134 84b3db 6134->6073 6138 84b38b 6135->6138 6139 84b3e6 6136->6139 6140 84b3a0 6137->6140 6145 84acbe _free 14 API calls 6138->6145 6141 84b3f8 6139->6141 6146 84ba94 _free 6 API calls 6139->6146 6142 84b3a4 6140->6142 6143 84b3b5 6140->6143 6144 84bad3 _free 6 API calls 6141->6144 6153 84b3fe 6141->6153 6147 84bad3 _free 6 API calls 6142->6147 6148 84b5ac _free 14 API calls 6143->6148 6150 84b412 6144->6150 6145->6151 6146->6141 6147->6138 6149 84b3c0 6148->6149 6152 84acbe _free 14 API calls 6149->6152 6150->6153 6154 84ac61 _free 14 API calls 6150->6154 6151->6133 6151->6134 6152->6151 6155 841b75 ___std_exception_copy 40 API calls 6153->6155 6160 84b477 6153->6160 6156 84b422 6154->6156 6157 84b480 6155->6157 6158 84b43f 6156->6158 6159 84b42a 6156->6159 6162 84bad3 _free 6 API calls 6158->6162 6161 84bad3 _free 6 API calls 6159->6161 6160->6073 6163 84b436 6161->6163 6164 84b44b 6162->6164 6168 84acbe _free 14 API calls 6163->6168 6165 84b45e 6164->6165 6166 84b44f 6164->6166 6167 84b5ac _free 14 API calls 6165->6167 6169 84bad3 _free 6 API calls 6166->6169 6170 84b469 6167->6170 6168->6153 6169->6163 6171 84acbe _free 14 API calls 6170->6171 6171->6153 6173 8480d5 6172->6173 6174 8480a6 6172->6174 6226 84c208 LeaveCriticalSection 6173->6226 6174->6074 6174->6077 6174->6079 6176->6067 6205 84bf04 6177->6205 6180 84bb0d TlsSetValue 6181 84b4bc 6181->6118 6182 84ac61 6181->6182 6187 84ac6e _free 6182->6187 6183 84acae 6186 83d86a _free 13 API calls 6183->6186 6184 84ac99 RtlAllocateHeap 6185 84acac 6184->6185 6184->6187 6185->6107 6185->6108 6186->6185 6187->6183 6187->6184 6188 83b006 _free 2 API calls 6187->6188 6188->6187 6190 84bf04 _free 5 API calls 6189->6190 6191 84bab0 6190->6191 6192 84bab9 6191->6192 6193 84bacb TlsGetValue 6191->6193 6192->6099 6195 84acf2 _free 6194->6195 6196 84acc9 HeapFree 6194->6196 6195->6118 6196->6195 6197 84acde 6196->6197 6198 83d86a _free 12 API calls 6197->6198 6199 84ace4 GetLastError 6198->6199 6199->6195 6212 84b712 6200->6212 6206 84bf32 6205->6206 6210 84baef 6205->6210 6207 84be3d _free LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 6206->6207 6206->6210 6208 84bf46 6207->6208 6209 84bf4c GetProcAddress 6208->6209 6208->6210 6209->6210 6211 84bf5c _free 6209->6211 6210->6180 6210->6181 6211->6210 6213 84b71e ___std_exception_copy 6212->6213 6214 84c1f1 ___std_exception_copy EnterCriticalSection 6213->6214 6215 84b728 6214->6215 6216 84b758 _free LeaveCriticalSection 6215->6216 6217 84b61a 6216->6217 6218 84b764 6217->6218 6219 84b770 ___std_exception_copy 6218->6219 6220 84c1f1 ___std_exception_copy EnterCriticalSection 6219->6220 6221 84b77a 6220->6221 6222 84b561 _free 14 API calls 6221->6222 6223 84b792 6222->6223 6224 84b7b2 _free LeaveCriticalSection 6223->6224 6225 84b517 6224->6225 6225->6120 6226->6174 6228 83ae9b 6227->6228 6229 83ae89 6227->6229 6239 83afb9 6228->6239 6255 82d848 GetModuleHandleW 6229->6255 6234 83ad7b 6234->6031 6238 83aede 6240 83afc5 ___std_exception_copy 6239->6240 6263 84c1f1 EnterCriticalSection 6240->6263 6242 83afcf 6264 83aedf 6242->6264 6244 83afdc 6268 83affa 6244->6268 6247 83ae26 6271 84dd2b GetPEB 6247->6271 6250 83ae55 6252 83add3 ___std_exception_copy 3 API calls 6250->6252 6251 83ae35 GetPEB 6251->6250 6253 83ae45 GetCurrentProcess TerminateProcess 6251->6253 6254 83ae5d ExitProcess 6252->6254 6253->6250 6256 82d854 6255->6256 6256->6228 6257 83add3 GetModuleHandleExW 6256->6257 6258 83adf2 GetProcAddress 6257->6258 6259 83ae15 6257->6259 6262 83ae07 6258->6262 6260 83ae24 6259->6260 6261 83ae1b FreeLibrary 6259->6261 6260->6228 6261->6260 6262->6259 6263->6242 6265 83aeeb ___std_exception_copy 6264->6265 6266 83d250 ___std_exception_copy 14 API calls 6265->6266 6267 83af4c ___std_exception_copy 6265->6267 6266->6267 6267->6244 6269 84c208 ___std_exception_copy LeaveCriticalSection 6268->6269 6270 83aece 6269->6270 6270->6234 6270->6247 6272 83ae30 6271->6272 6273 84dd45 6271->6273 6272->6250 6272->6251 6274 84bdbb ___std_exception_copy 5 API calls 6273->6274 6274->6272 6278 82efa2 6275->6278 6281 84944b 6278->6281 6280 1f282b 6280->5946 6280->5947 6282 849454 6281->6282 6283 849457 GetLastError 6281->6283 6282->6280 6286 8596f2 6283->6286 6291 85984c 6286->6291 6289 859724 TlsGetValue 6290 84946c SetLastError 6289->6290 6290->6280 6292 859864 6291->6292 6295 85970c 6291->6295 6292->6295 6297 8597b2 6292->6297 6295->6289 6295->6290 6296 859879 GetProcAddress 6296->6295 6302 8597be ___vcrt_FlsSetValue 6297->6302 6298 859832 6298->6295 6298->6296 6299 8597d4 LoadLibraryExW 6300 8597f2 GetLastError 6299->6300 6301 859839 6299->6301 6300->6302 6301->6298 6303 859841 FreeLibrary 6301->6303 6302->6298 6302->6299 6304 859814 LoadLibraryExW 6302->6304 6303->6298 6304->6301 6304->6302 6306 82cb74 3 API calls 6305->6306 6307 3d3fae 6306->6307 6310 3d3ff0 6307->6310 6309 3d3fd4 6309->5709 6311 3d4003 6310->6311 6315 3d4056 6310->6315 6316 3d4150 6311->6316 6314 3d404c ReleaseSRWLockExclusive 6314->6315 6315->6309 6317 3d4165 6316->6317 6319 3d401a 6317->6319 6320 3d41b0 6317->6320 6319->6314 6319->6315 6321 3d41d4 6320->6321 6322 404d80 ___std_exception_copy 2 API calls 6321->6322 6323 3d41da 6322->6323 6326 3d4230 6323->6326 6325 3d41fa ___std_exception_copy 6325->6319 6327 3d4285 6326->6327 6328 3d4251 6326->6328 6330 3d4278 6327->6330 6331 3d4300 2 API calls 6327->6331 6328->6330 6334 3d4300 6328->6334 6330->6325 6332 3d42aa 6331->6332 6332->6330 6333 3d4300 2 API calls 6332->6333 6333->6330 6335 3d4332 6334->6335 6337 3d4313 6334->6337 6335->6330 6336 3d43ed 6336->6330 6337->6335 6337->6336 6338 3d41b0 2 API calls 6337->6338 6338->6336 6381 4073a0 QueryPerformanceCounter 6382 4073ed __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 6381->6382 6383 82e7a0 6386 82e7aa 6383->6386 6385 82e7a5 6385->6385 6387 82e7c0 6386->6387 6389 82e7c9 6387->6389 6390 82e7f5 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 6387->6390 6389->6385 6390->6389 6391 84f240 6392 84b32a ___std_exception_copy 42 API calls 6391->6392 6393 84f25f 6392->6393 6419 84bb6c 6393->6419 6397 84f2a1 6398 84bb6c 6 API calls 6397->6398 6412 84f365 6397->6412 6399 84f2d4 6398->6399 6401 84f288 6399->6401 6403 844147 42 API calls 6399->6403 6400 84bb6c 6 API calls 6402 84f3a5 6400->6402 6402->6401 6404 844147 42 API calls 6402->6404 6407 84f2ef 6403->6407 6405 84f3ed 6404->6405 6405->6401 6415 84f7bc 6 API calls 6405->6415 6418 84f408 6405->6418 6406 84f2f8 6406->6412 6445 84ea7e 6406->6445 6407->6406 6410 84f333 6407->6410 6407->6412 6435 8442c4 6407->6435 6410->6406 6410->6412 6454 84f7bc 6410->6454 6412->6400 6412->6401 6413 84f4f0 6412->6413 6413->6401 6457 83f63c IsProcessorFeaturePresent 6413->6457 6414 84ea7e 42 API calls 6414->6413 6415->6418 6417 84f51f 6418->6401 6418->6414 6461 84bfef 6419->6461 6423 84bb9f GetLocaleInfoW 6424 84bb86 6423->6424 6424->6401 6425 844147 6424->6425 6426 844155 6425->6426 6427 844178 6425->6427 6426->6427 6429 84415b 6426->6429 6470 844190 6427->6470 6431 83d86a _free 14 API calls 6429->6431 6430 84418b 6430->6397 6432 844160 6431->6432 6433 83f62c ___std_exception_copy 42 API calls 6432->6433 6434 84416b 6433->6434 6434->6397 6436 8442d2 6435->6436 6441 8442f5 6435->6441 6438 8442d8 6436->6438 6436->6441 6440 83d86a _free 14 API calls 6438->6440 6439 84430b 6439->6410 6442 8442dd 6440->6442 6793 844310 6441->6793 6443 83f62c ___std_exception_copy 42 API calls 6442->6443 6444 8442e8 6443->6444 6444->6410 6449 84ea89 6445->6449 6446 84eaa1 6447 84eab5 6446->6447 6448 83d86a _free 14 API calls 6446->6448 6447->6412 6450 84eaab 6448->6450 6449->6446 6449->6447 6452 84eade 6449->6452 6451 83f62c ___std_exception_copy 42 API calls 6450->6451 6451->6447 6452->6447 6453 83d86a _free 14 API calls 6452->6453 6453->6450 6455 84bb6c 6 API calls 6454->6455 6456 84f7e0 ___vcrt_FlsSetValue 6455->6456 6456->6406 6458 83f648 6457->6458 6459 83f670 ___std_exception_copy 3 API calls 6458->6459 6460 83f65d GetCurrentProcess TerminateProcess 6459->6460 6460->6417 6462 84bf04 _free 5 API calls 6461->6462 6463 84bb77 6462->6463 6463->6424 6464 84bd8a 6463->6464 6467 84c08b 6464->6467 6466 84bd95 ___std_exception_copy 6466->6423 6468 84bf04 _free 5 API calls 6467->6468 6469 84c0a1 6468->6469 6469->6466 6471 8441a0 6470->6471 6472 8441ba 6470->6472 6475 83d86a _free 14 API calls 6471->6475 6473 8441c2 6472->6473 6474 8441d9 6472->6474 6476 83d86a _free 14 API calls 6473->6476 6485 831df4 6474->6485 6478 8441a5 6475->6478 6479 8441c7 6476->6479 6480 83f62c ___std_exception_copy 42 API calls 6478->6480 6481 83f62c ___std_exception_copy 42 API calls 6479->6481 6483 8441b0 6480->6483 6481->6483 6482 8441e4 6482->6483 6484 844285 42 API calls 6482->6484 6483->6430 6484->6482 6486 831e14 6485->6486 6487 831e0b 6485->6487 6486->6487 6488 84b32a ___std_exception_copy 42 API calls 6486->6488 6487->6482 6489 831e34 6488->6489 6493 84b87e 6489->6493 6494 84b891 6493->6494 6495 831e4a 6493->6495 6494->6495 6501 84ee6b 6494->6501 6497 84b8ab 6495->6497 6498 84b8d3 6497->6498 6499 84b8be 6497->6499 6498->6487 6499->6498 6637 84c416 6499->6637 6502 84ee77 ___std_exception_copy 6501->6502 6503 84b32a ___std_exception_copy 42 API calls 6502->6503 6504 84ee80 6503->6504 6505 84eec6 6504->6505 6514 84c1f1 EnterCriticalSection 6504->6514 6505->6495 6507 84ee9e 6515 84eeec 6507->6515 6512 841b75 ___std_exception_copy 42 API calls 6513 84eeeb 6512->6513 6514->6507 6516 84eefa _free 6515->6516 6518 84eeaf 6515->6518 6516->6518 6522 84eca0 6516->6522 6519 84eecb 6518->6519 6636 84c208 LeaveCriticalSection 6519->6636 6521 84eec2 6521->6505 6521->6512 6523 84ecb6 6522->6523 6525 84ed20 6522->6525 6523->6525 6527 84ece9 6523->6527 6532 84acbe _free 14 API calls 6523->6532 6526 84acbe _free 14 API calls 6525->6526 6549 84ed6e 6525->6549 6528 84ed42 6526->6528 6529 84ed0b 6527->6529 6537 84acbe _free 14 API calls 6527->6537 6530 84acbe _free 14 API calls 6528->6530 6531 84acbe _free 14 API calls 6529->6531 6533 84ed55 6530->6533 6534 84ed15 6531->6534 6536 84ecde 6532->6536 6538 84acbe _free 14 API calls 6533->6538 6539 84acbe _free 14 API calls 6534->6539 6535 84eddc 6540 84acbe _free 14 API calls 6535->6540 6550 84e116 6536->6550 6542 84ed00 6537->6542 6543 84ed63 6538->6543 6539->6525 6547 84ede2 6540->6547 6578 84e42e 6542->6578 6545 84acbe _free 14 API calls 6543->6545 6545->6549 6546 84acbe 14 API calls _free 6548 84ed7c 6546->6548 6547->6518 6548->6535 6548->6546 6590 84ee3a 6549->6590 6551 84e127 6550->6551 6552 84e210 6550->6552 6553 84e138 6551->6553 6555 84acbe _free 14 API calls 6551->6555 6552->6527 6554 84e14a 6553->6554 6556 84acbe _free 14 API calls 6553->6556 6557 84e15c 6554->6557 6558 84acbe _free 14 API calls 6554->6558 6555->6553 6556->6554 6559 84e16e 6557->6559 6560 84acbe _free 14 API calls 6557->6560 6558->6557 6561 84e180 6559->6561 6563 84acbe _free 14 API calls 6559->6563 6560->6559 6562 84e192 6561->6562 6564 84acbe _free 14 API calls 6561->6564 6565 84e1a4 6562->6565 6566 84acbe _free 14 API calls 6562->6566 6563->6561 6564->6562 6567 84e1b6 6565->6567 6568 84acbe _free 14 API calls 6565->6568 6566->6565 6569 84e1c8 6567->6569 6571 84acbe _free 14 API calls 6567->6571 6568->6567 6570 84e1da 6569->6570 6572 84acbe _free 14 API calls 6569->6572 6573 84e1ec 6570->6573 6574 84acbe _free 14 API calls 6570->6574 6571->6569 6572->6570 6575 84e1fe 6573->6575 6576 84acbe _free 14 API calls 6573->6576 6574->6573 6575->6552 6577 84acbe _free 14 API calls 6575->6577 6576->6575 6577->6552 6579 84e43b 6578->6579 6589 84e493 6578->6589 6580 84e44b 6579->6580 6581 84acbe _free 14 API calls 6579->6581 6582 84acbe _free 14 API calls 6580->6582 6586 84e45d 6580->6586 6581->6580 6582->6586 6583 84acbe _free 14 API calls 6585 84e46f 6583->6585 6584 84e481 6588 84acbe _free 14 API calls 6584->6588 6584->6589 6585->6584 6587 84acbe _free 14 API calls 6585->6587 6586->6583 6586->6585 6587->6584 6588->6589 6589->6529 6591 84ee66 6590->6591 6592 84ee47 6590->6592 6591->6548 6592->6591 6596 84e51b 6592->6596 6595 84acbe _free 14 API calls 6595->6591 6597 84e5f9 6596->6597 6598 84e52c 6596->6598 6597->6595 6632 84e87b 6598->6632 6601 84e87b _free 14 API calls 6602 84e53f 6601->6602 6603 84e87b _free 14 API calls 6602->6603 6604 84e54a 6603->6604 6605 84e87b _free 14 API calls 6604->6605 6606 84e555 6605->6606 6607 84e87b _free 14 API calls 6606->6607 6608 84e563 6607->6608 6609 84acbe _free 14 API calls 6608->6609 6610 84e56e 6609->6610 6611 84acbe _free 14 API calls 6610->6611 6612 84e579 6611->6612 6613 84acbe _free 14 API calls 6612->6613 6614 84e584 6613->6614 6615 84e87b _free 14 API calls 6614->6615 6616 84e592 6615->6616 6617 84e87b _free 14 API calls 6616->6617 6618 84e5a0 6617->6618 6619 84e87b _free 14 API calls 6618->6619 6620 84e5b1 6619->6620 6621 84e87b _free 14 API calls 6620->6621 6622 84e5bf 6621->6622 6623 84e87b _free 14 API calls 6622->6623 6624 84e5cd 6623->6624 6625 84acbe _free 14 API calls 6624->6625 6626 84e5d8 6625->6626 6627 84acbe _free 14 API calls 6626->6627 6628 84e5e3 6627->6628 6629 84acbe _free 14 API calls 6628->6629 6630 84e5ee 6629->6630 6631 84acbe _free 14 API calls 6630->6631 6631->6597 6633 84e534 6632->6633 6634 84e89e 6632->6634 6633->6601 6634->6633 6635 84acbe _free 14 API calls 6634->6635 6635->6634 6636->6521 6638 84b32a ___std_exception_copy 42 API calls 6637->6638 6639 84c420 6638->6639 6642 84c741 6639->6642 6641 84c426 6641->6498 6643 84c74d ___std_exception_copy 6642->6643 6644 84c767 6643->6644 6671 84c1f1 EnterCriticalSection 6643->6671 6646 84c76e 6644->6646 6649 841b75 ___std_exception_copy 42 API calls 6644->6649 6646->6641 6647 84c7a3 6672 84c7c0 6647->6672 6650 84c7e0 6649->6650 6652 84c741 ___std_exception_copy 42 API calls 6650->6652 6651 84c777 6651->6647 6654 84acbe _free 14 API calls 6651->6654 6653 84c7f4 6652->6653 6675 84c66b 6653->6675 6654->6647 6657 84c80d 6657->6641 6661 84c843 6663 84c84b 6661->6663 6668 84c866 ___std_exception_copy 6661->6668 6662 84acbe _free 14 API calls 6664 84c85e 6662->6664 6665 83d86a _free 14 API calls 6663->6665 6664->6641 6666 84c850 6665->6666 6666->6662 6667 84c892 6667->6666 6698 84cb36 6667->6698 6668->6667 6670 84acbe _free 14 API calls 6668->6670 6670->6667 6671->6651 6706 84c208 LeaveCriticalSection 6672->6706 6674 84c7c7 6674->6644 6676 831df4 ___std_exception_copy 40 API calls 6675->6676 6677 84c67d 6676->6677 6678 84c68c GetOEMCP 6677->6678 6679 84c69e 6677->6679 6680 84c6b5 6678->6680 6679->6680 6681 84c6a3 GetACP 6679->6681 6680->6657 6682 84ce28 6680->6682 6681->6680 6683 84ce66 6682->6683 6687 84ce36 _free 6682->6687 6684 83d86a _free 14 API calls 6683->6684 6686 84c81e 6684->6686 6685 84ce51 RtlAllocateHeap 6685->6686 6685->6687 6686->6666 6689 84c478 6686->6689 6687->6683 6687->6685 6688 83b006 _free 2 API calls 6687->6688 6688->6687 6690 84c66b ___std_exception_copy 40 API calls 6689->6690 6691 84c498 6690->6691 6692 84c4d2 IsValidCodePage 6691->6692 6696 84c50e ___std_exception_copy 6691->6696 6693 84c4e4 6692->6693 6692->6696 6694 84c513 GetCPInfo 6693->6694 6697 84c4ed ___std_exception_copy 6693->6697 6694->6696 6694->6697 6696->6661 6707 84c9b6 6697->6707 6699 84cb42 ___std_exception_copy 6698->6699 6767 84c1f1 EnterCriticalSection 6699->6767 6701 84cb4c 6768 84c8f5 6701->6768 6706->6674 6708 84c9de GetCPInfo 6707->6708 6715 84caa7 6707->6715 6712 84c9f6 6708->6712 6708->6715 6710 84ca5e 6729 84b0aa 6710->6729 6716 84afa7 6712->6716 6714 84b0aa ___std_exception_copy 41 API calls 6714->6715 6715->6696 6717 831df4 ___std_exception_copy 41 API calls 6716->6717 6718 84afc7 6717->6718 6734 84dcaf 6718->6734 6720 84b085 6720->6710 6721 84aff4 6721->6720 6722 84ce28 ___std_exception_copy 15 API calls 6721->6722 6725 84b01a ___std_exception_copy 6721->6725 6722->6725 6723 84b07f 6737 84acf8 6723->6737 6725->6723 6726 84dcaf ___std_exception_copy MultiByteToWideChar 6725->6726 6727 84b068 6726->6727 6727->6723 6728 84b06f GetStringTypeW 6727->6728 6728->6723 6730 831df4 ___std_exception_copy 42 API calls 6729->6730 6731 84b0bd 6730->6731 6741 84b0f3 6731->6741 6733 84b0de 6733->6714 6735 84dcc0 MultiByteToWideChar 6734->6735 6735->6721 6738 84ad04 6737->6738 6739 84ad15 6737->6739 6738->6739 6740 84acbe _free 14 API calls 6738->6740 6739->6720 6740->6739 6742 84b10e ___std_exception_copy 6741->6742 6743 84dcaf ___std_exception_copy MultiByteToWideChar 6742->6743 6745 84b152 6743->6745 6744 84b2b7 6744->6733 6745->6744 6747 84ce28 ___std_exception_copy 15 API calls 6745->6747 6751 84b177 ___std_exception_copy 6745->6751 6746 84b21c 6750 84acf8 __freea 14 API calls 6746->6750 6747->6751 6748 84dcaf ___std_exception_copy MultiByteToWideChar 6749 84b1bd 6748->6749 6749->6746 6752 84bcee ___std_exception_copy 6 API calls 6749->6752 6750->6744 6751->6746 6751->6748 6753 84b1df 6752->6753 6753->6746 6754 84b1f3 6753->6754 6755 84b22b 6753->6755 6754->6746 6757 84bcee ___std_exception_copy 6 API calls 6754->6757 6756 84ce28 ___std_exception_copy 15 API calls 6755->6756 6760 84b23d ___std_exception_copy 6755->6760 6756->6760 6757->6746 6758 84b2a8 6759 84acf8 __freea 14 API calls 6758->6759 6759->6746 6760->6758 6761 84bcee ___std_exception_copy 6 API calls 6760->6761 6762 84b285 6761->6762 6762->6758 6763 8516fb ___std_exception_copy WideCharToMultiByte 6762->6763 6764 84b29f 6763->6764 6764->6758 6765 84b2d4 6764->6765 6766 84acf8 __freea 14 API calls 6765->6766 6766->6746 6767->6701 6778 836157 6768->6778 6770 84c917 6771 836157 ___std_exception_copy 42 API calls 6770->6771 6772 84c936 6771->6772 6773 84c95d 6772->6773 6774 84acbe _free 14 API calls 6772->6774 6775 84cb77 6773->6775 6774->6773 6792 84c208 LeaveCriticalSection 6775->6792 6777 84cb65 6777->6666 6779 836168 6778->6779 6788 836164 ___std_exception_copy 6778->6788 6780 836182 ___std_exception_copy 6779->6780 6781 83616f 6779->6781 6785 8361b0 6780->6785 6786 8361b9 6780->6786 6780->6788 6782 83d86a _free 14 API calls 6781->6782 6783 836174 6782->6783 6784 83f62c ___std_exception_copy 42 API calls 6783->6784 6784->6788 6787 83d86a _free 14 API calls 6785->6787 6786->6788 6790 83d86a _free 14 API calls 6786->6790 6789 8361b5 6787->6789 6788->6770 6791 83f62c ___std_exception_copy 42 API calls 6789->6791 6790->6789 6791->6788 6792->6777 6794 844320 6793->6794 6795 84433a 6793->6795 6796 83d86a _free 14 API calls 6794->6796 6797 844342 6795->6797 6798 84435c 6795->6798 6799 844325 6796->6799 6800 83d86a _free 14 API calls 6797->6800 6801 831df4 ___std_exception_copy 42 API calls 6798->6801 6805 844330 ___std_exception_copy 6798->6805 6802 83f62c ___std_exception_copy 42 API calls 6799->6802 6803 844347 6800->6803 6807 844373 6801->6807 6802->6805 6804 83f62c ___std_exception_copy 42 API calls 6803->6804 6804->6805 6805->6439 6806 844285 42 API calls 6806->6807 6807->6805 6807->6806 6808 84f580 6809 84b32a ___std_exception_copy 42 API calls 6808->6809 6810 84f59f 6809->6810 6811 84bb6c 6 API calls 6810->6811 6812 84f5c4 6811->6812 6813 844147 42 API calls 6812->6813 6814 84f5c8 6812->6814 6815 84f5dd 6813->6815 6815->6814 6816 84ea7e 42 API calls 6815->6816 6817 84f60d 6816->6817 6817->6814 6818 83f63c ___std_exception_copy 6 API calls 6817->6818 6819 84f63e 6818->6819 6339 84b481 GetLastError 6340 84b49e 6339->6340 6341 84b498 6339->6341 6343 84bad3 _free 6 API calls 6340->6343 6359 84b4a4 SetLastError 6340->6359 6342 84ba94 _free 6 API calls 6341->6342 6342->6340 6344 84b4bc 6343->6344 6345 84ac61 _free 12 API calls 6344->6345 6344->6359 6346 84b4cc 6345->6346 6348 84b4d4 6346->6348 6349 84b4eb 6346->6349 6350 84bad3 _free 6 API calls 6348->6350 6351 84bad3 _free 6 API calls 6349->6351 6360 84b4e2 6350->6360 6352 84b4f7 6351->6352 6353 84b50c 6352->6353 6354 84b4fb 6352->6354 6355 84b5ac _free 12 API calls 6353->6355 6357 84bad3 _free 6 API calls 6354->6357 6358 84b517 6355->6358 6356 84acbe _free 12 API calls 6356->6359 6357->6360 6361 84acbe _free 12 API calls 6358->6361 6360->6356 6361->6359 6362 83ad6a 6363 83ae7b ___std_exception_copy 23 API calls 6362->6363 6364 83ad7b 6363->6364 6365 3b25f0 6366 3b2510 25 API calls 6365->6366 6367 3b2600 6366->6367 6368 3b2580 66 API calls 6367->6368 6369 3b261c 6368->6369 6370 82e90c RaiseException 6369->6370 6371 3b2627 6370->6371 6372 3c91e0 11 API calls 6371->6372 6373 3b267f 6372->6373 6374 84ce28 6375 84ce66 6374->6375 6379 84ce36 _free 6374->6379 6376 83d86a _free 14 API calls 6375->6376 6378 84ce64 6376->6378 6377 84ce51 RtlAllocateHeap 6377->6378 6377->6379 6379->6375 6379->6377 6380 83b006 _free 2 API calls 6379->6380 6380->6379 6820 83b52f 6821 83b578 6820->6821 6822 83b53c 6820->6822 6822->6821 6823 84ce28 ___std_exception_copy 15 API calls 6822->6823 6824 83b55c 6823->6824 6824->6821 6825 84ea7e 42 API calls 6824->6825 6826 83b571 6825->6826 6826->6821 6827 83f63c ___std_exception_copy 6 API calls 6826->6827 6828 83b58e 6827->6828 6829 505c80 6830 505c93 GetModuleHandleW GetProcAddress 6829->6830 6831 505cb8 6830->6831 6832 82f170 6835 82f18e ___except_validate_context_record _ValidateLocalCookies __IsNonwritableInCurrentImage 6832->6835 6833 82f20e _ValidateLocalCookies 6835->6833 6841 84ab74 RtlUnwind 6835->6841 6836 82f297 _ValidateLocalCookies 6842 8493ab 6836->6842 6838 82f2d4 6839 841b75 ___std_exception_copy 42 API calls 6838->6839 6840 82f30b 6839->6840 6841->6836 6856 8493b9 6842->6856 6844 841b75 6845 8493b8 6844->6845 6846 847f1c ___std_exception_copy 2 API calls 6844->6846 6845->6838 6847 841b7a 6846->6847 6848 841b85 6847->6848 6849 847f43 ___std_exception_copy 42 API calls 6847->6849 6850 841b8f IsProcessorFeaturePresent 6848->6850 6855 841bae 6848->6855 6849->6848 6851 841b9b 6850->6851 6853 83f670 ___std_exception_copy 3 API calls 6851->6853 6852 83ad6a ___std_exception_copy 23 API calls 6854 841bb8 6852->6854 6853->6855 6854->6838 6855->6852 6857 8493c5 GetLastError 6856->6857 6858 8493c2 6856->6858 6859 8596f2 ___vcrt_FlsGetValue 6 API calls 6857->6859 6858->6844 6860 8493da 6859->6860 6861 8493f9 ___std_exception_copy 6860->6861 6862 84943f SetLastError 6860->6862 6870 85972d 6860->6870 6861->6862 6862->6844 6867 84941b 6867->6861 6869 85972d ___vcrt_FlsSetValue 6 API calls 6867->6869 6868 85972d ___vcrt_FlsSetValue 6 API calls 6868->6867 6869->6861 6871 85984c ___vcrt_FlsSetValue 5 API calls 6870->6871 6872 859747 6871->6872 6873 859762 TlsSetValue 6872->6873 6874 8493f3 6872->6874 6873->6874 6874->6861 6875 404e30 6874->6875 6876 404e42 6875->6876 6877 404e5c 6876->6877 6878 506b00 ___std_exception_copy 2 API calls 6876->6878 6877->6867 6877->6868 6878->6876 6879 84fdf0 6880 84b32a ___std_exception_copy 42 API calls 6879->6880 6881 84fe10 6880->6881 6882 84b32a ___std_exception_copy 42 API calls 6881->6882 6883 84fe17 6882->6883 6884 84fe23 GetLocaleInfoW 6883->6884 6885 84fe53 6884->6885 6887 84fe4e 6884->6887 6886 844147 42 API calls 6885->6886 6888 84fe62 6886->6888 6888->6887 6890 844147 42 API calls 6888->6890 6891 84fe6b 6888->6891 6890->6891 6891->6887 6892 8500bd 6891->6892 6893 84b32a ___std_exception_copy 42 API calls 6892->6893 6894 8500ca GetLocaleInfoW 6893->6894 6895 8500f3 6894->6895 6895->6887 6896 84ff10 6897 84b32a ___std_exception_copy 42 API calls 6896->6897 6898 84ff30 6897->6898 6899 84b32a ___std_exception_copy 42 API calls 6898->6899 6900 84ff37 6899->6900 6901 84ff43 GetLocaleInfoW 6900->6901 6902 84ff73 6901->6902 6904 84ff6e 6901->6904 6903 844147 42 API calls 6902->6903 6903->6904 6905 84fb30 6906 84b32a ___std_exception_copy 42 API calls 6905->6906 6907 84fb50 6906->6907 6908 84b32a ___std_exception_copy 42 API calls 6907->6908 6909 84fb57 6908->6909 6910 84fb63 GetLocaleInfoW 6909->6910 6911 84fb99 6910->6911 6923 84fcc6 6910->6923 6912 844147 42 API calls 6911->6912 6913 84fba8 6912->6913 6914 84fbb2 GetLocaleInfoW 6913->6914 6928 84fbf3 6913->6928 6916 84fbdc 6914->6916 6914->6923 6915 84fc78 GetLocaleInfoW 6917 84fca2 6915->6917 6915->6923 6918 844147 42 API calls 6916->6918 6919 844147 42 API calls 6917->6919 6922 84fbeb 6918->6922 6920 84fcb1 6919->6920 6921 84fd21 6920->6921 6926 84fcb7 6920->6926 6921->6923 6925 844147 42 API calls 6921->6925 6924 8442c4 42 API calls 6922->6924 6922->6928 6924->6928 6927 84fd3c 6925->6927 6926->6923 6926->6926 6930 8500bd 43 API calls 6926->6930 6927->6923 6929 8500bd 43 API calls 6927->6929 6928->6915 6928->6923 6929->6923 6930->6923

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 0083AE26 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 327 83ae26-83ae33 call 84dd2b 330 83ae55-83ae61 call 83add3 ExitProcess 327->330 331 83ae35-83ae43 GetPEB 327->331 331->330 333 83ae45-83ae4f GetCurrentProcess TerminateProcess 331->333 333->330
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0083AE26(int _a4) {
				void* _t14;

				if(E0084DD2B(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E0083ADD3(_t14, _a4);
				ExitProcess(_a4);
			}




                                                                                                                                                              0x0083ae33
                                                                                                                                                              0x0083ae4f
                                                                                                                                                              0x0083ae4f
                                                                                                                                                              0x0083ae58
                                                                                                                                                              0x0083ae61

                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(00841BB8,?,0083AEDE,0083F839,?,00841BB8,0083F839,00841BB8,00000003), ref: 0083AE48
                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,0083AEDE,0083F839,?,00841BB8,0083F839,00841BB8,00000003), ref: 0083AE4F
                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0083AE61
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                              • Opcode ID: 0a77fa0bcde5f84ba1b231d803e2b1f2959a4584260c999a01e264c5e500a194
                                                                                                                                                              • Instruction ID: a0c17bc8dafc4ae9e5b31887ff034d6ad37df7cbdd32c485efe2b125ed7dd8d8
                                                                                                                                                              • Opcode Fuzzy Hash: 0a77fa0bcde5f84ba1b231d803e2b1f2959a4584260c999a01e264c5e500a194
                                                                                                                                                              • Instruction Fuzzy Hash: 7FE04631000248AFCF25BF98DC88A493B6DFF80741F004010F914CA571CB36DD42CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00404000 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 254sleepthreadlibraryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                              			E00404000(void* __eflags, signed int _a4, signed int _a8) {
				void* _v16;
				signed int _v24;
				char _v25;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void _v44;
				signed int _v68;
				void* __edi;
				void* __esi;
				signed int _t57;
				signed int _t60;
				signed int _t67;
				signed int _t70;
				signed int _t75;
				intOrPtr _t79;
				signed int _t81;
				void* _t87;
				signed int _t101;
				signed int _t113;
				signed int _t115;
				signed int _t120;
				signed int _t123;
				signed int _t125;
				signed int _t128;
				intOrPtr _t129;
				intOrPtr* _t132;
				signed int _t133;
				signed int _t150;
				signed int _t152;
				intOrPtr* _t156;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				signed int _t163;
				void* _t164;
				void* _t166;
				void* _t167;
				void* _t168;

				_t57 =  *0xae93a0; // 0xe041a7c9
				_t150 = _a4;
				_t155 =  &_v32;
				_v24 = _t57 ^ _t158;
				E004069F0(_t155);
				_t163 = (_t160 & 0xfffffff8) - 0x20 + 4;
				_t60 =  *_t155;
				_t113 =  *(_t155 + 4);
				if((_a8 ^ 0x80000000 | _t150) == 0) {
					_t60 =  !_t60;
					_t151 = 0x7fffffff;
					_t99 = 0;
					asm("adc edi, 0x0");
					_t113 = _t113 ^ 0x7fffffff | _t60;
					__eflags = _t113;
					if(_t113 != 0) {
						goto L3;
					} else {
						asm("int3");
						asm("ud2");
						goto L11;
					}
				} else {
					if((_a8 ^ 0x7fffffff |  !_t150) == 0) {
						L11:
						_t151 = 0x7fffffff;
						_t99 = 0xffffffffffffffff;
						asm("adc edx, 0x0");
						__eflags = _t60 | _t113 ^ 0x7fffffff;
						if((_t60 | _t113 ^ 0x7fffffff) != 0) {
							goto L3;
						} else {
							asm("int3");
							asm("ud2");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t158);
							_t159 = _t163;
							_push(0xffffffffffffffff);
							_push(0x7fffffff);
							_push(_t155);
							_t168 = _t163 - 0x10;
							_t75 =  *0xae93a0; // 0xe041a7c9
							_t156 = _v44;
							_v68 = _t75 ^ _t159;
							E00505110(E00504EF0(0x7fffffff), 0x7fffffff, __eflags, _t156);
							_t128 =  *0xaee0a8; // 0x0
							_t143 =  *[fs:0x2c];
							_t79 =  *0xaec638; // 0x80000011
							_t129 =  *((intOrPtr*)( *[fs:0x2c] + _t128 * 4));
							__eflags = _t79 -  *((intOrPtr*)(_t129 + 0x18));
							if(_t79 >  *((intOrPtr*)(_t129 + 0x18))) {
								E0082CC77(_t79, 0xaec638);
								_t168 = _t168 + 4;
								__eflags =  *0xaec638 - 0xffffffff;
								if( *0xaec638 == 0xffffffff) {
									 *0xaec634 = GetProcAddress(GetModuleHandleW(L"Kernel32.dll"), "SetThreadDescription");
									E0082CCED(0xaec638);
									_t168 = _t168 + 4;
								}
							}
							_t152 =  *0xaec634;
							__eflags = _t152;
							if(_t152 != 0) {
								_t85 =  *(_t156 + 0xb) & 0x000000ff;
								_t132 = _t156;
								__eflags =  *(_t156 + 0xb) & 0x000000ff;
								if(__eflags < 0) {
									_t132 =  *_t156;
									_t85 =  *(_t156 + 4);
								}
								_t101 =  &_v36;
								E003F05A0(_t152, __eflags, _t101, _t132, _t85);
								_t168 = _t168 + 0xc;
								__eflags =  *((char*)(_t101 + 0xb));
								if( *((char*)(_t101 + 0xb)) < 0) {
									_t101 = _v36;
								}
								_t87 = GetCurrentThread();
								 *_t152(_t87, _t101); // executed
								__eflags = _v25;
								if(_v25 < 0) {
									L0082CBF4(_v36);
									_t168 = _t168 + 4;
								}
							}
							_t81 = IsDebuggerPresent();
							__eflags = _t81;
							if(_t81 != 0) {
								__eflags =  *(_t156 + 0xb);
								if( *(_t156 + 0xb) < 0) {
									_t156 =  *_t156;
								}
								E004042E0(GetCurrentThreadId(), _t156);
								_t168 = _t168 + 8;
							}
							__eflags = _v24 ^ _t159;
							return L0082CC31(_v24 ^ _t159, _t143, _t152, _t156);
						}
					} else {
						_v44 = _t60 + _t150;
						asm("adc ecx, edx");
						_t155 = _t113 >> 0x1f;
						_t99 =  ==  ? _v44 : _t113 >> 0x1f;
						_t151 =  ==  ? _t113 : (0 | _t113 > 0x00000000) + 0x7fffffff;
						L3:
						E004069F0( &_v32);
						_t164 = _t163 + 4;
						_t115 = _v32;
						_t63 = _v28;
						_t133 = _v28;
						asm("sbb edx, edi");
						if(_t115 < _t99) {
							_t155 =  &_v40;
							asm("sbb ecx, eax");
							 *_t155 = _t99 - _t115;
							 *(_t155 + 4) = _t151;
							Sleep(E003F3090(_t63, _t155));
							E004069F0(_t155);
							_t166 = _t164 + 4;
							_t120 =  *_t155;
							_t67 =  *(_t155 + 4);
							_t133 = _t67;
							_v28 = _t67;
							_v32 = _t120;
							asm("sbb edx, edi");
							if(_t120 < _t99) {
								_t155 =  &_v40;
								asm("sbb ecx, eax");
								 *_t155 = _t99 - _t120;
								 *(_t155 + 4) = _t151;
								Sleep(E003F3090(_t67, _t155));
								E004069F0(_t155);
								_t167 = _t166 + 4;
								_t70 =  *_t155;
								_t123 =  *(_t155 + 4);
								_t133 = _t123;
								_v28 = _t123;
								_v32 = _t70;
								asm("sbb edx, edi");
								if(_t70 < _t99) {
									do {
										asm("sbb eax, ecx");
										_v40 = _t99 - _t70;
										_v36 = _t151;
										Sleep(E003F3090(_t151, _t155));
										E004069F0(_t155);
										_t167 = _t167 + 4;
										_t70 = _v40;
										_t125 = _v36;
										__eflags = _t70 - _t99;
										_t133 = _t125;
										_v28 = _t125;
										_v32 = _t70;
										asm("sbb edx, edi");
									} while (_t70 < _t99);
								}
							}
						}
						return L0082CC31(_v24 ^ _t158, _t133, _t151, _t155);
					}
				}
			}











































                                                                                                                                                              0x0040400c
                                                                                                                                                              0x00404011
                                                                                                                                                              0x00404017
                                                                                                                                                              0x0040401d
                                                                                                                                                              0x00404022
                                                                                                                                                              0x00404027
                                                                                                                                                              0x0040402c
                                                                                                                                                              0x00404036
                                                                                                                                                              0x00404039
                                                                                                                                                              0x0040418c
                                                                                                                                                              0x0040418e
                                                                                                                                                              0x00404194
                                                                                                                                                              0x00404197
                                                                                                                                                              0x0040419a
                                                                                                                                                              0x0040419a
                                                                                                                                                              0x0040419c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004041a2
                                                                                                                                                              0x004041a2
                                                                                                                                                              0x004041a3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004041a3
                                                                                                                                                              0x0040403f
                                                                                                                                                              0x0040404e
                                                                                                                                                              0x004041a5
                                                                                                                                                              0x004041a7
                                                                                                                                                              0x004041ac
                                                                                                                                                              0x004041b7
                                                                                                                                                              0x004041bc
                                                                                                                                                              0x004041be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004041c4
                                                                                                                                                              0x004041c4
                                                                                                                                                              0x004041c5
                                                                                                                                                              0x004041c7
                                                                                                                                                              0x004041c8
                                                                                                                                                              0x004041c9
                                                                                                                                                              0x004041ca
                                                                                                                                                              0x004041cb
                                                                                                                                                              0x004041cc
                                                                                                                                                              0x004041cd
                                                                                                                                                              0x004041ce
                                                                                                                                                              0x004041cf
                                                                                                                                                              0x004041d0
                                                                                                                                                              0x004041d1
                                                                                                                                                              0x004041d3
                                                                                                                                                              0x004041d4
                                                                                                                                                              0x004041d5
                                                                                                                                                              0x004041d6
                                                                                                                                                              0x004041d9
                                                                                                                                                              0x004041de
                                                                                                                                                              0x004041e3
                                                                                                                                                              0x004041ee
                                                                                                                                                              0x004041f3
                                                                                                                                                              0x004041f9
                                                                                                                                                              0x00404200
                                                                                                                                                              0x00404205
                                                                                                                                                              0x00404208
                                                                                                                                                              0x0040420e
                                                                                                                                                              0x0040427c
                                                                                                                                                              0x00404281
                                                                                                                                                              0x00404284
                                                                                                                                                              0x0040428b
                                                                                                                                                              0x004042a4
                                                                                                                                                              0x004042ae
                                                                                                                                                              0x004042b3
                                                                                                                                                              0x004042b3
                                                                                                                                                              0x0040428b
                                                                                                                                                              0x00404210
                                                                                                                                                              0x00404216
                                                                                                                                                              0x00404218
                                                                                                                                                              0x0040421a
                                                                                                                                                              0x0040421e
                                                                                                                                                              0x00404220
                                                                                                                                                              0x00404222
                                                                                                                                                              0x00404224
                                                                                                                                                              0x00404226
                                                                                                                                                              0x00404226
                                                                                                                                                              0x00404229
                                                                                                                                                              0x0040422f
                                                                                                                                                              0x00404234
                                                                                                                                                              0x00404237
                                                                                                                                                              0x0040423b
                                                                                                                                                              0x0040423d
                                                                                                                                                              0x0040423d
                                                                                                                                                              0x00404240
                                                                                                                                                              0x00404248
                                                                                                                                                              0x0040424a
                                                                                                                                                              0x0040424e
                                                                                                                                                              0x00404253
                                                                                                                                                              0x00404258
                                                                                                                                                              0x00404258
                                                                                                                                                              0x0040424e
                                                                                                                                                              0x0040425b
                                                                                                                                                              0x00404261
                                                                                                                                                              0x00404263
                                                                                                                                                              0x004042bb
                                                                                                                                                              0x004042bf
                                                                                                                                                              0x004042c1
                                                                                                                                                              0x004042c1
                                                                                                                                                              0x004042cb
                                                                                                                                                              0x004042d0
                                                                                                                                                              0x004042d0
                                                                                                                                                              0x00404268
                                                                                                                                                              0x00404276
                                                                                                                                                              0x00404276
                                                                                                                                                              0x00404054
                                                                                                                                                              0x0040405b
                                                                                                                                                              0x0040405f
                                                                                                                                                              0x00404067
                                                                                                                                                              0x00404091
                                                                                                                                                              0x00404096
                                                                                                                                                              0x00404099
                                                                                                                                                              0x0040409e
                                                                                                                                                              0x004040a3
                                                                                                                                                              0x004040a6
                                                                                                                                                              0x004040aa
                                                                                                                                                              0x004040b0
                                                                                                                                                              0x004040b2
                                                                                                                                                              0x004040b4
                                                                                                                                                              0x004040b8
                                                                                                                                                              0x004040c0
                                                                                                                                                              0x004040c2
                                                                                                                                                              0x004040c4
                                                                                                                                                              0x004040cf
                                                                                                                                                              0x004040d6
                                                                                                                                                              0x004040db
                                                                                                                                                              0x004040de
                                                                                                                                                              0x004040e0
                                                                                                                                                              0x004040e5
                                                                                                                                                              0x004040e7
                                                                                                                                                              0x004040eb
                                                                                                                                                              0x004040ef
                                                                                                                                                              0x004040f1
                                                                                                                                                              0x004040f5
                                                                                                                                                              0x004040fd
                                                                                                                                                              0x004040ff
                                                                                                                                                              0x00404101
                                                                                                                                                              0x0040410c
                                                                                                                                                              0x00404113
                                                                                                                                                              0x00404118
                                                                                                                                                              0x0040411b
                                                                                                                                                              0x0040411d
                                                                                                                                                              0x00404122
                                                                                                                                                              0x00404124
                                                                                                                                                              0x00404128
                                                                                                                                                              0x0040412c
                                                                                                                                                              0x0040412e
                                                                                                                                                              0x00404143
                                                                                                                                                              0x00404149
                                                                                                                                                              0x0040414d
                                                                                                                                                              0x00404151
                                                                                                                                                              0x0040415b
                                                                                                                                                              0x00404162
                                                                                                                                                              0x00404167
                                                                                                                                                              0x0040416a
                                                                                                                                                              0x0040416e
                                                                                                                                                              0x00404172
                                                                                                                                                              0x00404174
                                                                                                                                                              0x00404176
                                                                                                                                                              0x0040417a
                                                                                                                                                              0x0040417e
                                                                                                                                                              0x0040417e
                                                                                                                                                              0x00404143
                                                                                                                                                              0x0040412e
                                                                                                                                                              0x004040f1
                                                                                                                                                              0x00404142
                                                                                                                                                              0x00404142
                                                                                                                                                              0x0040404e

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 004069F0: QueryPerformanceCounter.KERNEL32(?), ref: 00406A2B
                                                                                                                                                                • Part of subcall function 004069F0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406A68
                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,0G@,?,000003E7,?,003DDA16,000003E8,00000000,?,?,00504F0E,00AEE1C8,00000000), ref: 004040CF
                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,0G@,?,000003E7,?,003DDA16,000003E8,00000000,?,?,00504F0E,00AEE1C8), ref: 0040410C
                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,0G@,?,000003E7,?,003DDA16,000003E8,00000000,?,?,00504F0E), ref: 0040415B
                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00404240
                                                                                                                                                              • SetThreadDescription.KERNELBASE(00000000,?), ref: 00404248
                                                                                                                                                              • IsDebuggerPresent.KERNEL32(-00000001,?,7FFFFFFF,-00000001,?,?,?,0G@,?,000003E7,?,003DDA16,000003E8,00000000), ref: 0040425B
                                                                                                                                                              • __Init_thread_header.LIBCMT ref: 0040427C
                                                                                                                                                              • GetModuleHandleW.KERNEL32(Kernel32.dll,-00000001,?,7FFFFFFF,-00000001,?,?,?,0G@,?,000003E7,?,003DDA16,000003E8,00000000), ref: 00404292
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 0040429E
                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 004042AE
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004042C3
                                                                                                                                                                • Part of subcall function 004069F0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406AA6
                                                                                                                                                                • Part of subcall function 004069F0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406B09
                                                                                                                                                                • Part of subcall function 003F3090: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003F30C2
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$SleepThread$Current$AddressCounterDebuggerDescriptionHandleInit_thread_footerInit_thread_headerModulePerformancePresentProcQuery
                                                                                                                                                              • String ID: 0G@$Kernel32.dll$SetThreadDescription
                                                                                                                                                              • API String ID: 1521186505-3431212553
                                                                                                                                                              • Opcode ID: e5b28951f49edc96e6bb24bc9816b3f1abc2dd2a1afb32996ac696a44ed4055c
                                                                                                                                                              • Instruction ID: 99eaad62d557103ee31f1dd074f1fd0a9e82bb7ad6a04b9e57d528eaf3e1b92b
                                                                                                                                                              • Opcode Fuzzy Hash: e5b28951f49edc96e6bb24bc9816b3f1abc2dd2a1afb32996ac696a44ed4055c
                                                                                                                                                              • Instruction Fuzzy Hash: E981F4B1B002059BCB04DF78E88566F77E6BBC8310F14893EF95AD73C1DA34A94A8756
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004046C0 Relevance: 12.1, APIs: 8, Instructions: 105threadCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                              			E004046C0(void* __edx, intOrPtr* _a4) {
				intOrPtr _v0;
				signed int _v20;
				void* _v24;
				char _v28;
				intOrPtr* _v32;
				void* __edi;
				void* __esi;
				signed int _t17;
				void* _t21;
				void* _t22;
				void* _t23;
				int _t24;
				int _t29;
				void* _t33;
				void* _t39;
				intOrPtr* _t51;
				void* _t60;
				signed int _t64;
				void* _t65;
				void* _t66;

				_t60 = __edx;
				_t17 =  *0xae93a0; // 0xe041a7c9
				_t51 = _a4;
				_v20 = _t17 ^ _t64;
				_v32 =  *_t51;
				_t20 =  *((intOrPtr*)(_t51 + 8));
				if( *((intOrPtr*)(_t51 + 8)) != 1) {
					E00505C30(_t20); // executed
					_t65 = _t65 + 4;
				}
				_t21 = GetCurrentProcess();
				_t61 = _t21;
				_t22 = GetCurrentThread();
				_t23 = GetCurrentProcess();
				_t63 = 0;
				_t24 = DuplicateHandle(_t23, _t22, _t21,  &_v24, 0, 0, 2); // executed
				_t70 = _t24;
				_v28 = 0;
				if(_t24 == 0) {
					L0082CBF4(_a4);
					_t66 = _t65 + 4;
					 *((intOrPtr*)( *_v32))();
				} else {
					_t61 =  &_v28;
					E00382AB0( &_v28, _v24); // executed
					_t39 = E00504EF0(_t60);
					E00504F50(_t39, _t60, _t70,  *_t61, GetCurrentThreadId());
					L0082CBF4(_a4);
					_t66 = _t65 + 4;
					 *((intOrPtr*)( *_v32))(); // executed
					_t63 = E00504EF0(_t60);
					E005056F0(GetCurrentThreadId(), _t45, _t60, _t70,  *_t61, _t46);
				}
				_t29 = GetThreadPriority(GetCurrentThread());
				if(_t29 < 0 || _t29 == 4) {
					E00505C30(1);
					_t66 = _t66 + 4;
				}
				if(_v28 + 1 >= 2) {
					_t33 = E003DDCF0();
					_t63 =  &_v28;
					E00404D10( *_t63, _t63, _v0, _t33);
					E00404CC0( *_t63);
					 *_t63 = 0;
				}
				L0082CC31(_v20 ^ _t64, _t60, _t61, _t63);
				return 0;
			}























                                                                                                                                                              0x004046c0
                                                                                                                                                              0x004046c9
                                                                                                                                                              0x004046ce
                                                                                                                                                              0x004046d3
                                                                                                                                                              0x004046d8
                                                                                                                                                              0x004046db
                                                                                                                                                              0x004046e1
                                                                                                                                                              0x004046e4
                                                                                                                                                              0x004046e9
                                                                                                                                                              0x004046e9
                                                                                                                                                              0x004046f2
                                                                                                                                                              0x004046f4
                                                                                                                                                              0x004046f6
                                                                                                                                                              0x004046fe
                                                                                                                                                              0x00404700
                                                                                                                                                              0x0040470d
                                                                                                                                                              0x00404713
                                                                                                                                                              0x00404715
                                                                                                                                                              0x00404718
                                                                                                                                                              0x004047d6
                                                                                                                                                              0x004047db
                                                                                                                                                              0x004047e3
                                                                                                                                                              0x0040471e
                                                                                                                                                              0x0040471e
                                                                                                                                                              0x00404726
                                                                                                                                                              0x0040472b
                                                                                                                                                              0x0040473d
                                                                                                                                                              0x00404745
                                                                                                                                                              0x0040474a
                                                                                                                                                              0x00404752
                                                                                                                                                              0x00404759
                                                                                                                                                              0x00404766
                                                                                                                                                              0x00404766
                                                                                                                                                              0x00404772
                                                                                                                                                              0x0040477a
                                                                                                                                                              0x00404783
                                                                                                                                                              0x00404788
                                                                                                                                                              0x00404788
                                                                                                                                                              0x00404792
                                                                                                                                                              0x004047aa
                                                                                                                                                              0x004047af
                                                                                                                                                              0x004047b9
                                                                                                                                                              0x004047c3
                                                                                                                                                              0x004047cb
                                                                                                                                                              0x004047cb
                                                                                                                                                              0x00404799
                                                                                                                                                              0x004047a7

                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 004046F2
                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 004046F6
                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 004046FE
                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000,00000000,00000000,?,00000000,00000000,00000002), ref: 0040470D
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00404732
                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0040475B
                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 0040476B
                                                                                                                                                              • GetThreadPriority.KERNEL32(00000000), ref: 00404772
                                                                                                                                                                • Part of subcall function 00404D10: GetHandleVerifier.CHROMEDRIVER(?,00000000,00000000,?,004047BE,?,?,?,00000000), ref: 00404D1F
                                                                                                                                                                • Part of subcall function 00404CC0: GetHandleVerifier.CHROMEDRIVER(?,?,004047C8,?), ref: 00404CC7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Current$Thread$Handle$ProcessVerifier$DuplicatePriority
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3117138971-0
                                                                                                                                                              • Opcode ID: 0a128098b14d9b5b5102f9c992ce59422dbea61f9e5b0f27c48771793c2fc5d7
                                                                                                                                                              • Instruction ID: 7f036f7ee2d92b03679ee27fded7e6319effb13cd48ed65a8f8019cc64565983
                                                                                                                                                              • Opcode Fuzzy Hash: 0a128098b14d9b5b5102f9c992ce59422dbea61f9e5b0f27c48771793c2fc5d7
                                                                                                                                                              • Instruction Fuzzy Hash: F631A4F5A001559FDB10EFB4DC4AA6F7B69FF85310B000429FA05EB2A1DB369D51CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00505110 Relevance: 6.4, APIs: 4, Instructions: 398COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 99 505110-50513f call 3d1db0 call 403a10 104 505145-505156 99->104 105 505257-50526c call 82cb74 call 3ce640 99->105 107 505158-50515b 104->107 108 50515d-50517b call 1fa4c0 104->108 113 505271-50528f call 505a80 105->113 107->108 114 505181-50518d 108->114 115 50521e 108->115 123 505292-5052a0 113->123 118 505197-5051b2 call 1fa4c0 114->118 119 50518f-505195 114->119 117 505221-505229 115->117 117->105 121 50522b-505231 117->121 118->115 127 5051b4-5051c0 118->127 119->118 124 505233-505239 121->124 125 50523b 121->125 128 5052a6-5052b1 123->128 129 5054af 123->129 130 50523e-505251 call 1fa4c0 124->130 125->130 132 5051c2-5051c8 127->132 133 5051ca-5051e5 call 1fa4c0 127->133 134 5052b4-5052b6 128->134 137 5054b6-5054b9 129->137 130->105 130->137 132->133 133->115 142 5051e7-5051f3 133->142 138 5052c8-5052ca 134->138 139 5052b8-5052c6 134->139 137->123 138->129 141 5052d0-5052d3 138->141 139->134 141->129 143 5052d9-5052f7 141->143 146 5051f5-5051fb 142->146 147 5051fd-505218 call 1fa4c0 142->147 144 505543-505557 call 82cc77 143->144 145 5052fd-505307 143->145 144->145 156 50555d-505576 call 3f2a70 call 82cced 144->156 148 505309 145->148 149 50530b-50531e call 3f2a30 145->149 146->147 147->115 157 505501 147->157 148->149 158 505324-50532f 149->158 159 5053e8-5053ee 149->159 156->145 161 505504-505513 157->161 162 505331 158->162 163 505333-50533e 158->163 164 5053f4-5053fe 159->164 165 5054be-5054d1 ReleaseSRWLockExclusive 159->165 167 505515-50551b 161->167 168 50551d-50553b call 1fa4c0 161->168 162->163 163->159 184 505344-50534d 163->184 171 505404-505407 164->171 172 5054da-5054dc 164->172 170 50549b-5054ac call 82cc31 165->170 167->168 168->117 181 505541 168->181 177 505409-50540e 171->177 175 505432-505436 172->175 182 505438-505468 call 82cb74 175->182 183 505479-50548e ReleaseSRWLockExclusive 175->183 185 505410-505412 177->185 186 505422-505428 177->186 181->161 198 5054d3-5054d8 182->198 199 50546a-505476 call 1f4040 182->199 190 505490 183->190 191 505492-505498 call 507ce0 183->191 192 505351-50535c 184->192 193 50534f 184->193 194 505430 185->194 195 505414-50541c 185->195 187 50542a-50542e 186->187 188 50541e-505420 186->188 187->175 188->177 190->191 191->170 192->159 203 505362-50536b 192->203 193->192 194->175 195->188 195->194 198->199 199->183 204 50536d 203->204 205 50536f-50537a 203->205 204->205 205->159 208 50537c-505385 205->208 209 505387 208->209 210 505389-505394 208->210 209->210 210->159 212 505396-50539f 210->212 213 5053a1 212->213 214 5053a3-5053ae 212->214 213->214 214->159 216 5053b0-5053b9 214->216 217 5053bb 216->217 218 5053bd-5053c8 216->218 217->218 218->159 220 5053ca-5053d3 218->220 221 5053d5 220->221 222 5053d7-5053e2 220->222 221->222 222->159 224 5054e1-5054ea 222->224 225 5054ec 224->225 226 5054ee-5054f9 224->226 225->226 226->159 228 5054ff 226->228 228->224
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E00505110(intOrPtr __ecx, void* __edx, void* __eflags, intOrPtr* _a4) {
				signed int _v20;
				signed int _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t155;
				signed int _t156;
				intOrPtr _t159;
				intOrPtr _t164;
				intOrPtr* _t166;
				intOrPtr* _t168;
				intOrPtr* _t172;
				intOrPtr* _t173;
				intOrPtr* _t175;
				intOrPtr* _t180;
				intOrPtr* _t182;
				intOrPtr* _t184;
				intOrPtr* _t185;
				intOrPtr* _t187;
				intOrPtr* _t188;
				intOrPtr* _t190;
				intOrPtr* _t191;
				intOrPtr* _t193;
				intOrPtr* _t194;
				intOrPtr* _t196;
				intOrPtr* _t197;
				intOrPtr* _t199;
				intOrPtr* _t200;
				intOrPtr* _t202;
				intOrPtr _t208;
				signed int _t210;
				signed int _t212;
				signed int _t214;
				unsigned int _t215;
				signed int _t216;
				unsigned int _t217;
				signed int _t218;
				intOrPtr _t220;
				signed int _t221;
				unsigned int _t222;
				intOrPtr _t223;
				intOrPtr _t224;
				intOrPtr* _t225;
				intOrPtr _t226;
				intOrPtr _t227;
				intOrPtr _t228;
				intOrPtr _t229;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t241;
				intOrPtr _t242;
				intOrPtr* _t243;
				intOrPtr* _t244;
				intOrPtr* _t245;
				intOrPtr* _t246;
				intOrPtr* _t247;
				intOrPtr* _t248;
				intOrPtr* _t249;
				intOrPtr* _t250;
				void* _t254;
				intOrPtr _t257;
				void* _t259;
				void* _t262;
				void* _t265;
				void* _t268;
				intOrPtr _t273;
				intOrPtr* _t275;
				intOrPtr* _t276;
				intOrPtr _t277;
				intOrPtr _t278;
				intOrPtr _t279;
				intOrPtr _t280;
				intOrPtr* _t285;
				intOrPtr* _t286;
				intOrPtr _t287;
				intOrPtr _t288;
				intOrPtr* _t289;
				intOrPtr* _t290;
				intOrPtr _t291;
				intOrPtr _t292;
				intOrPtr* _t293;
				intOrPtr* _t294;
				void* _t295;
				signed int _t296;
				void* _t297;
				void* _t299;

				_t155 =  *0xae93a0; // 0xe041a7c9
				_t285 = _a4;
				_t224 = __ecx;
				_t156 = _t155 ^ _t296;
				_v20 = _t156;
				E003D1DB0();
				_v52 = _t156;
				L00403A10(__ecx, __edx);
				_t291 =  *((intOrPtr*)(__ecx + 8));
				_v44 = __ecx;
				if(_t291 == 0) {
					L19:
					_t53 = _t224 + 4; // 0x4
					_v40 = _t53;
					_push(0xc);
					_t159 = E0082CB74();
					_t297 = _t297 + 4;
					_t292 = _t159;
					E003CE640(_t159, _t224, _t159, _t285, _t292, _t285);
					_v36 = _t285;
					_push( &_v32);
					_t286 =  &_v28;
					E00505A80(_v40, _t286, _t285, 0xa5a19b,  &_v36);
					 *((intOrPtr*)( *_t286 + 0x1c)) = _t292;
					L20:
					_t287 =  *((intOrPtr*)(_t224 + 0x14));
					_v40 = _t292;
					_t293 = _v52;
					_t63 = _t224 + 0x14; // 0x14
					_t273 = _t63;
					if(_t287 == 0) {
						L68:
						_t288 = _t273;
						L26:
						_v56 = _t273;
						_t274 =  *[fs:0x2c];
						_t164 =  *0xaee1c4; // 0x80000010
						_t234 =  *0xaee0a8; // 0x0
						if(_t164 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t234 * 4)) + 0x18))) {
							E0082CC77(_t164, 0xaee1c4);
							_t297 = _t297 + 4;
							if( *0xaee1c4 == 0xffffffff) {
								E003F2A70(0xaee1bc, 0);
								E0082CCED(0xaee1c4);
								_t297 = _t297 + 4;
							}
						}
						_t166 = _v40;
						_v48 = _t288;
						if( *((char*)(_t166 + 0xb)) < 0) {
							_t166 =  *_t166;
						}
						E003F2A30(0xaee1bc, _t166); // executed
						_t289 =  *((intOrPtr*)(_t224 + 0x30));
						_t168 =  *((intOrPtr*)(_t224 + 0x34));
						if(_t289 == _t168) {
							L51:
							_t237 = _v48;
							if(_t237 == _v56) {
								 *((intOrPtr*)(_t224 + 0x28)) = _v40;
								 *(_t224 + 0x2c) = _v52;
								__imp__ReleaseSRWLockExclusive(_t224);
								L67:
								return L0082CC31(_v20 ^ _t296, _t274, _t289, _t293);
							}
							_t225 = _t224 + 0x20;
							_t172 =  *((intOrPtr*)(_t224 + 0x20));
							if(_t172 == 0) {
								_t294 = _t225;
								L61:
								_t289 =  *_t294;
								if(_t289 == 0) {
									_push(0x18);
									_t175 = E0082CB74();
									_t299 = _t297 + 4;
									_t289 = _t175;
									 *((intOrPtr*)(_t289 + 0x10)) =  *((intOrPtr*)(_v48 + 0x14));
									 *((intOrPtr*)(_t289 + 0x14)) = 0;
									 *_t289 = 0;
									 *((intOrPtr*)(_t289 + 4)) = 0;
									 *((intOrPtr*)(_t289 + 8)) = _t225;
									_t226 = _v44;
									 *_t294 = _t289;
									_t241 =  *((intOrPtr*)( *((intOrPtr*)(_t226 + 0x1c))));
									_t180 = _t289;
									if(_t241 != 0) {
										 *((intOrPtr*)(_t226 + 0x1c)) = _t241;
										_t180 =  *_t294;
									}
									E001F4040( *((intOrPtr*)(_t226 + 0x20)), _t180);
									_t297 = _t299 + 8;
									 *((intOrPtr*)(_t226 + 0x24)) =  *((intOrPtr*)(_t226 + 0x24)) + 1;
								}
								_t293 = _v40;
								 *((intOrPtr*)(_t289 + 0x14)) = _t293;
								__imp__ReleaseSRWLockExclusive(_v44);
								_t173 = _t293;
								if( *((char*)(_t293 + 0xb)) < 0) {
									_t173 =  *_t173;
								}
								E00507CE0(_t173);
								goto L67;
							}
							_t242 =  *((intOrPtr*)(_t237 + 0x14));
							_t294 = _t225;
							while(1) {
								_t274 =  *((intOrPtr*)(_t172 + 0x10));
								if(_t242 < _t274) {
									goto L58;
								}
								if(_t274 >= _t242) {
									L60:
									_t225 = _t172;
									goto L61;
								}
								_t274 =  *((intOrPtr*)(_t172 + 4));
								_t294 = _t172 + 4;
								if(_t274 == 0) {
									goto L60;
								}
								L57:
								_t172 = _t274;
								continue;
								L58:
								_t274 =  *_t172;
								_t294 = _t172;
								if(_t274 != 0) {
									goto L57;
								}
								_t225 = _t172;
								_t294 = _t172;
								goto L61;
							}
						} else {
							_t293 = _t168;
							_t182 = _v40;
							_t243 =  *_t289;
							if( *((char*)(_t182 + 0xb)) < 0) {
								_t182 =  *_t182;
							}
							_t274 =  *_t243;
							 *((intOrPtr*)( *_t243 + 4))(_t182);
							_t184 = _t289 + 4;
							if(_t184 != _t293) {
								_t244 =  *_t184;
								_t185 = _v40;
								if( *((char*)(_t185 + 0xb)) < 0) {
									_t185 =  *_t185;
								}
								_t274 =  *_t244;
								 *((intOrPtr*)( *_t244 + 4))(_t185);
								_t187 = _t289 + 8;
								if(_t187 != _t293) {
									_t245 =  *_t187;
									_t188 = _v40;
									if( *((char*)(_t188 + 0xb)) < 0) {
										_t188 =  *_t188;
									}
									_t274 =  *_t245;
									 *((intOrPtr*)( *_t245 + 4))(_t188);
									_t190 = _t289 + 0xc;
									if(_t190 != _t293) {
										_t246 =  *_t190;
										_t191 = _v40;
										if( *((char*)(_t191 + 0xb)) < 0) {
											_t191 =  *_t191;
										}
										_t274 =  *_t246;
										 *((intOrPtr*)( *_t246 + 4))(_t191);
										_t193 = _t289 + 0x10;
										if(_t193 != _t293) {
											_t247 =  *_t193;
											_t194 = _v40;
											if( *((char*)(_t194 + 0xb)) < 0) {
												_t194 =  *_t194;
											}
											_t274 =  *_t247;
											 *((intOrPtr*)( *_t247 + 4))(_t194);
											_t196 = _t289 + 0x14;
											if(_t196 != _t293) {
												_t248 =  *_t196;
												_t197 = _v40;
												if( *((char*)(_t197 + 0xb)) < 0) {
													_t197 =  *_t197;
												}
												_t274 =  *_t248;
												 *((intOrPtr*)( *_t248 + 4))(_t197);
												_t199 = _t289 + 0x18;
												if(_t199 != _t293) {
													_t249 =  *_t199;
													_t200 = _v40;
													if( *((char*)(_t200 + 0xb)) < 0) {
														_t200 =  *_t200;
													}
													_t274 =  *_t249;
													 *((intOrPtr*)( *_t249 + 4))(_t200);
													_t289 = _t289 + 0x1c;
													if(_t289 != _t293) {
														while(1) {
															_t202 = _v40;
															_t250 =  *_t289;
															if( *((char*)(_t202 + 0xb)) < 0) {
																_t202 =  *_t202;
															}
															_t274 =  *_t250;
															 *((intOrPtr*)( *_t250 + 4))(_t202);
															_t289 = _t289 + 4;
															if(_t293 == _t289) {
																goto L51;
															}
														}
													}
												}
											}
										}
									}
								}
							}
							goto L51;
						}
					}
					_t208 =  *((intOrPtr*)(_t287 + (0 |  *((intOrPtr*)(_t287 + 0x10)) - _t293 > 0x00000000) * 4));
					_t288 =  <  ? _t273 : _t287;
					while(_t208 != 0) {
						_t288 =  >=  ? _t208 : _t288;
						_t208 =  *((intOrPtr*)(_t208 + (0 |  *((intOrPtr*)(_t208 + 0x10)) - _t293 > 0x00000000) * 4));
					}
					if(_t288 == _t273 || _t293 <  *((intOrPtr*)(_t288 + 0x10))) {
						goto L68;
					} else {
						goto L26;
					}
				}
				_t6 = _t224 + 8; // 0x8
				_t254 = _t291 + 0x10;
				_t275 = _t285;
				_v40 = _t6;
				_t9 = _t285 + 0xb; // 0x38a10000
				_t210 =  *_t9 & 0x000000ff;
				if(_t210 < 0) {
					_t10 = _t285 + 4; // 0x8b6400ae
					_t210 =  *_t10;
					_t275 =  *_t285;
				}
				_t290 =  &_v28;
				 *_t290 = _t275;
				 *(_t290 + 4) = _t210;
				_t227 =  *((intOrPtr*)(_t291 + (E001FA4C0(_t210, _t254, _t290) >> 0x1f) * 4));
				_t295 =  <  ? _v40 : _t291;
				if(_t227 == 0) {
					L13:
					_t224 = _v44;
					goto L14;
				} else {
					_t277 = _a4;
					_t17 = _t227 + 0x10; // 0x10
					_t259 = _t17;
					_t18 = _t277 + 0xb; // 0x38a10000
					_t214 =  *_t18 & 0x000000ff;
					if(_t214 < 0) {
						_t20 = _a4 + 4; // 0x8b6400ae
						_t214 =  *_t20;
						_t277 =  *_a4;
					}
					_v28 = _t277;
					_v24 = _t214;
					_t215 = E001FA4C0(_t214, _t259, _t290);
					_t295 =  >=  ? _t227 : _t295;
					_t228 =  *((intOrPtr*)(_t227 + (_t215 >> 0x1f) * 4));
					if(_t228 == 0) {
						goto L13;
					} else {
						_t278 = _a4;
						_t262 = _t228 + 0x10;
						_t27 = _t278 + 0xb; // 0x38a10000
						_t216 =  *_t27 & 0x000000ff;
						if(_t216 < 0) {
							_t29 = _a4 + 4; // 0x8b6400ae
							_t216 =  *_t29;
							_t278 =  *_a4;
						}
						_v28 = _t278;
						_v24 = _t216;
						_t217 = E001FA4C0(_t216, _t262, _t290);
						_t295 =  >=  ? _t228 : _t295;
						_t229 =  *((intOrPtr*)(_t228 + (_t217 >> 0x1f) * 4));
						if(_t229 == 0) {
							goto L13;
						} else {
							_t279 = _a4;
							_t265 = _t229 + 0x10;
							_t36 = _t279 + 0xb; // 0x38a10000
							_t218 =  *_t36 & 0x000000ff;
							if(_t218 < 0) {
								_t38 = _a4 + 4; // 0x8b6400ae
								_t218 =  *_t38;
								_t279 =  *_a4;
							}
							_v28 = _t279;
							_v24 = _t218;
							_t220 =  *((intOrPtr*)(_t229 + (E001FA4C0(_t218, _t265, _t290) >> 0x1f) * 4));
							_t295 =  >=  ? _t229 : _t295;
							if(_t220 != 0) {
								_t224 = _v44;
								while(1) {
									_t280 = _a4;
									_v48 = _t220;
									_t146 = _t220 + 0x10; // 0x10
									_t268 = _t146;
									_t147 = _t280 + 0xb; // 0x38a10000
									_t221 =  *_t147 & 0x000000ff;
									if(_t221 < 0) {
										_t149 = _a4 + 4; // 0x8b6400ae
										_t221 =  *_t149;
										_t280 =  *_a4;
									}
									_v28 = _t280;
									_v24 = _t221;
									_t222 = E001FA4C0(_t221, _t268, _t290);
									_t223 = _v48;
									_t295 =  >=  ? _t223 : _t295;
									_t220 =  *((intOrPtr*)(_t223 + (_t222 >> 0x1f) * 4));
									if(_t220 == 0) {
										break;
									}
								}
								L14:
								_t276 = _t290;
								_t285 = _a4;
								if(_t295 == _v40) {
									goto L19;
								}
								_t212 =  *(_t295 + 0x1b) & 0x000000ff;
								if(_t212 >= 0) {
									_t257 = _t295 + 0x10;
								} else {
									_t212 =  *(_t295 + 0x14);
									_t257 =  *((intOrPtr*)(_t295 + 0x10));
								}
								_t285 = _a4;
								_v28 = _t257;
								_v24 = _t212;
								if(E001FA4C0(_t212, _t285, _t276) >= 0) {
									_t292 =  *((intOrPtr*)(_t295 + 0x1c));
									goto L20;
								} else {
									goto L19;
								}
							} else {
								goto L13;
							}
						}
					}
				}
			}

































































































                                                                                                                                                              0x00505119
                                                                                                                                                              0x0050511e
                                                                                                                                                              0x00505121
                                                                                                                                                              0x00505123
                                                                                                                                                              0x00505125
                                                                                                                                                              0x00505128
                                                                                                                                                              0x0050512f
                                                                                                                                                              0x00505132
                                                                                                                                                              0x00505137
                                                                                                                                                              0x0050513a
                                                                                                                                                              0x0050513f
                                                                                                                                                              0x00505257
                                                                                                                                                              0x00505257
                                                                                                                                                              0x0050525a
                                                                                                                                                              0x0050525d
                                                                                                                                                              0x0050525f
                                                                                                                                                              0x00505264
                                                                                                                                                              0x00505267
                                                                                                                                                              0x0050526c
                                                                                                                                                              0x0050527a
                                                                                                                                                              0x0050527c
                                                                                                                                                              0x00505284
                                                                                                                                                              0x00505288
                                                                                                                                                              0x0050528f
                                                                                                                                                              0x00505292
                                                                                                                                                              0x00505292
                                                                                                                                                              0x00505295
                                                                                                                                                              0x00505298
                                                                                                                                                              0x0050529b
                                                                                                                                                              0x0050529b
                                                                                                                                                              0x005052a0
                                                                                                                                                              0x005054af
                                                                                                                                                              0x005054af
                                                                                                                                                              0x005052d9
                                                                                                                                                              0x005052d9
                                                                                                                                                              0x005052dc
                                                                                                                                                              0x005052e3
                                                                                                                                                              0x005052e8
                                                                                                                                                              0x005052f7
                                                                                                                                                              0x00505548
                                                                                                                                                              0x0050554d
                                                                                                                                                              0x00505557
                                                                                                                                                              0x00505564
                                                                                                                                                              0x0050556e
                                                                                                                                                              0x00505573
                                                                                                                                                              0x00505573
                                                                                                                                                              0x00505557
                                                                                                                                                              0x005052fd
                                                                                                                                                              0x00505300
                                                                                                                                                              0x00505307
                                                                                                                                                              0x00505309
                                                                                                                                                              0x00505309
                                                                                                                                                              0x00505311
                                                                                                                                                              0x00505316
                                                                                                                                                              0x00505319
                                                                                                                                                              0x0050531e
                                                                                                                                                              0x005053e8
                                                                                                                                                              0x005053e8
                                                                                                                                                              0x005053ee
                                                                                                                                                              0x005054c4
                                                                                                                                                              0x005054c7
                                                                                                                                                              0x005054cb
                                                                                                                                                              0x0050549b
                                                                                                                                                              0x005054ac
                                                                                                                                                              0x005054ac
                                                                                                                                                              0x005053f6
                                                                                                                                                              0x005053f9
                                                                                                                                                              0x005053fe
                                                                                                                                                              0x005054da
                                                                                                                                                              0x00505432
                                                                                                                                                              0x00505432
                                                                                                                                                              0x00505436
                                                                                                                                                              0x00505438
                                                                                                                                                              0x0050543a
                                                                                                                                                              0x0050543f
                                                                                                                                                              0x00505442
                                                                                                                                                              0x0050544a
                                                                                                                                                              0x0050544f
                                                                                                                                                              0x00505452
                                                                                                                                                              0x00505454
                                                                                                                                                              0x00505457
                                                                                                                                                              0x0050545a
                                                                                                                                                              0x0050545d
                                                                                                                                                              0x00505462
                                                                                                                                                              0x00505464
                                                                                                                                                              0x00505468
                                                                                                                                                              0x005054d3
                                                                                                                                                              0x005054d6
                                                                                                                                                              0x005054d6
                                                                                                                                                              0x0050546e
                                                                                                                                                              0x00505473
                                                                                                                                                              0x00505476
                                                                                                                                                              0x00505476
                                                                                                                                                              0x00505479
                                                                                                                                                              0x0050547c
                                                                                                                                                              0x00505482
                                                                                                                                                              0x0050548c
                                                                                                                                                              0x0050548e
                                                                                                                                                              0x00505490
                                                                                                                                                              0x00505490
                                                                                                                                                              0x00505493
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00505498
                                                                                                                                                              0x00505404
                                                                                                                                                              0x00505407
                                                                                                                                                              0x00505409
                                                                                                                                                              0x00505409
                                                                                                                                                              0x0050540e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00505412
                                                                                                                                                              0x00505430
                                                                                                                                                              0x00505430
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00505430
                                                                                                                                                              0x00505414
                                                                                                                                                              0x00505417
                                                                                                                                                              0x0050541c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0050541e
                                                                                                                                                              0x0050541e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00505422
                                                                                                                                                              0x00505422
                                                                                                                                                              0x00505424
                                                                                                                                                              0x00505428
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0050542a
                                                                                                                                                              0x0050542c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0050542c
                                                                                                                                                              0x00505324
                                                                                                                                                              0x00505324
                                                                                                                                                              0x00505326
                                                                                                                                                              0x00505329
                                                                                                                                                              0x0050532f
                                                                                                                                                              0x00505331
                                                                                                                                                              0x00505331
                                                                                                                                                              0x00505333
                                                                                                                                                              0x00505336
                                                                                                                                                              0x00505339
                                                                                                                                                              0x0050533e
                                                                                                                                                              0x00505344
                                                                                                                                                              0x00505346
                                                                                                                                                              0x0050534d
                                                                                                                                                              0x0050534f
                                                                                                                                                              0x0050534f
                                                                                                                                                              0x00505351
                                                                                                                                                              0x00505354
                                                                                                                                                              0x00505357
                                                                                                                                                              0x0050535c
                                                                                                                                                              0x00505362
                                                                                                                                                              0x00505364
                                                                                                                                                              0x0050536b
                                                                                                                                                              0x0050536d
                                                                                                                                                              0x0050536d
                                                                                                                                                              0x0050536f
                                                                                                                                                              0x00505372
                                                                                                                                                              0x00505375
                                                                                                                                                              0x0050537a
                                                                                                                                                              0x0050537c
                                                                                                                                                              0x0050537e
                                                                                                                                                              0x00505385
                                                                                                                                                              0x00505387
                                                                                                                                                              0x00505387
                                                                                                                                                              0x00505389
                                                                                                                                                              0x0050538c
                                                                                                                                                              0x0050538f
                                                                                                                                                              0x00505394
                                                                                                                                                              0x00505396
                                                                                                                                                              0x00505398
                                                                                                                                                              0x0050539f
                                                                                                                                                              0x005053a1
                                                                                                                                                              0x005053a1
                                                                                                                                                              0x005053a3
                                                                                                                                                              0x005053a6
                                                                                                                                                              0x005053a9
                                                                                                                                                              0x005053ae
                                                                                                                                                              0x005053b0
                                                                                                                                                              0x005053b2
                                                                                                                                                              0x005053b9
                                                                                                                                                              0x005053bb
                                                                                                                                                              0x005053bb
                                                                                                                                                              0x005053bd
                                                                                                                                                              0x005053c0
                                                                                                                                                              0x005053c3
                                                                                                                                                              0x005053c8
                                                                                                                                                              0x005053ca
                                                                                                                                                              0x005053cc
                                                                                                                                                              0x005053d3
                                                                                                                                                              0x005053d5
                                                                                                                                                              0x005053d5
                                                                                                                                                              0x005053d7
                                                                                                                                                              0x005053da
                                                                                                                                                              0x005053dd
                                                                                                                                                              0x005053e2
                                                                                                                                                              0x005054e1
                                                                                                                                                              0x005054e1
                                                                                                                                                              0x005054e4
                                                                                                                                                              0x005054ea
                                                                                                                                                              0x005054ec
                                                                                                                                                              0x005054ec
                                                                                                                                                              0x005054ee
                                                                                                                                                              0x005054f1
                                                                                                                                                              0x005054f4
                                                                                                                                                              0x005054f9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x005054ff
                                                                                                                                                              0x005054e1
                                                                                                                                                              0x005053e2
                                                                                                                                                              0x005053c8
                                                                                                                                                              0x005053ae
                                                                                                                                                              0x00505394
                                                                                                                                                              0x0050537a
                                                                                                                                                              0x0050535c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0050533e
                                                                                                                                                              0x0050531e
                                                                                                                                                              0x005052ae
                                                                                                                                                              0x005052b1
                                                                                                                                                              0x005052b4
                                                                                                                                                              0x005052c0
                                                                                                                                                              0x005052c3
                                                                                                                                                              0x005052c3
                                                                                                                                                              0x005052ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x005052ca
                                                                                                                                                              0x00505145
                                                                                                                                                              0x00505148
                                                                                                                                                              0x0050514b
                                                                                                                                                              0x0050514d
                                                                                                                                                              0x00505150
                                                                                                                                                              0x00505150
                                                                                                                                                              0x00505156
                                                                                                                                                              0x00505158
                                                                                                                                                              0x00505158
                                                                                                                                                              0x0050515b
                                                                                                                                                              0x0050515b
                                                                                                                                                              0x0050515d
                                                                                                                                                              0x00505160
                                                                                                                                                              0x00505162
                                                                                                                                                              0x00505172
                                                                                                                                                              0x00505175
                                                                                                                                                              0x0050517b
                                                                                                                                                              0x0050521e
                                                                                                                                                              0x0050521e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00505181
                                                                                                                                                              0x00505181
                                                                                                                                                              0x00505184
                                                                                                                                                              0x00505184
                                                                                                                                                              0x00505187
                                                                                                                                                              0x00505187
                                                                                                                                                              0x0050518d
                                                                                                                                                              0x00505192
                                                                                                                                                              0x00505192
                                                                                                                                                              0x00505195
                                                                                                                                                              0x00505195
                                                                                                                                                              0x00505197
                                                                                                                                                              0x0050519a
                                                                                                                                                              0x0050519e
                                                                                                                                                              0x005051aa
                                                                                                                                                              0x005051ad
                                                                                                                                                              0x005051b2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x005051b4
                                                                                                                                                              0x005051b4
                                                                                                                                                              0x005051b7
                                                                                                                                                              0x005051ba
                                                                                                                                                              0x005051ba
                                                                                                                                                              0x005051c0
                                                                                                                                                              0x005051c5
                                                                                                                                                              0x005051c5
                                                                                                                                                              0x005051c8
                                                                                                                                                              0x005051c8
                                                                                                                                                              0x005051ca
                                                                                                                                                              0x005051cd
                                                                                                                                                              0x005051d1
                                                                                                                                                              0x005051dd
                                                                                                                                                              0x005051e0
                                                                                                                                                              0x005051e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x005051e7
                                                                                                                                                              0x005051e7
                                                                                                                                                              0x005051ea
                                                                                                                                                              0x005051ed
                                                                                                                                                              0x005051ed
                                                                                                                                                              0x005051f3
                                                                                                                                                              0x005051f8
                                                                                                                                                              0x005051f8
                                                                                                                                                              0x005051fb
                                                                                                                                                              0x005051fb
                                                                                                                                                              0x005051fd
                                                                                                                                                              0x00505200
                                                                                                                                                              0x00505210
                                                                                                                                                              0x00505213
                                                                                                                                                              0x00505218
                                                                                                                                                              0x00505501
                                                                                                                                                              0x00505504
                                                                                                                                                              0x00505504
                                                                                                                                                              0x00505507
                                                                                                                                                              0x0050550a
                                                                                                                                                              0x0050550a
                                                                                                                                                              0x0050550d
                                                                                                                                                              0x0050550d
                                                                                                                                                              0x00505513
                                                                                                                                                              0x00505518
                                                                                                                                                              0x00505518
                                                                                                                                                              0x0050551b
                                                                                                                                                              0x0050551b
                                                                                                                                                              0x0050551d
                                                                                                                                                              0x00505520
                                                                                                                                                              0x00505524
                                                                                                                                                              0x00505530
                                                                                                                                                              0x00505533
                                                                                                                                                              0x00505536
                                                                                                                                                              0x0050553b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00505541
                                                                                                                                                              0x00505221
                                                                                                                                                              0x00505221
                                                                                                                                                              0x00505226
                                                                                                                                                              0x00505229
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0050522b
                                                                                                                                                              0x00505231
                                                                                                                                                              0x0050523b
                                                                                                                                                              0x00505233
                                                                                                                                                              0x00505233
                                                                                                                                                              0x00505236
                                                                                                                                                              0x00505236
                                                                                                                                                              0x0050523e
                                                                                                                                                              0x00505241
                                                                                                                                                              0x00505244
                                                                                                                                                              0x00505251
                                                                                                                                                              0x005054b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00505218
                                                                                                                                                              0x005051e5
                                                                                                                                                              0x005051b2

                                                                                                                                                              APIs
                                                                                                                                                              • ReleaseSRWLockExclusive.KERNEL32(?,?,004041F3,?,?,?,?,?,-00000001,7FFFFFFF,-00000001,?,004041F3,-00000001,?,7FFFFFFF), ref: 00505482
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExclusiveLockRelease
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1766480654-0
                                                                                                                                                              • Opcode ID: e18a7670b803716e1a258fab4022029f6a2516a27e2dfb686623c139a9823c46
                                                                                                                                                              • Instruction ID: c31c1942e584bc5afb7ab769d01c2981d22c883807425f0ece3d1ed183884e27
                                                                                                                                                              • Opcode Fuzzy Hash: e18a7670b803716e1a258fab4022029f6a2516a27e2dfb686623c139a9823c46
                                                                                                                                                              • Instruction Fuzzy Hash: 9BF15074A006069FCF14CF64C484AAEBBF5BF89304B5585A9E909EB395E730ED81CF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 003F2820 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 33%
                                                                                                                                                              			E003F2820(void* __ebx) {
				signed int _v20;
				char _v2065;
				char _v2068;
				long _v2072;
				void* __edi;
				void* __esi;
				signed int _t33;
				long _t35;
				void* _t36;
				void* _t37;
				intOrPtr _t38;
				signed int _t46;
				intOrPtr _t47;
				signed int _t57;
				signed int* _t68;
				signed int _t69;
				void* _t76;
				intOrPtr _t79;
				long* _t84;
				signed int* _t85;
				signed int _t87;
				signed int _t89;
				void* _t91;
				void* _t92;
				void* _t93;

				_push(_t84);
				_t92 = _t91 - 0x808;
				_t33 =  *0xae93a0; // 0xe041a7c9
				_v20 = _t33 ^ _t89;
				_t35 =  *0xae82a0; // 0x22
				_v2072 = _t35;
				if(_t35 == 0xffffffff) {
					_t84 =  &_v2072;
					_t36 = E00501500(_t84);
					_t92 = _t92 + 4;
					if(_t36 == 0) {
						goto L8;
					} else {
						_t68 = _v2072;
						if(_t68 == 0xffffffff) {
							goto L9;
						} else {
							goto L5;
						}
					}
				} else {
					L1:
					if((TlsGetValue(_t35) & 0x00000003) != 0) {
						asm("int3");
						asm("ud2");
						L8:
						asm("int3");
						asm("ud2");
						L9:
						_t37 = E00501500(_t84);
						_t93 = _t92 + 4;
						if(_t37 == 0 || _v2072 == 0xffffffff) {
							asm("int3");
							asm("ud2");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t89);
							_push(_t78);
							_push(_t84);
							_t85 = _t68;
							_t69 =  *0xaee0a8; // 0x0
							_t77 =  *[fs:0x2c];
							_t38 =  *0xaec5e0; // 0x8000000a
							if(_t38 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t69 * 4)) + 0x18))) {
								E0082CC77(_t38, 0xaec5e0);
								if( *0xaec5e0 == 0xffffffff) {
									_push(4);
									_t47 = E0082CB74();
									E00397A30(_t47);
									 *0xaec5dc = _t47;
									E0082CCED(0xaec5e0);
								}
							}
							_t79 =  *0xaec5dc; // 0x52fe1b8
							L00403A10(_t79, _t77);
							 *((intOrPtr*)(0xaeb9dc + ( *_t85 +  *_t85 * 2) * 4)) = 0;
							 *((intOrPtr*)(0xaeb9e0 + ( *_t85 +  *_t85 * 2) * 4)) = 0;
							_t46 =  *_t85 +  *_t85 * 2;
							 *((intOrPtr*)(0xaeb9e4 + _t46 * 4)) =  *((intOrPtr*)(0xaeb9e4 + _t46 * 4)) + 1;
							__imp__ReleaseSRWLockExclusive(_t79);
							 *_t85 = 0xffffffff;
							return _t46;
						} else {
							E00501520(0xffffffff);
							_t92 = _t93 + 4;
							_t68 = _v2072;
							L5:
							asm("lock cmpxchg [0xae82a0], ecx");
							_t35 = _v2072;
							if(0xffffffffffffffff != 0) {
								E00501520(_t35);
								_t92 = _t92 + 4;
								_t35 =  *0xae82a0; // 0x22
								_v2072 = _t35;
							}
							goto L1;
						}
					} else {
						E00830E60(0x800,  &_v2068, 0, 0x800);
						E00501530(_v2072,  &_v2065);
						_push(0x800); // executed
						_t57 = E0082CC23(); // executed
						_t87 = _t57;
						E00830360(_t57,  &_v2068, 0x800);
						E00501530(_v2072, _t87 | 0x00000003);
						L0082CC31(_v20 ^ _t89, _t76, 0x800, _t87);
						return _t87;
					}
				}
			}




























                                                                                                                                                              0x003f2825
                                                                                                                                                              0x003f2826
                                                                                                                                                              0x003f282c
                                                                                                                                                              0x003f2833
                                                                                                                                                              0x003f2836
                                                                                                                                                              0x003f283e
                                                                                                                                                              0x003f2844
                                                                                                                                                              0x003f28c2
                                                                                                                                                              0x003f28c9
                                                                                                                                                              0x003f28ce
                                                                                                                                                              0x003f28d3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f28d5
                                                                                                                                                              0x003f28d5
                                                                                                                                                              0x003f28de
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f28de
                                                                                                                                                              0x003f2846
                                                                                                                                                              0x003f2846
                                                                                                                                                              0x003f284f
                                                                                                                                                              0x003f2910
                                                                                                                                                              0x003f2911
                                                                                                                                                              0x003f2913
                                                                                                                                                              0x003f2913
                                                                                                                                                              0x003f2914
                                                                                                                                                              0x003f2916
                                                                                                                                                              0x003f2917
                                                                                                                                                              0x003f291c
                                                                                                                                                              0x003f2921
                                                                                                                                                              0x003f293e
                                                                                                                                                              0x003f293f
                                                                                                                                                              0x003f2941
                                                                                                                                                              0x003f2942
                                                                                                                                                              0x003f2943
                                                                                                                                                              0x003f2944
                                                                                                                                                              0x003f2945
                                                                                                                                                              0x003f2946
                                                                                                                                                              0x003f2947
                                                                                                                                                              0x003f2948
                                                                                                                                                              0x003f2949
                                                                                                                                                              0x003f294a
                                                                                                                                                              0x003f294b
                                                                                                                                                              0x003f294c
                                                                                                                                                              0x003f294d
                                                                                                                                                              0x003f294e
                                                                                                                                                              0x003f294f
                                                                                                                                                              0x003f2950
                                                                                                                                                              0x003f2953
                                                                                                                                                              0x003f2954
                                                                                                                                                              0x003f2955
                                                                                                                                                              0x003f2957
                                                                                                                                                              0x003f295d
                                                                                                                                                              0x003f2964
                                                                                                                                                              0x003f2972
                                                                                                                                                              0x003f29bd
                                                                                                                                                              0x003f29cc
                                                                                                                                                              0x003f29ce
                                                                                                                                                              0x003f29d0
                                                                                                                                                              0x003f29dc
                                                                                                                                                              0x003f29e1
                                                                                                                                                              0x003f29ec
                                                                                                                                                              0x003f29f1
                                                                                                                                                              0x003f29cc
                                                                                                                                                              0x003f2974
                                                                                                                                                              0x003f297c
                                                                                                                                                              0x003f2988
                                                                                                                                                              0x003f2994
                                                                                                                                                              0x003f299d
                                                                                                                                                              0x003f29a0
                                                                                                                                                              0x003f29a8
                                                                                                                                                              0x003f29ae
                                                                                                                                                              0x003f29b7
                                                                                                                                                              0x003f292c
                                                                                                                                                              0x003f292e
                                                                                                                                                              0x003f2933
                                                                                                                                                              0x003f2936
                                                                                                                                                              0x003f28e0
                                                                                                                                                              0x003f28e3
                                                                                                                                                              0x003f28eb
                                                                                                                                                              0x003f28f1
                                                                                                                                                              0x003f28f8
                                                                                                                                                              0x003f28fd
                                                                                                                                                              0x003f2900
                                                                                                                                                              0x003f2905
                                                                                                                                                              0x003f2905
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f28f1
                                                                                                                                                              0x003f2855
                                                                                                                                                              0x003f2864
                                                                                                                                                              0x003f2879
                                                                                                                                                              0x003f2881
                                                                                                                                                              0x003f2882
                                                                                                                                                              0x003f288a
                                                                                                                                                              0x003f288f
                                                                                                                                                              0x003f28a3
                                                                                                                                                              0x003f28b0
                                                                                                                                                              0x003f28c1
                                                                                                                                                              0x003f28c1
                                                                                                                                                              0x003f284f

                                                                                                                                                              APIs
                                                                                                                                                              • TlsGetValue.KERNEL32(?), ref: 003F2847
                                                                                                                                                                • Part of subcall function 00501500: TlsAlloc.KERNEL32(?,003F28CE,?), ref: 00501503
                                                                                                                                                              • ReleaseSRWLockExclusive.KERNEL32(052FE1B8), ref: 003F29A8
                                                                                                                                                              • __Init_thread_header.LIBCMT ref: 003F29BD
                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 003F29EC
                                                                                                                                                                • Part of subcall function 00501520: TlsFree.KERNEL32(003F2933,?,003F2933,000000FF), ref: 00501526
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocExclusiveFreeInit_thread_footerInit_thread_headerLockReleaseValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1197653586-0
                                                                                                                                                              • Opcode ID: a94715066ce4d47ea67957401996063a293b85db1fbfe00d65bfa3b099b373c5
                                                                                                                                                              • Instruction ID: c5709d3c931d742092732cad5efd1733f1cefb00ccbfded2fc8e1d51349aaa85
                                                                                                                                                              • Opcode Fuzzy Hash: a94715066ce4d47ea67957401996063a293b85db1fbfe00d65bfa3b099b373c5
                                                                                                                                                              • Instruction Fuzzy Hash: 5141F4B190011C9FC720DB68BC85AAB37A8FF81360F040579F5599B3D1EB316A56CFA2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084B481 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 275 84b481-84b496 GetLastError 276 84b4b4-84b4be call 84bad3 275->276 277 84b498-84b4a2 call 84ba94 275->277 282 84b4c0-84b4c7 call 84ac61 276->282 283 84b4a9 276->283 284 84b4a4-84b4a7 277->284 285 84b4af 277->285 289 84b4cc-84b4d2 282->289 288 84b4ab-84b4ad 283->288 284->283 287 84b521 284->287 285->276 290 84b523-84b535 SetLastError 287->290 288->290 291 84b4d4-84b4e2 call 84bad3 289->291 292 84b4eb-84b4f9 call 84bad3 289->292 297 84b4e3-84b4e9 call 84acbe 291->297 298 84b50c-84b51e call 84b5ac call 84acbe 292->298 299 84b4fb-84b50a call 84bad3 292->299 297->288 298->287 299->297
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E0084B481(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t5;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0xae9ac0; // 0x6
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E0084BAD3(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t5 = E0084AC61(1, 0x364); // executed
						_t18 = _t5;
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E0084BAD3(__eflags,  *0xae9ac0, _t18);
							if(__eflags != 0) {
								E0084B5AC(_t18, 0xaf2220);
								E0084ACBE(0);
								goto L13;
							} else {
								_t13 = 0;
								E0084BAD3(__eflags,  *0xae9ac0, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E0084BAD3(0,  *0xae9ac0, 0);
							_push(0);
							L9:
							E0084ACBE();
							goto L4;
						}
					}
				} else {
					_t18 = E0084BA94(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0xae9ac0; // 0x6
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}









                                                                                                                                                              0x0084b48c
                                                                                                                                                              0x0084b48e
                                                                                                                                                              0x0084b493
                                                                                                                                                              0x0084b496
                                                                                                                                                              0x0084b4b4
                                                                                                                                                              0x0084b4b7
                                                                                                                                                              0x0084b4bc
                                                                                                                                                              0x0084b4be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b4c0
                                                                                                                                                              0x0084b4c7
                                                                                                                                                              0x0084b4cc
                                                                                                                                                              0x0084b4d0
                                                                                                                                                              0x0084b4d2
                                                                                                                                                              0x0084b4f7
                                                                                                                                                              0x0084b4f9
                                                                                                                                                              0x0084b512
                                                                                                                                                              0x0084b519
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b4fb
                                                                                                                                                              0x0084b4fb
                                                                                                                                                              0x0084b504
                                                                                                                                                              0x0084b509
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b509
                                                                                                                                                              0x0084b4d4
                                                                                                                                                              0x0084b4d4
                                                                                                                                                              0x0084b4d4
                                                                                                                                                              0x0084b4dd
                                                                                                                                                              0x0084b4e2
                                                                                                                                                              0x0084b4e3
                                                                                                                                                              0x0084b4e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b4e8
                                                                                                                                                              0x0084b4d2
                                                                                                                                                              0x0084b498
                                                                                                                                                              0x0084b49e
                                                                                                                                                              0x0084b4a2
                                                                                                                                                              0x0084b4af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b4a4
                                                                                                                                                              0x0084b4a7
                                                                                                                                                              0x0084b521
                                                                                                                                                              0x0084b521
                                                                                                                                                              0x0084b4a9
                                                                                                                                                              0x0084b4a9
                                                                                                                                                              0x0084b4a9
                                                                                                                                                              0x0084b4ab
                                                                                                                                                              0x0084b4ab
                                                                                                                                                              0x0084b4ab
                                                                                                                                                              0x0084b4a7
                                                                                                                                                              0x0084b4a2
                                                                                                                                                              0x0084b524
                                                                                                                                                              0x0084b52c
                                                                                                                                                              0x0084b535

                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,0083D86F,0084A25C,00000000,?,0082EF1E,00000000,?,?,?,558DE045,004041F3,?,003810B8), ref: 0084B486
                                                                                                                                                              • _free.LIBCMT ref: 0084B4E3
                                                                                                                                                              • _free.LIBCMT ref: 0084B519
                                                                                                                                                              • SetLastError.KERNEL32(00000000,00000006,000000FF,?,0082EF1E,00000000,?,?,?,558DE045,004041F3,?,003810B8,?,?), ref: 0084B524
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast_free
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2283115069-0
                                                                                                                                                              • Opcode ID: 1422ecce2ff2e95b235c06c6422fd8793163f68f56eb967a3e4503434c72d2bb
                                                                                                                                                              • Instruction ID: ba7bc9bf7a4849f9268dd76554d2b22fae27330a295e552bbe5ee8b49dd8b782
                                                                                                                                                              • Opcode Fuzzy Hash: 1422ecce2ff2e95b235c06c6422fd8793163f68f56eb967a3e4503434c72d2bb
                                                                                                                                                              • Instruction Fuzzy Hash: 6B11C27220135C6A9A11E7FCACC1A2B255EFBC07B47290234F615CF1D2DF25CC029626
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00404CE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 308 404ce0-404cfb GetHandleVerifier 309 404d01-404d05 308->309
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00404CE0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16) {
				intOrPtr* _t6;

				_t3 =  &_a16; // 0x382ae9
				_t6 = E00505C80();
				return  *((intOrPtr*)( *_t6 + 4))(_a4, _a8, _a12,  *_t3);
			}




                                                                                                                                                              0x00404cec
                                                                                                                                                              0x00404cef
                                                                                                                                                              0x00404d05

                                                                                                                                                              APIs
                                                                                                                                                              • GetHandleVerifier.CHROMEDRIVER(?,00000000,+G@,?,00382AE9,+G@,?,?,00000000,?,?,?,0040472B,?), ref: 00404CEF
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HandleVerifier
                                                                                                                                                              • String ID: +G@$*8
                                                                                                                                                              • API String ID: 3954843157-2025449034
                                                                                                                                                              • Opcode ID: 9041283508ced46c005ec5e474b3639aadae35b4abfca984d6ab9a96528a89fe
                                                                                                                                                              • Instruction ID: 6ae1df3501a524c8d138d7a1f5c24c068924ab575cd586ef80958eb9e04c981c
                                                                                                                                                              • Opcode Fuzzy Hash: 9041283508ced46c005ec5e474b3639aadae35b4abfca984d6ab9a96528a89fe
                                                                                                                                                              • Instruction Fuzzy Hash: 11D01776201219BF9B009E06EC88CABBF2DFFCA2A5B008162FD0857211C631AC11CAF0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00382AB0 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 310 382ab0-382abb 311 382abd-382acd GetLastError 310->311 312 382af3-382af7 310->312 313 382afa-382b1e call 3ddcf0 call 404d10 call 404cc0 311->313 314 382acf-382ad5 311->314 313->314 315 382aec-382aed SetLastError 314->315 316 382ad7-382ae4 call 3ddcf0 call 404ce0 314->316 315->312 324 382ae9 316->324 324->315
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00382AB0(intOrPtr* __ecx, char _a4) {
				intOrPtr _v0;
				void* _t5;
				void* _t10;
				intOrPtr _t12;
				long _t16;
				intOrPtr* _t17;
				void* _t18;

				_t1 =  &_a4; // 0x40472b
				_t12 =  *_t1;
				if( *__ecx != _t12) {
					_t17 = __ecx;
					_t16 = GetLastError();
					if( *_t17 + 1 >= 2) {
						E00404D10( *_t17, _t17, _v0, E003DDCF0());
						E00404CC0( *_t17);
						_t18 = _t18 + 0x14;
						 *_t17 = 0;
					}
					_t10 = _t12 + 1;
					if(_t10 >= 2) {
						 *_t17 = _t12;
						_t10 = E00404CE0(_t12, _t17, _v0, E003DDCF0()); // executed
					}
					SetLastError(_t16);
					return _t10;
				}
				return _t5;
			}










                                                                                                                                                              0x00382ab6
                                                                                                                                                              0x00382ab6
                                                                                                                                                              0x00382abb
                                                                                                                                                              0x00382abd
                                                                                                                                                              0x00382ac7
                                                                                                                                                              0x00382acd
                                                                                                                                                              0x00382b06
                                                                                                                                                              0x00382b10
                                                                                                                                                              0x00382b15
                                                                                                                                                              0x00382b18
                                                                                                                                                              0x00382b18
                                                                                                                                                              0x00382acf
                                                                                                                                                              0x00382ad5
                                                                                                                                                              0x00382ad7
                                                                                                                                                              0x00382ae4
                                                                                                                                                              0x00382ae9
                                                                                                                                                              0x00382aed
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00382aed
                                                                                                                                                              0x00382af7

                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000000,?,0040472B,?), ref: 00382ABF
                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,0040472B,?), ref: 00382AED
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                              • String ID: +G@
                                                                                                                                                              • API String ID: 1452528299-46000193
                                                                                                                                                              • Opcode ID: fb623aec4642196f711070ab2a356a8995a764556e403585c071735189facfe9
                                                                                                                                                              • Instruction ID: b38f9dbeafd6a76e2d87aab80f68463e10110d096d7466aa52d9d3a8332caf96
                                                                                                                                                              • Opcode Fuzzy Hash: fb623aec4642196f711070ab2a356a8995a764556e403585c071735189facfe9
                                                                                                                                                              • Instruction Fuzzy Hash: A8F078B6000200EFEB227F21EC81EAB3B6DEF41314B10043EFA454A213DB7A9C10D7A4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 003D3FF0 Relevance: 1.7, APIs: 1, Instructions: 160COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 335 3d3ff0-3d4001 336 3d4056-3d405b 335->336 337 3d4003-3d4020 call 403a10 call 3d4150 335->337 340 3d4061-3d4062 336->340 337->340 346 3d4022-3d404a 337->346 342 3d4064-3d407f 340->342 344 3d408b-3d4090 342->344 345 3d4081-3d4088 342->345 347 3d40bc-3d40be 344->347 348 3d4092-3d4094 344->348 346->342 349 3d404c-3d4053 ReleaseSRWLockExclusive 346->349 350 3d4115-3d4116 347->350 351 3d40c0 347->351 352 3d410c-3d410d 348->352 353 3d4096-3d4098 348->353 349->336 356 3d4118-3d4119 350->356 351->356 357 3d40c2-3d40c4 351->357 354 3d410f-3d4110 352->354 353->354 355 3d409a-3d409c 353->355 359 3d4112-3d4113 354->359 358 3d409e-3d40a9 355->358 355->359 362 3d411b-3d411c 356->362 360 3d40e9-3d40eb 357->360 361 3d40c6-3d40d3 357->361 363 3d40ab-3d40b8 call 3d4bc0 358->363 359->350 360->362 366 3d40ed-3d40ef 360->366 364 3d40d6-3d40e4 call 3d4bc0 361->364 365 3d411e-3d4121 362->365 376 3d40ba 363->376 377 3d40e6 364->377 370 3d4130-3d4136 365->370 366->365 367 3d40f1 366->367 367->345 371 3d40f3-3d40f5 367->371 375 3d413c-3d4140 370->375 374 3d40f8-3d4105 call 3d4bc0 371->374 380 3d4107 374->380 376->345 377->360 380->345
                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                              			E003D3FF0(void* __edx, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v24;
				intOrPtr _v32;
				intOrPtr _t29;
				signed int _t33;
				signed int _t34;
				intOrPtr _t40;
				signed int _t41;
				signed int _t43;
				signed int _t45;
				intOrPtr* _t46;
				intOrPtr* _t48;
				signed int _t56;
				signed int _t58;
				signed int _t62;
				intOrPtr _t66;
				void* _t69;
				char* _t71;
				intOrPtr* _t73;
				intOrPtr _t75;
				void* _t76;
				void* _t80;
				void* _t84;

				_t66 =  *0xaeb8a0; // 0x0
				_t71 =  &_a4;
				if(_t66 == 0) {
					L4:
					_t46 = _t71;
					_pop(_t78);
					_t29 =  *_t46;
					if(_t29 != 0) {
						asm("lock dec dword [eax]");
						if(__eflags != 0) {
							goto L37;
						} else {
							return  *((intOrPtr*)(_t29 + 8))(_t29);
						}
					} else {
						L37:
						return _t29;
					}
				} else {
					L00403A10(_t66, __edx);
					_t40 =  *0xaeb8a0; // 0x0
					_t2 = _t40 + 4; // 0x4
					_t48 = _t2;
					E003D4150(_t48, 1);
					_t33 =  *(_t40 + 0x10);
					if( *((intOrPtr*)(_t40 + 8)) < _t33) {
						asm("int3");
						asm("ud2");
						goto L6;
					} else {
						 *((intOrPtr*)( *((intOrPtr*)(_t40 + 4)) + _t33 * 4)) =  *_t71;
						_t33 = 0;
						 *_t71 = 0;
						_t48 =  *((intOrPtr*)(_t40 + 8));
						_t71 = _t48 - 1;
						_t62 =  ==  ? 0 :  *(_t40 + 0x10) + 1;
						 *(_t40 + 0x10) = _t62;
						_t63 =  ==  ? _t48 : _t62;
						_t64 = ( ==  ? _t48 : _t62) - 1;
						_t92 = _t48 - ( ==  ? _t48 : _t62) - 1;
						if(_t48 < ( ==  ? _t48 : _t62) - 1) {
							L6:
							asm("int3");
							asm("ud2");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_t80 = _t84;
							_push(_t40);
							_push(_t66);
							_push(_t71);
							_push(_t33);
							_t41 = _v8;
							_t34 = _v12;
							__eflags = _t41 - _t34;
							if(__eflags != 0) {
								_t56 =  *(_t48 + 4);
								_t73 = _t48;
								if(__eflags <= 0) {
									__eflags = _t56 - _t34;
									if(__eflags < 0) {
										goto L31;
									} else {
										if(__eflags < 0) {
											goto L32;
										} else {
											__eflags = _t56 - _t34;
											if(_t56 != _t34) {
												_t69 =  *_t73 + _t34 * 4;
												_t58 = (_t56 << 2) - (_t34 << 2);
												__eflags = _t58;
												_v24 = _t58;
												do {
													L36();
													_t69 = _t69 + 4;
													_t22 =  &_v24;
													 *_t22 = _v24 + 0xfffffffc;
													__eflags =  *_t22;
												} while ( *_t22 != 0);
												_t34 =  *(_t73 + 4);
											}
											__eflags = _t34 - _t41;
											if(_t34 < _t41) {
												goto L33;
											} else {
												__eflags = _t41;
												if(__eflags < 0) {
													goto L34;
												} else {
													if(__eflags != 0) {
														_t75 =  *_t73;
														_t43 = _t41 << 2;
														__eflags = _t43;
														do {
															L36();
															_t75 = _t75 + 4;
															_t43 = _t43 + 0xfffffffc;
															__eflags = _t43;
														} while (_t43 != 0);
													}
													goto L8;
												}
											}
										}
									}
								} else {
									__eflags = _t56 - _t41;
									if(_t56 < _t41) {
										asm("int3");
										asm("ud2");
										goto L29;
									} else {
										__eflags = _t56 - _t34;
										if(_t56 < _t34) {
											L29:
											asm("int3");
											asm("ud2");
											goto L30;
										} else {
											__eflags = _t34 - _t41;
											if(_t34 > _t41) {
												L30:
												asm("int3");
												asm("ud2");
												L31:
												asm("int3");
												asm("ud2");
												L32:
												asm("int3");
												asm("ud2");
												L33:
												asm("int3");
												asm("ud2");
												L34:
												asm("int3");
												asm("ud2");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_t26 = _v32 + 0x14; // 0xcccccccc, executed
												return  *((intOrPtr*)(_v32 + 0x10))( *_t26, _t80);
											} else {
												_t76 =  *_t73 + _t34 * 4;
												_t34 = _t34 << 2;
												_t45 = (_t41 << 2) - _t34;
												__eflags = _t45;
												do {
													L36();
													_t76 = _t76 + 4;
													_t45 = _t45 + 0xfffffffc;
													__eflags = _t45;
												} while (_t45 != 0);
												goto L8;
											}
										}
									}
								}
							} else {
								L8:
								return _t34;
							}
						} else {
							__imp__ReleaseSRWLockExclusive(_t66);
							_t71 =  &_a4;
							goto L4;
						}
					}
				}
			}



























                                                                                                                                                              0x003d3ff6
                                                                                                                                                              0x003d3ffc
                                                                                                                                                              0x003d4001
                                                                                                                                                              0x003d4056
                                                                                                                                                              0x003d4056
                                                                                                                                                              0x003d405b
                                                                                                                                                              0x003d4bc3
                                                                                                                                                              0x003d4bc7
                                                                                                                                                              0x003d4bcb
                                                                                                                                                              0x003d4bce
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d4bd0
                                                                                                                                                              0x003d4bd8
                                                                                                                                                              0x003d4bd8
                                                                                                                                                              0x003d4bca
                                                                                                                                                              0x003d4bca
                                                                                                                                                              0x003d4bca
                                                                                                                                                              0x003d4bca
                                                                                                                                                              0x003d4003
                                                                                                                                                              0x003d4005
                                                                                                                                                              0x003d400a
                                                                                                                                                              0x003d4010
                                                                                                                                                              0x003d4010
                                                                                                                                                              0x003d4015
                                                                                                                                                              0x003d401a
                                                                                                                                                              0x003d4020
                                                                                                                                                              0x003d4061
                                                                                                                                                              0x003d4062
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d4022
                                                                                                                                                              0x003d4027
                                                                                                                                                              0x003d402a
                                                                                                                                                              0x003d402c
                                                                                                                                                              0x003d402e
                                                                                                                                                              0x003d4034
                                                                                                                                                              0x003d403c
                                                                                                                                                              0x003d4041
                                                                                                                                                              0x003d4044
                                                                                                                                                              0x003d4047
                                                                                                                                                              0x003d4048
                                                                                                                                                              0x003d404a
                                                                                                                                                              0x003d4064
                                                                                                                                                              0x003d4064
                                                                                                                                                              0x003d4065
                                                                                                                                                              0x003d4067
                                                                                                                                                              0x003d4068
                                                                                                                                                              0x003d4069
                                                                                                                                                              0x003d406a
                                                                                                                                                              0x003d406b
                                                                                                                                                              0x003d406c
                                                                                                                                                              0x003d406d
                                                                                                                                                              0x003d406e
                                                                                                                                                              0x003d406f
                                                                                                                                                              0x003d4071
                                                                                                                                                              0x003d4073
                                                                                                                                                              0x003d4074
                                                                                                                                                              0x003d4075
                                                                                                                                                              0x003d4076
                                                                                                                                                              0x003d4077
                                                                                                                                                              0x003d407a
                                                                                                                                                              0x003d407d
                                                                                                                                                              0x003d407f
                                                                                                                                                              0x003d408b
                                                                                                                                                              0x003d408e
                                                                                                                                                              0x003d4090
                                                                                                                                                              0x003d40bc
                                                                                                                                                              0x003d40be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d40c0
                                                                                                                                                              0x003d40c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d40c2
                                                                                                                                                              0x003d40c2
                                                                                                                                                              0x003d40c4
                                                                                                                                                              0x003d40cb
                                                                                                                                                              0x003d40d1
                                                                                                                                                              0x003d40d1
                                                                                                                                                              0x003d40d3
                                                                                                                                                              0x003d40d6
                                                                                                                                                              0x003d40d8
                                                                                                                                                              0x003d40dd
                                                                                                                                                              0x003d40e0
                                                                                                                                                              0x003d40e0
                                                                                                                                                              0x003d40e0
                                                                                                                                                              0x003d40e0
                                                                                                                                                              0x003d40e6
                                                                                                                                                              0x003d40e6
                                                                                                                                                              0x003d40e9
                                                                                                                                                              0x003d40eb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d40ed
                                                                                                                                                              0x003d40ed
                                                                                                                                                              0x003d40ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d40f1
                                                                                                                                                              0x003d40f1
                                                                                                                                                              0x003d40f3
                                                                                                                                                              0x003d40f5
                                                                                                                                                              0x003d40f5
                                                                                                                                                              0x003d40f8
                                                                                                                                                              0x003d40fa
                                                                                                                                                              0x003d40ff
                                                                                                                                                              0x003d4102
                                                                                                                                                              0x003d4102
                                                                                                                                                              0x003d4102
                                                                                                                                                              0x003d4107
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d40f1
                                                                                                                                                              0x003d40ef
                                                                                                                                                              0x003d40eb
                                                                                                                                                              0x003d40c0
                                                                                                                                                              0x003d4092
                                                                                                                                                              0x003d4092
                                                                                                                                                              0x003d4094
                                                                                                                                                              0x003d410c
                                                                                                                                                              0x003d410d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d4096
                                                                                                                                                              0x003d4096
                                                                                                                                                              0x003d4098
                                                                                                                                                              0x003d410f
                                                                                                                                                              0x003d410f
                                                                                                                                                              0x003d4110
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d409a
                                                                                                                                                              0x003d409a
                                                                                                                                                              0x003d409c
                                                                                                                                                              0x003d4112
                                                                                                                                                              0x003d4112
                                                                                                                                                              0x003d4113
                                                                                                                                                              0x003d4115
                                                                                                                                                              0x003d4115
                                                                                                                                                              0x003d4116
                                                                                                                                                              0x003d4118
                                                                                                                                                              0x003d4118
                                                                                                                                                              0x003d4119
                                                                                                                                                              0x003d411b
                                                                                                                                                              0x003d411b
                                                                                                                                                              0x003d411c
                                                                                                                                                              0x003d411e
                                                                                                                                                              0x003d411e
                                                                                                                                                              0x003d411f
                                                                                                                                                              0x003d4121
                                                                                                                                                              0x003d4122
                                                                                                                                                              0x003d4123
                                                                                                                                                              0x003d4124
                                                                                                                                                              0x003d4125
                                                                                                                                                              0x003d4126
                                                                                                                                                              0x003d4127
                                                                                                                                                              0x003d4128
                                                                                                                                                              0x003d4129
                                                                                                                                                              0x003d412a
                                                                                                                                                              0x003d412b
                                                                                                                                                              0x003d412c
                                                                                                                                                              0x003d412d
                                                                                                                                                              0x003d412e
                                                                                                                                                              0x003d412f
                                                                                                                                                              0x003d4136
                                                                                                                                                              0x003d4140
                                                                                                                                                              0x003d409e
                                                                                                                                                              0x003d40a3
                                                                                                                                                              0x003d40a6
                                                                                                                                                              0x003d40a9
                                                                                                                                                              0x003d40a9
                                                                                                                                                              0x003d40ab
                                                                                                                                                              0x003d40ad
                                                                                                                                                              0x003d40b2
                                                                                                                                                              0x003d40b5
                                                                                                                                                              0x003d40b5
                                                                                                                                                              0x003d40b5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d40ba
                                                                                                                                                              0x003d409c
                                                                                                                                                              0x003d4098
                                                                                                                                                              0x003d4094
                                                                                                                                                              0x003d4081
                                                                                                                                                              0x003d4081
                                                                                                                                                              0x003d4088
                                                                                                                                                              0x003d4088
                                                                                                                                                              0x003d404c
                                                                                                                                                              0x003d404d
                                                                                                                                                              0x003d4053
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003d4053
                                                                                                                                                              0x003d404a
                                                                                                                                                              0x003d4020

                                                                                                                                                              APIs
                                                                                                                                                              • ReleaseSRWLockExclusive.KERNEL32(00000000,00000001,00000000,?,00000000,?,003D3FD4,003D4130,001F41B0,00000000,?,?), ref: 003D404D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExclusiveLockRelease
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1766480654-0
                                                                                                                                                              • Opcode ID: 10d380427bf46b3f1e292b9677377c984d86bc35e6fe0034ef625ad382e9ed1d
                                                                                                                                                              • Instruction ID: c13f607fa22d387d6ecd67c51fbb5b4c9eaf7117c260cfc36cd693d498f12851
                                                                                                                                                              • Opcode Fuzzy Hash: 10d380427bf46b3f1e292b9677377c984d86bc35e6fe0034ef625ad382e9ed1d
                                                                                                                                                              • Instruction Fuzzy Hash: 54412573B002154FCB15CE68F8C042AB3ABFBE43147148A2ADA558F745E731ED46C790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 001F2510 Relevance: 1.7, APIs: 1, Instructions: 153COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 381 1f2510-1f2532 call 848580 384 1f258d-1f25c7 call 3ce600 381->384 385 1f2534-1f2537 381->385 393 1f25cd-1f25d3 384->393 394 1f2677-1f2692 call 1f2800 call 82cc31 384->394 387 1f2539-1f2540 385->387 388 1f2544-1f2550 call 82cb74 385->388 390 1f256e-1f257a call 830360 387->390 391 1f2542 387->391 396 1f2555-1f256b 388->396 395 1f257d-1f258a 390->395 391->395 398 1f25df-1f25ed 393->398 399 1f25d5-1f25dc call 3b07e0 393->399 396->390 403 1f25ef-1f2626 call 3b0920 call 3c92d0 call 3b41a0 398->403 404 1f2629-1f2660 call 1f26a0 398->404 399->398 403->404 404->394 413 1f2662-1f2672 call 3b25c0 404->413 413->394
                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                              			E001F2510(void* __eax, intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr* _v12;
				char _v20;
				signed int _v24;
				char _v28;
				signed int _v36;
				char _v37;
				intOrPtr* _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t50;
				signed int _t52;
				intOrPtr* _t68;
				intOrPtr* _t73;
				intOrPtr _t76;
				intOrPtr _t77;
				signed int _t81;
				signed int _t82;
				void* _t103;
				signed int* _t104;
				signed int _t105;
				intOrPtr* _t106;
				intOrPtr* _t107;
				intOrPtr* _t108;
				signed int _t110;
				void* _t111;
				signed int _t112;
				void* _t113;

				_t76 = _a4;
				_t107 = __ecx;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				_t50 = E00848580(_t76);
				_t112 = _t111 + 4;
				if(_t50 >= 0xfffffff0) {
					E003CE600(_t76, _t103, _t107, __eflags);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t110 = _t112;
					_push(_t76);
					_push(_t103);
					_push(_t107);
					_t113 = _t112 - 0x14;
					_t52 =  *0xae93a0; // 0xe041a7c9
					_t108 = _v12;
					_v36 = _t52 ^ _t110;
					_v48 = 0;
					_v44 = _t108;
					_t104 =  *( *_t108 + 4);
					__eflags =  *(_t108 +  &(_t104[4]));
					if( *(_t108 +  &(_t104[4])) == 0) {
						_t89 =  *(_t108 +  &(_t104[0x12]));
						__eflags =  *(_t108 +  &(_t104[0x12]));
						if( *(_t108 +  &(_t104[0x12])) != 0) {
							E003B07E0(_t89);
							_t104 =  *( *_t108 + 4);
						}
						_v36 = 1;
						_t77 = _a8;
						_t58 =  *((intOrPtr*)(_t108 +  &(_t104[0x13])));
						__eflags = _t58 - 0xffffffff;
						if(_t58 == 0xffffffff) {
							_t105 = _t104 + _t108;
							__eflags = _t105;
							E003B0920(_t105,  &_v28);
							_t68 = E003C92D0(_t77,  &_v28, _t105, _t108, 0xaeb200);
							_v37 =  *((intOrPtr*)( *_t68 + 0x1c))(0x20);
							E003B41A0( &_v28);
							_t58 = _v37;
							 *((intOrPtr*)(_t105 + 0x4c)) = _v37;
							_t104 =  *( *_t108 + 4);
						}
						__eflags = (0x000000b0 &  *(_t108 +  &(_t104[1]))) - 0x20;
						_t97 =  ==  ? _t77 + _a4 : _a4;
						_t104 =  &_v28;
						E001F26A0(_t104,  *((intOrPtr*)(_t108 +  &(_t104[6]))), _a4,  ==  ? _t77 + _a4 : _a4, _t77 + _a4, _t108 + _t104, _t58);
						_t113 = _t113 + 0x1c;
						__eflags =  *_t104;
						if( *_t104 == 0) {
							__eflags =  *(_t108 +  &(( *( *_t108 + 4))[4])) | 0x00000005;
							E003B25C0(_t108 +  *( *_t108 + 4), _t104, _t108,  *(_t108 +  &(( *( *_t108 + 4))[4])) | 0x00000005);
						}
					}
					E001F2800( &_v36, _t104);
					__eflags = _v24 ^ _t110;
					L0082CC31(_v24 ^ _t110, _t97, _t104, _t108);
					return _t108;
				} else {
					if(_t50 >= 0xb) {
						_t81 = _t50 + 0x00000010 & 0xfffffff0;
						_push(_t81);
						_v20 = _t50;
						_t73 = E0082CB74(); // executed
						_t112 = _t112 + 4;
						_t106 = _t73;
						_t50 = _v20;
						_t82 = _t81 | 0x80000000;
						__eflags = _t82;
						 *_t107 = _t106;
						 *(_t107 + 8) = _t82;
						_t76 = _a4;
						 *((intOrPtr*)(_t107 + 4)) = _t50;
						goto L5;
					} else {
						_t106 = _t107;
						 *((char*)(_t107 + 0xb)) = _t50;
						if(_t50 != 0) {
							L5:
							E00830360(_t106, _t76, _t50);
							_t112 = _t112 + 0xc;
						} else {
						}
					}
					 *((char*)(_t106 + _t50)) = 0;
					return _t107;
				}
			}
































                                                                                                                                                              0x001f2517
                                                                                                                                                              0x001f251c
                                                                                                                                                              0x001f251e
                                                                                                                                                              0x001f2521
                                                                                                                                                              0x001f2523
                                                                                                                                                              0x001f2527
                                                                                                                                                              0x001f252c
                                                                                                                                                              0x001f2532
                                                                                                                                                              0x001f258f
                                                                                                                                                              0x001f2594
                                                                                                                                                              0x001f2595
                                                                                                                                                              0x001f2596
                                                                                                                                                              0x001f2597
                                                                                                                                                              0x001f2598
                                                                                                                                                              0x001f2599
                                                                                                                                                              0x001f259a
                                                                                                                                                              0x001f259b
                                                                                                                                                              0x001f259c
                                                                                                                                                              0x001f259d
                                                                                                                                                              0x001f259e
                                                                                                                                                              0x001f259f
                                                                                                                                                              0x001f25a1
                                                                                                                                                              0x001f25a3
                                                                                                                                                              0x001f25a4
                                                                                                                                                              0x001f25a5
                                                                                                                                                              0x001f25a6
                                                                                                                                                              0x001f25a9
                                                                                                                                                              0x001f25ae
                                                                                                                                                              0x001f25b3
                                                                                                                                                              0x001f25b6
                                                                                                                                                              0x001f25ba
                                                                                                                                                              0x001f25bf
                                                                                                                                                              0x001f25c2
                                                                                                                                                              0x001f25c7
                                                                                                                                                              0x001f25cd
                                                                                                                                                              0x001f25d1
                                                                                                                                                              0x001f25d3
                                                                                                                                                              0x001f25d5
                                                                                                                                                              0x001f25dc
                                                                                                                                                              0x001f25dc
                                                                                                                                                              0x001f25df
                                                                                                                                                              0x001f25e3
                                                                                                                                                              0x001f25e6
                                                                                                                                                              0x001f25ea
                                                                                                                                                              0x001f25ed
                                                                                                                                                              0x001f25ef
                                                                                                                                                              0x001f25ef
                                                                                                                                                              0x001f25f7
                                                                                                                                                              0x001f2604
                                                                                                                                                              0x001f2615
                                                                                                                                                              0x001f2618
                                                                                                                                                              0x001f261d
                                                                                                                                                              0x001f2621
                                                                                                                                                              0x001f2626
                                                                                                                                                              0x001f2626
                                                                                                                                                              0x001f263d
                                                                                                                                                              0x001f2643
                                                                                                                                                              0x001f2651
                                                                                                                                                              0x001f2655
                                                                                                                                                              0x001f265a
                                                                                                                                                              0x001f265d
                                                                                                                                                              0x001f2660
                                                                                                                                                              0x001f266e
                                                                                                                                                              0x001f2672
                                                                                                                                                              0x001f2672
                                                                                                                                                              0x001f2660
                                                                                                                                                              0x001f267a
                                                                                                                                                              0x001f2682
                                                                                                                                                              0x001f2684
                                                                                                                                                              0x001f2692
                                                                                                                                                              0x001f2534
                                                                                                                                                              0x001f2537
                                                                                                                                                              0x001f2549
                                                                                                                                                              0x001f254c
                                                                                                                                                              0x001f254d
                                                                                                                                                              0x001f2550
                                                                                                                                                              0x001f2555
                                                                                                                                                              0x001f2558
                                                                                                                                                              0x001f255a
                                                                                                                                                              0x001f255d
                                                                                                                                                              0x001f255d
                                                                                                                                                              0x001f2563
                                                                                                                                                              0x001f2565
                                                                                                                                                              0x001f2568
                                                                                                                                                              0x001f256b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x001f2539
                                                                                                                                                              0x001f253b
                                                                                                                                                              0x001f253d
                                                                                                                                                              0x001f2540
                                                                                                                                                              0x001f256e
                                                                                                                                                              0x001f2573
                                                                                                                                                              0x001f257a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x001f2542
                                                                                                                                                              0x001f2540
                                                                                                                                                              0x001f257d
                                                                                                                                                              0x001f258a
                                                                                                                                                              0x001f258a

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _strlen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4218353326-0
                                                                                                                                                              • Opcode ID: f8c089f0f63804d562edf7ba2e3879e1aefaec755f2065e8a4ed38697d4cf24c
                                                                                                                                                              • Instruction ID: 14edee1ea482eda0c08d3671a4a674a20b8d7285210f34e776ead0b50df958f5
                                                                                                                                                              • Opcode Fuzzy Hash: f8c089f0f63804d562edf7ba2e3879e1aefaec755f2065e8a4ed38697d4cf24c
                                                                                                                                                              • Instruction Fuzzy Hash: 324190B0A002099FDB10DF68D881ABFB7E9EF98324F144519E959DB352D731ED01CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084AC61 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 420 84ac61-84ac6c 421 84ac6e-84ac78 420->421 422 84ac7a-84ac80 420->422 421->422 423 84acae-84acb9 call 83d86a 421->423 424 84ac82-84ac83 422->424 425 84ac99-84acaa RtlAllocateHeap 422->425 430 84acbb-84acbd 423->430 424->425 426 84ac85-84ac8c call 404d70 425->426 427 84acac 425->427 426->423 433 84ac8e-84ac97 call 83b006 426->433 427->430 433->423 433->425
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0084AC61(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0xaf1ba0, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00404D70();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E0083D86A(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E0083B006(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}







                                                                                                                                                              0x0084ac67
                                                                                                                                                              0x0084ac6c
                                                                                                                                                              0x0084ac7a
                                                                                                                                                              0x0084ac7a
                                                                                                                                                              0x0084ac80
                                                                                                                                                              0x0084ac82
                                                                                                                                                              0x0084ac82
                                                                                                                                                              0x0084ac99
                                                                                                                                                              0x0084aca2
                                                                                                                                                              0x0084acaa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084ac8a
                                                                                                                                                              0x0084ac8c
                                                                                                                                                              0x0084acae
                                                                                                                                                              0x0084acb3
                                                                                                                                                              0x0084acb9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084acb9
                                                                                                                                                              0x0084ac95
                                                                                                                                                              0x0084ac97
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084ac97
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084ac99
                                                                                                                                                              0x0084ac72
                                                                                                                                                              0x0084ac78
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,003810B8,00000000,?,0084B4CC,00000001,00000364,00000006,000000FF,?,0082EF1E,00000000,?,?,?,558DE045), ref: 0084ACA2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: ea763fbe03b51792cf0621e131e068565ad9b147abc08a0c161bdff92b0e946b
                                                                                                                                                              • Instruction ID: 675f000b7870c8b2b55d3aaf1a739e188e777851ade9ca352831e92ce86bc860
                                                                                                                                                              • Opcode Fuzzy Hash: ea763fbe03b51792cf0621e131e068565ad9b147abc08a0c161bdff92b0e946b
                                                                                                                                                              • Instruction Fuzzy Hash: 27F0BE3168463CABDFBA5B669D85B6A374DFF807A0F154021E904EE190DA31D80182E2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084CE28 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 436 84ce28-84ce34 437 84ce66-84ce71 call 83d86a 436->437 438 84ce36-84ce38 436->438 445 84ce73-84ce75 437->445 440 84ce51-84ce62 RtlAllocateHeap 438->440 441 84ce3a-84ce3b 438->441 442 84ce64 440->442 443 84ce3d-84ce44 call 404d70 440->443 441->440 442->445 443->437 448 84ce46-84ce4f call 83b006 443->448 448->437 448->440
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0084CE28(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E0083D86A(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0xaf1ba0, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00404D70();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = E0083B006(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}





                                                                                                                                                              0x0084ce2e
                                                                                                                                                              0x0084ce34
                                                                                                                                                              0x0084ce66
                                                                                                                                                              0x0084ce6b
                                                                                                                                                              0x0084ce71
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084ce71
                                                                                                                                                              0x0084ce38
                                                                                                                                                              0x0084ce3a
                                                                                                                                                              0x0084ce3a
                                                                                                                                                              0x0084ce51
                                                                                                                                                              0x0084ce5a
                                                                                                                                                              0x0084ce62
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084ce42
                                                                                                                                                              0x0084ce44
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084ce4d
                                                                                                                                                              0x0084ce4f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084ce4f
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,4D88C033,4D88C033,?,0084C81E,00000220,0083F839,4D88C033,?,?,?,?,?,?,?,0083F839), ref: 0084CE5A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 5465422d3c0ee1d651a580ade0dd256a7a5126cfb260a411c31908533f119076
                                                                                                                                                              • Instruction ID: 32b60501a6ede54031e62be54fc506a0662867be348ecf1e231c4674d67055e7
                                                                                                                                                              • Opcode Fuzzy Hash: 5465422d3c0ee1d651a580ade0dd256a7a5126cfb260a411c31908533f119076
                                                                                                                                                              • Instruction Fuzzy Hash: 8CE0ED31723229DAEAB12BAADC00B5BB64CFF81BE0F010121EE04D60D0DB30ED0182E9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 003CED50 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 451 3ced50-3ced67 call 848580 call 3cec10 455 3ced6c-3ced6f 451->455
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E003CED50(void* __ebx, void* __ecx, intOrPtr _a4) {
				void* _t3;
				void* _t8;

				_t7 = _a4;
				_t8 = __ecx;
				_t3 = L003CEC10(__ebx, _t8, _t7, E00848580(_a4)); // executed
				return _t3;
			}





                                                                                                                                                              0x003ced55
                                                                                                                                                              0x003ced58
                                                                                                                                                              0x003ced67
                                                                                                                                                              0x003ced6f

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _strlen
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4218353326-0
                                                                                                                                                              • Opcode ID: 637b5ebd0f166256ae0ba851fdb477517b000bd19364514009a3ae5919aa8b83
                                                                                                                                                              • Instruction ID: cf2613df165e0174b8a19ba63390d40fa3bbd3b189844f4b7f705886888effce
                                                                                                                                                              • Opcode Fuzzy Hash: 637b5ebd0f166256ae0ba851fdb477517b000bd19364514009a3ae5919aa8b83
                                                                                                                                                              • Instruction Fuzzy Hash: B4C012A7600118375511714AAC06CBF7A1CC5D2A70705403BF90487201E9616C6192F6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00404CC0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 456 404cc0-404cd0 GetHandleVerifier 457 404cd3-404cd5 456->457
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00404CC0(intOrPtr _a4) {
				intOrPtr* _t2;
				void* _t3;

				_t2 = E00505C80();
				_t3 =  *((intOrPtr*)( *_t2))(_a4); // executed
				return _t3;
			}





                                                                                                                                                              0x00404cc7
                                                                                                                                                              0x00404cd1
                                                                                                                                                              0x00404cd5

                                                                                                                                                              APIs
                                                                                                                                                              • GetHandleVerifier.CHROMEDRIVER(?,?,004047C8,?), ref: 00404CC7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HandleVerifier
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3954843157-0
                                                                                                                                                              • Opcode ID: 24582c57f2a9b70ca7916a779e25b4c40da64bcbd0f6a0dcca0178f0a6f9ca0a
                                                                                                                                                              • Instruction ID: 2d2c0991d16ac0e5faecec7bdb0c75f2eb83b8a8258629fa0243c72aa6ba4135
                                                                                                                                                              • Opcode Fuzzy Hash: 24582c57f2a9b70ca7916a779e25b4c40da64bcbd0f6a0dcca0178f0a6f9ca0a
                                                                                                                                                              • Instruction Fuzzy Hash: B6C04C31201629AF9A007A55D8498EF7B5DEF8A26174040A1F9099B251DB616D414BE5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 003F2A30 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 458 3f2a30-3f2a49 TlsGetValue 459 3f2a5f-3f2a61 458->459 460 3f2a4b-3f2a55 458->460 461 3f2a59-3f2a5c 459->461 462 3f2a63-3f2a68 call 3f2820 459->462 460->461 462->460
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E003F2A30(signed int* __ecx, intOrPtr _a4) {
				signed int _t9;
				void* _t10;
				intOrPtr _t15;
				signed int* _t16;

				_t15 = _a4;
				_t16 = __ecx;
				_t9 = TlsGetValue( *0xae82a0) & 0xfffffffc;
				if(_t9 != 0) {
					L1:
					 *((intOrPtr*)(_t9 +  *_t16 * 8)) = _t15;
					_t4 =  &(_t16[1]); // 0x0
					 *(_t9 + 4 +  *_t16 * 8) =  *_t4;
					return _t9;
				}
				if(_t15 != 0) {
					_t9 = E003F2820(_t10); // executed
					goto L1;
				}
				return _t9;
			}







                                                                                                                                                              0x003f2a35
                                                                                                                                                              0x003f2a38
                                                                                                                                                              0x003f2a46
                                                                                                                                                              0x003f2a49
                                                                                                                                                              0x003f2a4b
                                                                                                                                                              0x003f2a4d
                                                                                                                                                              0x003f2a52
                                                                                                                                                              0x003f2a55
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f2a55
                                                                                                                                                              0x003f2a61
                                                                                                                                                              0x003f2a63
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f2a63
                                                                                                                                                              0x003f2a5c

                                                                                                                                                              APIs
                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,00505316,?,004041F3,?,?,?,?,?,-00000001,7FFFFFFF,-00000001,?,004041F3), ref: 003F2A40
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Value
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                              • Opcode ID: 19ae601a520ba7a87ed19b5cfc56689e5e736a8980cb0b4f4a67383e85f139be
                                                                                                                                                              • Instruction ID: 35e07ef31b6aa272d4695092ce68637fb7608a5635a49b00b8007a941e3119cd
                                                                                                                                                              • Opcode Fuzzy Hash: 19ae601a520ba7a87ed19b5cfc56689e5e736a8980cb0b4f4a67383e85f139be
                                                                                                                                                              • Instruction Fuzzy Hash: 0BE09236100108DFC7219F49D801C73B7A9EFD4320316411EDA544B371CE71AC11CBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 0084FFB7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E0084FFB7(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = L"ACP";
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = L"OCP";
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E0084549A(_t23, _t23);
									goto L25;
								}
								if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}
















                                                                                                                                                              0x0084ffbc
                                                                                                                                                              0x0084ffbd
                                                                                                                                                              0x0084ffc4
                                                                                                                                                              0x00850068
                                                                                                                                                              0x00850081
                                                                                                                                                              0x00850087
                                                                                                                                                              0x0085008c
                                                                                                                                                              0x0085008e
                                                                                                                                                              0x0085008e
                                                                                                                                                              0x00850094
                                                                                                                                                              0x00850097
                                                                                                                                                              0x00850097
                                                                                                                                                              0x00850083
                                                                                                                                                              0x00850083
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00850083
                                                                                                                                                              0x0084ffca
                                                                                                                                                              0x0084ffcf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084ffd5
                                                                                                                                                              0x0084ffda
                                                                                                                                                              0x0084ffdc
                                                                                                                                                              0x0084ffdc
                                                                                                                                                              0x0084ffe2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084ffe7
                                                                                                                                                              0x0084fffe
                                                                                                                                                              0x0084fffe
                                                                                                                                                              0x00850007
                                                                                                                                                              0x00850009
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0085000b
                                                                                                                                                              0x00850010
                                                                                                                                                              0x00850012
                                                                                                                                                              0x00850012
                                                                                                                                                              0x00850018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0085001d
                                                                                                                                                              0x0085003b
                                                                                                                                                              0x0085003d
                                                                                                                                                              0x00850060
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00850065
                                                                                                                                                              0x00850058
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0085005a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0085005a
                                                                                                                                                              0x0085001f
                                                                                                                                                              0x00850027
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00850029
                                                                                                                                                              0x0085002c
                                                                                                                                                              0x00850032
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00850034
                                                                                                                                                              0x00850036
                                                                                                                                                              0x00850038
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00850038
                                                                                                                                                              0x0084ffe9
                                                                                                                                                              0x0084fff1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084fff3
                                                                                                                                                              0x0084fff6
                                                                                                                                                              0x0084fffc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084fffc
                                                                                                                                                              0x00850002
                                                                                                                                                              0x00850004
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,0084F986,?,?), ref: 00850050
                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,0084F986,?,?), ref: 00850079
                                                                                                                                                              • GetACP.KERNEL32(?,?,0084F986,?,?), ref: 0085008E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                                              • API String ID: 2299586839-711371036
                                                                                                                                                              • Opcode ID: 177268fb23dd01f77a6a75299ea9d81845769b3e4b63e12b953817648dfc715a
                                                                                                                                                              • Instruction ID: bcd639ff235c38a1ebd85063295b8c5b49f978a44af36ea968b36c2812a986a9
                                                                                                                                                              • Opcode Fuzzy Hash: 177268fb23dd01f77a6a75299ea9d81845769b3e4b63e12b953817648dfc715a
                                                                                                                                                              • Instruction Fuzzy Hash: 4321C822A00504EBEB34CF65C901B9773A7FF54B56B968428ED0AD7191E732DD49CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084F83D Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                              			E0084F83D(void* __ebx, void* __ecx, void* __edx, void* __eflags, signed short _a4, short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t55;
				short* _t56;
				short* _t57;
				int _t65;
				int _t67;
				short* _t71;
				intOrPtr _t74;
				void* _t76;
				short* _t77;
				intOrPtr _t84;
				short* _t88;
				short* _t91;
				short** _t101;
				short* _t102;
				signed short _t103;
				signed int _t106;
				void* _t107;

				_t39 =  *0xae93a0; // 0xe041a7c9
				_v8 = _t39 ^ _t106;
				_t88 = _a12;
				_t103 = _a4;
				_v28 = _a8;
				_v24 = E0084B32A(__ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E0084B32A(__ecx, __edx);
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t91 = _t103 + 0x80;
				_t46 = _v24;
				 *_t46 = _t103;
				_t101 =  &(_t46[2]);
				 *_t101 = _t91;
				if(_t91 != 0 &&  *_t91 != 0) {
					_t84 =  *0xacd134; // 0x17
					E0084FA32(_t91, 0, 0xacd020, _t84 - 1, _t101);
					_t46 = _v24;
					_t107 = _t107 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t101;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if(__eflags == 0) {
						goto L19;
					}
					E0084FEC5(_t91, _t99, __eflags,  &_v20);
					_pop(_t91);
					goto L20;
				} else {
					_t71 =  *_t101;
					if(_t71 == 0) {
						L8:
						E0084FD83(_t91, _t99, __eflags,  &_v20);
						L9:
						_pop(_t91);
						if(_v20 != 0) {
							_t102 = 0;
							__eflags = 0;
							L25:
							asm("sbb esi, esi");
							_t103 = E0084FFB7(_t91,  ~_t103 & _t103 + 0x00000100,  &_v20);
							__eflags = _t103;
							if(_t103 == 0) {
								L22:
								L23:
								return L0082CC31(_v8 ^ _t106, _t99, _t102, _t103);
							}
							_t55 = IsValidCodePage(_t103 & 0x0000ffff);
							__eflags = _t55;
							if(_t55 == 0) {
								goto L22;
							}
							_t56 = IsValidLocale(_v16, 1);
							__eflags = _t56;
							if(_t56 == 0) {
								goto L22;
							}
							_t57 = _v28;
							__eflags = _t57;
							if(_t57 != 0) {
								 *_t57 = _t103;
							}
							E0084BD4B(_v16,  &(_v24[0x128]), 0x55, _t102);
							__eflags = _t88;
							if(_t88 == 0) {
								L34:
								goto L23;
							}
							E0084BD4B(_v16,  &(_t88[0x90]), 0x55, _t102);
							_t65 = GetLocaleInfoW(_v16, 0x1001, _t88, 0x40);
							__eflags = _t65;
							if(_t65 == 0) {
								goto L22;
							}
							_t67 = GetLocaleInfoW(_v12, 0x1002,  &(_t88[0x40]), 0x40);
							__eflags = _t67;
							if(_t67 == 0) {
								goto L22;
							}
							E0083F947( &(_t88[0x80]), _t103,  &(_t88[0x80]), 0x10, 0xa);
							goto L34;
						}
						_t74 =  *0xacd01c; // 0x41
						_t76 = E0084FA32(_t91, _t99, 0xaccd10, _t74 - 1, _v24);
						_t107 = _t107 + 0xc;
						if(_t76 == 0) {
							L20:
							_t102 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								goto L25;
							}
							goto L22;
						}
						_t77 =  *_t101;
						_t102 = 0;
						if(_t77 == 0) {
							L14:
							E0084FD83(_t91, _t99, __eflags,  &_v20);
							L15:
							_pop(_t91);
							goto L21;
						}
						_t120 =  *_t77;
						if( *_t77 == 0) {
							goto L14;
						}
						E0084FA93(_t91, _t99, _t120,  &_v20);
						goto L15;
					}
					_t116 =  *_t71 - _t99;
					if( *_t71 == _t99) {
						goto L8;
					}
					E0084FA93(_t91, _t99, _t116,  &_v20);
					goto L9;
				}
			}



































                                                                                                                                                              0x0084f845
                                                                                                                                                              0x0084f84c
                                                                                                                                                              0x0084f853
                                                                                                                                                              0x0084f857
                                                                                                                                                              0x0084f85b
                                                                                                                                                              0x0084f869
                                                                                                                                                              0x0084f86e
                                                                                                                                                              0x0084f86f
                                                                                                                                                              0x0084f870
                                                                                                                                                              0x0084f871
                                                                                                                                                              0x0084f879
                                                                                                                                                              0x0084f87b
                                                                                                                                                              0x0084f881
                                                                                                                                                              0x0084f887
                                                                                                                                                              0x0084f88a
                                                                                                                                                              0x0084f88c
                                                                                                                                                              0x0084f88f
                                                                                                                                                              0x0084f893
                                                                                                                                                              0x0084f89a
                                                                                                                                                              0x0084f8a7
                                                                                                                                                              0x0084f8ac
                                                                                                                                                              0x0084f8af
                                                                                                                                                              0x0084f8b2
                                                                                                                                                              0x0084f8b2
                                                                                                                                                              0x0084f8b4
                                                                                                                                                              0x0084f8b7
                                                                                                                                                              0x0084f8bb
                                                                                                                                                              0x0084f92b
                                                                                                                                                              0x0084f92d
                                                                                                                                                              0x0084f92f
                                                                                                                                                              0x0084f942
                                                                                                                                                              0x0084f942
                                                                                                                                                              0x0084f949
                                                                                                                                                              0x0084f94f
                                                                                                                                                              0x0084f952
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f952
                                                                                                                                                              0x0084f931
                                                                                                                                                              0x0084f934
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f93a
                                                                                                                                                              0x0084f93f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f8c2
                                                                                                                                                              0x0084f8c2
                                                                                                                                                              0x0084f8c6
                                                                                                                                                              0x0084f8d8
                                                                                                                                                              0x0084f8dc
                                                                                                                                                              0x0084f8e1
                                                                                                                                                              0x0084f8e5
                                                                                                                                                              0x0084f8e6
                                                                                                                                                              0x0084f96e
                                                                                                                                                              0x0084f96e
                                                                                                                                                              0x0084f970
                                                                                                                                                              0x0084f97c
                                                                                                                                                              0x0084f986
                                                                                                                                                              0x0084f98a
                                                                                                                                                              0x0084f98c
                                                                                                                                                              0x0084f95d
                                                                                                                                                              0x0084f95f
                                                                                                                                                              0x0084f96d
                                                                                                                                                              0x0084f96d
                                                                                                                                                              0x0084f992
                                                                                                                                                              0x0084f998
                                                                                                                                                              0x0084f99a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f9a1
                                                                                                                                                              0x0084f9a7
                                                                                                                                                              0x0084f9a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f9ab
                                                                                                                                                              0x0084f9ae
                                                                                                                                                              0x0084f9b0
                                                                                                                                                              0x0084f9b2
                                                                                                                                                              0x0084f9b2
                                                                                                                                                              0x0084f9c3
                                                                                                                                                              0x0084f9c8
                                                                                                                                                              0x0084f9ca
                                                                                                                                                              0x0084fa2a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084fa2c
                                                                                                                                                              0x0084f9d9
                                                                                                                                                              0x0084f9e9
                                                                                                                                                              0x0084f9ef
                                                                                                                                                              0x0084f9f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084fa08
                                                                                                                                                              0x0084fa0e
                                                                                                                                                              0x0084fa10
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084fa22
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084fa27
                                                                                                                                                              0x0084f8ec
                                                                                                                                                              0x0084f8fb
                                                                                                                                                              0x0084f900
                                                                                                                                                              0x0084f905
                                                                                                                                                              0x0084f955
                                                                                                                                                              0x0084f955
                                                                                                                                                              0x0084f955
                                                                                                                                                              0x0084f957
                                                                                                                                                              0x0084f95b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f95b
                                                                                                                                                              0x0084f907
                                                                                                                                                              0x0084f909
                                                                                                                                                              0x0084f90d
                                                                                                                                                              0x0084f91f
                                                                                                                                                              0x0084f923
                                                                                                                                                              0x0084f928
                                                                                                                                                              0x0084f928
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f928
                                                                                                                                                              0x0084f90f
                                                                                                                                                              0x0084f912
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f918
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f918
                                                                                                                                                              0x0084f8c8
                                                                                                                                                              0x0084f8cb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f8d1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f8d1

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 0084B32A: GetLastError.KERNEL32(?,E041A7C9,?,00831E34,E041A7C9,?,?,?,0083F839,?,?,?,558DE045,004041F3,?,003810B8), ref: 0084B32F
                                                                                                                                                                • Part of subcall function 0084B32A: SetLastError.KERNEL32(00000000,00000006,000000FF,?,0083F839,?,?,?,558DE045,004041F3,?,003810B8,?,?,?,003CCBF4), ref: 0084B3CD
                                                                                                                                                                • Part of subcall function 0084B32A: _free.LIBCMT ref: 0084B38C
                                                                                                                                                                • Part of subcall function 0084B32A: _free.LIBCMT ref: 0084B3C2
                                                                                                                                                              • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0084F949
                                                                                                                                                              • IsValidCodePage.KERNEL32(?), ref: 0084F992
                                                                                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 0084F9A1
                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 0084F9E9
                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 0084FA08
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 949163717-0
                                                                                                                                                              • Opcode ID: 0f3c8c19d3cfa705f54b5b3aa46e9af954b30a95f93545b94860f2f4ee52d39e
                                                                                                                                                              • Instruction ID: cc5425245e9b012e6a5ad7efe10924bf0109db8a20ab4beab6ef6ea53acf6001
                                                                                                                                                              • Opcode Fuzzy Hash: 0f3c8c19d3cfa705f54b5b3aa46e9af954b30a95f93545b94860f2f4ee52d39e
                                                                                                                                                              • Instruction Fuzzy Hash: DB516072A0020EAFEB10DFA9CC41BAABBB8FF14704F14447DA615EB152E7709A41CB61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084DD2B Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0084DD2B(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E0084BDBB(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                                                                                                                              0x0084dd38
                                                                                                                                                              0x0084dd3a
                                                                                                                                                              0x0084dd3d
                                                                                                                                                              0x0084dd40
                                                                                                                                                              0x0084dd43
                                                                                                                                                              0x0084dd54
                                                                                                                                                              0x0084dd56
                                                                                                                                                              0x0084dd45
                                                                                                                                                              0x0084dd49
                                                                                                                                                              0x0084dd52
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084dd52
                                                                                                                                                              0x0084dd5b

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2934a4d0ff6d03e02c4720ed4818d8ec52cdca67cbe089dc8bc2a0bb9c8fabc3
                                                                                                                                                              • Instruction ID: 512a410d360c16fa6d39f2714751f878ed72b74c02a5f2a6969caa595d1f2de8
                                                                                                                                                              • Opcode Fuzzy Hash: 2934a4d0ff6d03e02c4720ed4818d8ec52cdca67cbe089dc8bc2a0bb9c8fabc3
                                                                                                                                                              • Instruction Fuzzy Hash: 88E04632912238EBCB14DB8CC944A8AF2ACFB44B00B110096B501D3110C270DE00C7D1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084ECA0 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0084ECA0(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0xae9a40) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E0084ACBE(_t46);
							E0084E116( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E0084ACBE(_t47);
							E0084E42E( *((intOrPtr*)(_t74 + 0x88)));
						}
						E0084ACBE( *((intOrPtr*)(_t74 + 0x7c)));
						E0084ACBE( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E0084ACBE( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E0084ACBE( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E0084ACBE( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E0084ACBE( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E0084EE3A( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0xaea0e0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E0084ACBE(_t31);
							E0084ACBE( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t22 = _t70 - 4; // 0xffed8a72
						_t29 =  *_t22;
						if(_t29 != 0 &&  *_t29 == 0) {
							E0084ACBE(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E0084ACBE(_t74);
			}















                                                                                                                                                              0x0084eca8
                                                                                                                                                              0x0084ecac
                                                                                                                                                              0x0084ecb4
                                                                                                                                                              0x0084ecbd
                                                                                                                                                              0x0084ecc2
                                                                                                                                                              0x0084ecc9
                                                                                                                                                              0x0084ecd1
                                                                                                                                                              0x0084ecd9
                                                                                                                                                              0x0084ece4
                                                                                                                                                              0x0084ecea
                                                                                                                                                              0x0084eceb
                                                                                                                                                              0x0084ecf3
                                                                                                                                                              0x0084ecfb
                                                                                                                                                              0x0084ed06
                                                                                                                                                              0x0084ed0c
                                                                                                                                                              0x0084ed10
                                                                                                                                                              0x0084ed1b
                                                                                                                                                              0x0084ed21
                                                                                                                                                              0x0084ecc2
                                                                                                                                                              0x0084ed22
                                                                                                                                                              0x0084ed2a
                                                                                                                                                              0x0084ed3d
                                                                                                                                                              0x0084ed50
                                                                                                                                                              0x0084ed5e
                                                                                                                                                              0x0084ed69
                                                                                                                                                              0x0084ed6e
                                                                                                                                                              0x0084ed77
                                                                                                                                                              0x0084ed7f
                                                                                                                                                              0x0084ed80
                                                                                                                                                              0x0084ed86
                                                                                                                                                              0x0084ed89
                                                                                                                                                              0x0084ed8c
                                                                                                                                                              0x0084ed93
                                                                                                                                                              0x0084ed95
                                                                                                                                                              0x0084ed99
                                                                                                                                                              0x0084eda1
                                                                                                                                                              0x0084eda8
                                                                                                                                                              0x0084edae
                                                                                                                                                              0x0084edaf
                                                                                                                                                              0x0084edaf
                                                                                                                                                              0x0084edb6
                                                                                                                                                              0x0084edb8
                                                                                                                                                              0x0084edb8
                                                                                                                                                              0x0084edbd
                                                                                                                                                              0x0084edc5
                                                                                                                                                              0x0084edca
                                                                                                                                                              0x0084edcb
                                                                                                                                                              0x0084edcb
                                                                                                                                                              0x0084edce
                                                                                                                                                              0x0084edd1
                                                                                                                                                              0x0084edd4
                                                                                                                                                              0x0084edd7
                                                                                                                                                              0x0084edd7
                                                                                                                                                              0x0084ede7

                                                                                                                                                              APIs
                                                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 0084ECE4
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E133
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E145
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E157
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E169
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E17B
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E18D
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E19F
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E1B1
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E1C3
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E1D5
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E1E7
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E1F9
                                                                                                                                                                • Part of subcall function 0084E116: _free.LIBCMT ref: 0084E20B
                                                                                                                                                              • _free.LIBCMT ref: 0084ECD9
                                                                                                                                                                • Part of subcall function 0084ACBE: HeapFree.KERNEL32(00000000,00000000,?,0084E8A5,?,00000000,?,?,?,0084E534,?,00000007,?,?,0084EE60,?), ref: 0084ACD4
                                                                                                                                                                • Part of subcall function 0084ACBE: GetLastError.KERNEL32(?,?,0084E8A5,?,00000000,?,?,?,0084E534,?,00000007,?,?,0084EE60,?,?), ref: 0084ACE6
                                                                                                                                                              • _free.LIBCMT ref: 0084ECFB
                                                                                                                                                              • _free.LIBCMT ref: 0084ED10
                                                                                                                                                              • _free.LIBCMT ref: 0084ED1B
                                                                                                                                                              • _free.LIBCMT ref: 0084ED3D
                                                                                                                                                              • _free.LIBCMT ref: 0084ED50
                                                                                                                                                              • _free.LIBCMT ref: 0084ED5E
                                                                                                                                                              • _free.LIBCMT ref: 0084ED69
                                                                                                                                                              • _free.LIBCMT ref: 0084EDA1
                                                                                                                                                              • _free.LIBCMT ref: 0084EDA8
                                                                                                                                                              • _free.LIBCMT ref: 0084EDC5
                                                                                                                                                              • _free.LIBCMT ref: 0084EDDD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 161543041-0
                                                                                                                                                              • Opcode ID: 4a2e05c4490969239b910022237085611107cf00f99654c01c5a9e47eb9d60e3
                                                                                                                                                              • Instruction ID: 87d5e38ce190e6c0e9145aaa55ac9bfa2d9fdaf7aa1bcf097b70636d1920a664
                                                                                                                                                              • Opcode Fuzzy Hash: 4a2e05c4490969239b910022237085611107cf00f99654c01c5a9e47eb9d60e3
                                                                                                                                                              • Instruction Fuzzy Hash: 09315831A40608DFEB35AB3CE985B5673E9FF10750F144829F459DB291DA35EE80CA12
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0082F170 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 35%
                                                                                                                                                              			E0082F170(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t53;
				signed int _t60;
				intOrPtr _t61;
				void* _t62;
				intOrPtr* _t63;
				intOrPtr _t65;
				intOrPtr* _t68;
				intOrPtr _t70;
				intOrPtr* _t76;
				intOrPtr* _t80;
				intOrPtr _t81;
				intOrPtr _t83;
				signed int _t86;
				char _t88;
				intOrPtr* _t91;
				intOrPtr _t96;
				intOrPtr _t98;
				intOrPtr _t101;
				intOrPtr* _t103;
				intOrPtr* _t104;
				intOrPtr* _t105;
				void* _t109;
				void* _t111;
				void* _t118;

				_t94 = __edx;
				_push(__ebx);
				_t80 = _a4;
				_push(__esi);
				_v5 = 0;
				_v16 = 1;
				 *_t80 = E0085BBFE(__ecx,  *_t80);
				_t81 = _a8;
				_t6 = _t81 + 0x10; // 0x11
				_t101 = _t6;
				_push(_t101);
				_v20 = _t101;
				_v12 =  *(_t81 + 8) ^  *0xae93a0;
				E0082F130(__edx,  *(_t81 + 8) ^  *0xae93a0);
				E0084A1DC(_a12);
				_t53 = _a4;
				_t111 = _t109 - 0x1c + 0x10;
				_t98 =  *((intOrPtr*)(_t81 + 0xc));
				if(( *(_t53 + 4) & 0x00000066) != 0) {
					__eflags = _t98 - 0xfffffffe;
					if(_t98 != 0xfffffffe) {
						_t94 = 0xfffffffe;
						E0084AB90(_t81, 0xfffffffe, _t101, 0xae93a0);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t53;
					_v28 = _a12;
					 *((intOrPtr*)(_t81 - 4)) =  &_v32;
					if(_t98 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t86 = _v12;
							_t60 = _t98 + (_t98 + 2) * 2;
							_t83 =  *((intOrPtr*)(_t86 + _t60 * 4));
							_t61 = _t86 + _t60 * 4;
							_t87 =  *((intOrPtr*)(_t61 + 4));
							_v24 = _t61;
							if( *((intOrPtr*)(_t61 + 4)) == 0) {
								_t88 = _v5;
								goto L7;
							} else {
								_t94 = _t101;
								_t62 = E0084AB40(_t87, _t101);
								_t88 = 1;
								_v5 = 1;
								_t118 = _t62;
								if(_t118 < 0) {
									_v16 = 0;
									L13:
									_push(_t101);
									E0082F130(_t94, _v12);
									goto L14;
								} else {
									if(_t118 > 0) {
										_t63 = _a4;
										__eflags =  *_t63 - 0xe06d7363;
										if( *_t63 == 0xe06d7363) {
											__eflags =  *0xac9058;
											if(__eflags != 0) {
												_t76 = E0084A980(__eflags, 0xac9058);
												_t111 = _t111 + 4;
												__eflags = _t76;
												if(_t76 != 0) {
													_t105 =  *0xac9058; // 0x82e980
													 *0xaf3000(_a4, 1);
													 *_t105();
													_t101 = _v20;
													_t111 = _t111 + 8;
												}
												_t63 = _a4;
											}
										}
										_t95 = _t63;
										E0084AB74(_t63, _a8, _t63);
										_t65 = _a8;
										__eflags =  *((intOrPtr*)(_t65 + 0xc)) - _t98;
										if( *((intOrPtr*)(_t65 + 0xc)) != _t98) {
											_t95 = _t98;
											E0084AB90(_t65, _t98, _t101, 0xae93a0);
											_t65 = _a8;
										}
										_push(_t101);
										 *((intOrPtr*)(_t65 + 0xc)) = _t83;
										E0082F130(_t95, _v12);
										_t96 = _t101;
										_t91 =  *((intOrPtr*)(_v24 + 8));
										E0084AB58();
										asm("int3");
										_push(_t101);
										_t103 =  *((intOrPtr*)(E008493AB(_t83, _t91, _t96, _t101) + 4));
										__eflags = _t103;
										if(__eflags != 0) {
											_t91 = _t103;
											 *0xaf3000();
											 *_t103();
										}
										_t68 = L0083F2F3(_t83, _t91, _t96, __eflags);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t103);
										L28();
										_t104 = _t68;
										__eflags = _t104;
										if(_t104 != 0) {
											_t91 = _t104;
											 *0xaf3000();
											 *_t104();
										}
										E00841B75(_t83, _t91, _t96, _t104);
										asm("int3");
										_t70 =  *0xaf1dc8; // 0x0
										return _t70;
									} else {
										goto L7;
									}
								}
							}
							goto L29;
							L7:
							_t98 = _t83;
						} while (_t83 != 0xfffffffe);
						if(_t88 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L29:
			}


































                                                                                                                                                              0x0082f170
                                                                                                                                                              0x0082f176
                                                                                                                                                              0x0082f177
                                                                                                                                                              0x0082f17a
                                                                                                                                                              0x0082f17c
                                                                                                                                                              0x0082f182
                                                                                                                                                              0x0082f18e
                                                                                                                                                              0x0082f190
                                                                                                                                                              0x0082f196
                                                                                                                                                              0x0082f196
                                                                                                                                                              0x0082f19f
                                                                                                                                                              0x0082f1a1
                                                                                                                                                              0x0082f1a4
                                                                                                                                                              0x0082f1a7
                                                                                                                                                              0x0082f1af
                                                                                                                                                              0x0082f1b4
                                                                                                                                                              0x0082f1b7
                                                                                                                                                              0x0082f1ba
                                                                                                                                                              0x0082f1c1
                                                                                                                                                              0x0082f21d
                                                                                                                                                              0x0082f220
                                                                                                                                                              0x0082f228
                                                                                                                                                              0x0082f22f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0082f22f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0082f1c3
                                                                                                                                                              0x0082f1c3
                                                                                                                                                              0x0082f1c9
                                                                                                                                                              0x0082f1cf
                                                                                                                                                              0x0082f1d5
                                                                                                                                                              0x0082f240
                                                                                                                                                              0x0082f249
                                                                                                                                                              0x0082f1d7
                                                                                                                                                              0x0082f1d7
                                                                                                                                                              0x0082f1d7
                                                                                                                                                              0x0082f1dd
                                                                                                                                                              0x0082f1e0
                                                                                                                                                              0x0082f1e3
                                                                                                                                                              0x0082f1e6
                                                                                                                                                              0x0082f1e9
                                                                                                                                                              0x0082f1ee
                                                                                                                                                              0x0082f204
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0082f1f0
                                                                                                                                                              0x0082f1f0
                                                                                                                                                              0x0082f1f2
                                                                                                                                                              0x0082f1f7
                                                                                                                                                              0x0082f1f9
                                                                                                                                                              0x0082f1fc
                                                                                                                                                              0x0082f1fe
                                                                                                                                                              0x0082f214
                                                                                                                                                              0x0082f234
                                                                                                                                                              0x0082f234
                                                                                                                                                              0x0082f238
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0082f200
                                                                                                                                                              0x0082f200
                                                                                                                                                              0x0082f24a
                                                                                                                                                              0x0082f24d
                                                                                                                                                              0x0082f253
                                                                                                                                                              0x0082f255
                                                                                                                                                              0x0082f25c
                                                                                                                                                              0x0082f263
                                                                                                                                                              0x0082f268
                                                                                                                                                              0x0082f26b
                                                                                                                                                              0x0082f26d
                                                                                                                                                              0x0082f26f
                                                                                                                                                              0x0082f27c
                                                                                                                                                              0x0082f282
                                                                                                                                                              0x0082f284
                                                                                                                                                              0x0082f287
                                                                                                                                                              0x0082f287
                                                                                                                                                              0x0082f28a
                                                                                                                                                              0x0082f28a
                                                                                                                                                              0x0082f25c
                                                                                                                                                              0x0082f290
                                                                                                                                                              0x0082f292
                                                                                                                                                              0x0082f297
                                                                                                                                                              0x0082f29a
                                                                                                                                                              0x0082f29d
                                                                                                                                                              0x0082f2a5
                                                                                                                                                              0x0082f2a9
                                                                                                                                                              0x0082f2ae
                                                                                                                                                              0x0082f2ae
                                                                                                                                                              0x0082f2b1
                                                                                                                                                              0x0082f2b5
                                                                                                                                                              0x0082f2b8
                                                                                                                                                              0x0082f2c3
                                                                                                                                                              0x0082f2c5
                                                                                                                                                              0x0082f2c8
                                                                                                                                                              0x0082f2cd
                                                                                                                                                              0x0082f2ce
                                                                                                                                                              0x0082f2d4
                                                                                                                                                              0x0082f2d7
                                                                                                                                                              0x0082f2d9
                                                                                                                                                              0x0082f2db
                                                                                                                                                              0x0082f2dd
                                                                                                                                                              0x0082f2e3
                                                                                                                                                              0x0082f2e3
                                                                                                                                                              0x0082f2e5
                                                                                                                                                              0x0082f2ea
                                                                                                                                                              0x0082f2eb
                                                                                                                                                              0x0082f2ec
                                                                                                                                                              0x0082f2ed
                                                                                                                                                              0x0082f2ee
                                                                                                                                                              0x0082f2ef
                                                                                                                                                              0x0082f2f0
                                                                                                                                                              0x0082f2f1
                                                                                                                                                              0x0082f2f6
                                                                                                                                                              0x0082f2f8
                                                                                                                                                              0x0082f2fa
                                                                                                                                                              0x0082f2fc
                                                                                                                                                              0x0082f2fe
                                                                                                                                                              0x0082f304
                                                                                                                                                              0x0082f304
                                                                                                                                                              0x0082f306
                                                                                                                                                              0x0082f30b
                                                                                                                                                              0x0082f30c
                                                                                                                                                              0x0082f311
                                                                                                                                                              0x0082f202
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0082f202
                                                                                                                                                              0x0082f200
                                                                                                                                                              0x0082f1fe
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0082f207
                                                                                                                                                              0x0082f207
                                                                                                                                                              0x0082f209
                                                                                                                                                              0x0082f210
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0082f212
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0082f210
                                                                                                                                                              0x0082f1d5
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 0082F1A7
                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0082F1AF
                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 0082F238
                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 0082F263
                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 0082F2B8
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                              • String ID: csm
                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                              • Opcode ID: 2ab27a809547c9a07dbd5e9a453d8370d720092187cdc84380692982f89912fb
                                                                                                                                                              • Instruction ID: 2e76b94653e6715b0d561a19cba25ef563ee4ed16d681662e8475793e9bc2c93
                                                                                                                                                              • Opcode Fuzzy Hash: 2ab27a809547c9a07dbd5e9a453d8370d720092187cdc84380692982f89912fb
                                                                                                                                                              • Instruction Fuzzy Hash: 3451B334A00228DBCF11DF68D844A9E7BB5FF46324F148075E919DB353C7319A46CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084BE3D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0084BE3D(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0xaf1dd0 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0xacc120 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E00849323(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E00849323(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                                                                                                                                              0x0084be46
                                                                                                                                                              0x0084bef0
                                                                                                                                                              0x0084be4e
                                                                                                                                                              0x0084be50
                                                                                                                                                              0x0084be57
                                                                                                                                                              0x0084be59
                                                                                                                                                              0x0084be5f
                                                                                                                                                              0x0084be6c
                                                                                                                                                              0x0084be81
                                                                                                                                                              0x0084be85
                                                                                                                                                              0x0084bed7
                                                                                                                                                              0x0084bed7
                                                                                                                                                              0x0084bedc
                                                                                                                                                              0x0084bee0
                                                                                                                                                              0x0084bee3
                                                                                                                                                              0x0084bee3
                                                                                                                                                              0x0084bee9
                                                                                                                                                              0x0084beeb
                                                                                                                                                              0x0084bf00
                                                                                                                                                              0x0084befb
                                                                                                                                                              0x0084beff
                                                                                                                                                              0x0084beff
                                                                                                                                                              0x0084beed
                                                                                                                                                              0x0084beed
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084beed
                                                                                                                                                              0x0084be87
                                                                                                                                                              0x0084be90
                                                                                                                                                              0x0084bec7
                                                                                                                                                              0x0084bec7
                                                                                                                                                              0x0084bec9
                                                                                                                                                              0x0084becb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084bed3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084bed3
                                                                                                                                                              0x0084be9a
                                                                                                                                                              0x0084be9f
                                                                                                                                                              0x0084bea4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084beae
                                                                                                                                                              0x0084beb3
                                                                                                                                                              0x0084beb8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084bebd
                                                                                                                                                              0x0084bec3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084bec3
                                                                                                                                                              0x0084be64
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084be6a
                                                                                                                                                              0x0084bef9
                                                                                                                                                              0x00000000

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                              • API String ID: 0-537541572
                                                                                                                                                              • Opcode ID: 4b4cd6f4b8715666c0468f3104972e3d019e7758d63ad2fa585c63991d7ab06a
                                                                                                                                                              • Instruction ID: 0210faf752366fc64f992268c3a5554c41b9d2300d0509d14053bad8072fead6
                                                                                                                                                              • Opcode Fuzzy Hash: 4b4cd6f4b8715666c0468f3104972e3d019e7758d63ad2fa585c63991d7ab06a
                                                                                                                                                              • Instruction Fuzzy Hash: 9421D231A0126DABCB318B659C81BAB3668FF81B74F250610EF46EB291D730ED01C6E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084E51B Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0084E51B(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E0084E87B(_t45, 7);
					E0084E87B(_t45 + 0x1c, 7);
					E0084E87B(_t45 + 0x38, 0xc);
					E0084E87B(_t45 + 0x68, 0xc);
					E0084E87B(_t45 + 0x98, 2);
					E0084ACBE( *((intOrPtr*)(_t45 + 0xa0)));
					E0084ACBE( *((intOrPtr*)(_t45 + 0xa4)));
					E0084ACBE( *((intOrPtr*)(_t45 + 0xa8)));
					E0084E87B(_t45 + 0xb4, 7);
					E0084E87B(_t45 + 0xd0, 7);
					E0084E87B(_t45 + 0xec, 0xc);
					E0084E87B(_t45 + 0x11c, 0xc);
					E0084E87B(_t45 + 0x14c, 2);
					E0084ACBE( *((intOrPtr*)(_t45 + 0x154)));
					E0084ACBE( *((intOrPtr*)(_t45 + 0x158)));
					E0084ACBE( *((intOrPtr*)(_t45 + 0x15c)));
					return E0084ACBE( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                                                                                                                              0x0084e521
                                                                                                                                                              0x0084e526
                                                                                                                                                              0x0084e52f
                                                                                                                                                              0x0084e53a
                                                                                                                                                              0x0084e545
                                                                                                                                                              0x0084e550
                                                                                                                                                              0x0084e55e
                                                                                                                                                              0x0084e569
                                                                                                                                                              0x0084e574
                                                                                                                                                              0x0084e57f
                                                                                                                                                              0x0084e58d
                                                                                                                                                              0x0084e59b
                                                                                                                                                              0x0084e5ac
                                                                                                                                                              0x0084e5ba
                                                                                                                                                              0x0084e5c8
                                                                                                                                                              0x0084e5d3
                                                                                                                                                              0x0084e5de
                                                                                                                                                              0x0084e5e9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084e5f9
                                                                                                                                                              0x0084e5fe

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 0084E87B: _free.LIBCMT ref: 0084E8A0
                                                                                                                                                              • _free.LIBCMT ref: 0084E569
                                                                                                                                                                • Part of subcall function 0084ACBE: HeapFree.KERNEL32(00000000,00000000,?,0084E8A5,?,00000000,?,?,?,0084E534,?,00000007,?,?,0084EE60,?), ref: 0084ACD4
                                                                                                                                                                • Part of subcall function 0084ACBE: GetLastError.KERNEL32(?,?,0084E8A5,?,00000000,?,?,?,0084E534,?,00000007,?,?,0084EE60,?,?), ref: 0084ACE6
                                                                                                                                                              • _free.LIBCMT ref: 0084E574
                                                                                                                                                              • _free.LIBCMT ref: 0084E57F
                                                                                                                                                              • _free.LIBCMT ref: 0084E5D3
                                                                                                                                                              • _free.LIBCMT ref: 0084E5DE
                                                                                                                                                              • _free.LIBCMT ref: 0084E5E9
                                                                                                                                                              • _free.LIBCMT ref: 0084E5F4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                              • Opcode ID: 8497d11f934f7b026e106f7bb840784546a8c598c6ba8db30c247daf93cf8c7b
                                                                                                                                                              • Instruction ID: ffe2d14c6bc461973f21a7a2fb4ae5ff66a202882b0a8c83f1f7bce04c84be6c
                                                                                                                                                              • Opcode Fuzzy Hash: 8497d11f934f7b026e106f7bb840784546a8c598c6ba8db30c247daf93cf8c7b
                                                                                                                                                              • Instruction Fuzzy Hash: DC11007158070CE6D960B7B4CD87FCB779EFF44700F404829B699EA092DA75E5048652
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084B32A Relevance: 9.1, APIs: 6, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E0084B32A(void* __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t12;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0xae9ac0; // 0x6
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E0084BAD3(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E0084AC61(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E0084BAD3(__eflags,  *0xae9ac0, _t51);
							if(__eflags != 0) {
								E0084B5AC(_t51, 0xaf2220);
								E0084ACBE(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E0084BAD3(__eflags,  *0xae9ac0, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E0084BAD3(0,  *0xae9ac0, 0);
							_push(0);
							L9:
							E0084ACBE();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E0084BA94(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0xae9ac0; // 0x6
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E00841B75(_t39, _t43, _t49, _t60);
					asm("int3");
					_t5 =  *0xae9ac0; // 0x6
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E0084BAD3(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E0084AC61(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E0084BAD3(__eflags,  *0xae9ac0, _t60);
								if(__eflags != 0) {
									E0084B5AC(_t60, 0xaf2220);
									E0084ACBE(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E0084BAD3(__eflags,  *0xae9ac0, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E0084BAD3(__eflags,  *0xae9ac0, _t20);
								_push(_t60);
								L25:
								E0084ACBE();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E0084BA94(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0xae9ac0; // 0x6
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E00841B75(_t39, _t43, _t49, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0xae9ac0; // 0x6
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E0084BAD3(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t12 = E0084AC61(1, 0x364); // executed
										_t54 = _t12;
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E0084BAD3(__eflags,  *0xae9ac0, _t54);
											if(__eflags != 0) {
												E0084B5AC(_t54, 0xaf2220);
												E0084ACBE(0);
												goto L45;
											} else {
												_t40 = 0;
												E0084BAD3(__eflags,  *0xae9ac0, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E0084BAD3(0,  *0xae9ac0, 0);
											_push(0);
											L41:
											E0084ACBE();
											goto L36;
										}
									}
								} else {
									_t54 = E0084BA94(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0xae9ac0; // 0x6
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}























                                                                                                                                                              0x0084b32a
                                                                                                                                                              0x0084b32a
                                                                                                                                                              0x0084b335
                                                                                                                                                              0x0084b337
                                                                                                                                                              0x0084b33c
                                                                                                                                                              0x0084b33f
                                                                                                                                                              0x0084b35d
                                                                                                                                                              0x0084b360
                                                                                                                                                              0x0084b365
                                                                                                                                                              0x0084b367
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b369
                                                                                                                                                              0x0084b375
                                                                                                                                                              0x0084b378
                                                                                                                                                              0x0084b379
                                                                                                                                                              0x0084b37b
                                                                                                                                                              0x0084b3a0
                                                                                                                                                              0x0084b3a2
                                                                                                                                                              0x0084b3bb
                                                                                                                                                              0x0084b3c2
                                                                                                                                                              0x0084b3c7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b3a4
                                                                                                                                                              0x0084b3a4
                                                                                                                                                              0x0084b3ad
                                                                                                                                                              0x0084b3b2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b3b2
                                                                                                                                                              0x0084b37d
                                                                                                                                                              0x0084b37d
                                                                                                                                                              0x0084b37d
                                                                                                                                                              0x0084b386
                                                                                                                                                              0x0084b38b
                                                                                                                                                              0x0084b38c
                                                                                                                                                              0x0084b38c
                                                                                                                                                              0x0084b391
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b391
                                                                                                                                                              0x0084b37b
                                                                                                                                                              0x0084b341
                                                                                                                                                              0x0084b347
                                                                                                                                                              0x0084b34b
                                                                                                                                                              0x0084b358
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b34d
                                                                                                                                                              0x0084b350
                                                                                                                                                              0x0084b3ca
                                                                                                                                                              0x0084b3ca
                                                                                                                                                              0x0084b352
                                                                                                                                                              0x0084b352
                                                                                                                                                              0x0084b352
                                                                                                                                                              0x0084b354
                                                                                                                                                              0x0084b354
                                                                                                                                                              0x0084b354
                                                                                                                                                              0x0084b350
                                                                                                                                                              0x0084b34b
                                                                                                                                                              0x0084b3cd
                                                                                                                                                              0x0084b3d5
                                                                                                                                                              0x0084b3d7
                                                                                                                                                              0x0084b3d9
                                                                                                                                                              0x0084b3e1
                                                                                                                                                              0x0084b3e6
                                                                                                                                                              0x0084b3e7
                                                                                                                                                              0x0084b3ec
                                                                                                                                                              0x0084b3ed
                                                                                                                                                              0x0084b3f0
                                                                                                                                                              0x0084b40a
                                                                                                                                                              0x0084b40d
                                                                                                                                                              0x0084b412
                                                                                                                                                              0x0084b414
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b416
                                                                                                                                                              0x0084b422
                                                                                                                                                              0x0084b425
                                                                                                                                                              0x0084b426
                                                                                                                                                              0x0084b428
                                                                                                                                                              0x0084b44b
                                                                                                                                                              0x0084b44d
                                                                                                                                                              0x0084b464
                                                                                                                                                              0x0084b46b
                                                                                                                                                              0x0084b470
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b44f
                                                                                                                                                              0x0084b456
                                                                                                                                                              0x0084b45b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b45b
                                                                                                                                                              0x0084b42a
                                                                                                                                                              0x0084b431
                                                                                                                                                              0x0084b436
                                                                                                                                                              0x0084b437
                                                                                                                                                              0x0084b437
                                                                                                                                                              0x0084b43c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b43c
                                                                                                                                                              0x0084b428
                                                                                                                                                              0x0084b3f2
                                                                                                                                                              0x0084b3f8
                                                                                                                                                              0x0084b3fa
                                                                                                                                                              0x0084b3fc
                                                                                                                                                              0x0084b405
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b3fe
                                                                                                                                                              0x0084b3fe
                                                                                                                                                              0x0084b401
                                                                                                                                                              0x0084b47b
                                                                                                                                                              0x0084b47b
                                                                                                                                                              0x0084b480
                                                                                                                                                              0x0084b483
                                                                                                                                                              0x0084b484
                                                                                                                                                              0x0084b485
                                                                                                                                                              0x0084b48c
                                                                                                                                                              0x0084b48e
                                                                                                                                                              0x0084b493
                                                                                                                                                              0x0084b496
                                                                                                                                                              0x0084b4b4
                                                                                                                                                              0x0084b4b7
                                                                                                                                                              0x0084b4bc
                                                                                                                                                              0x0084b4be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b4c0
                                                                                                                                                              0x0084b4c7
                                                                                                                                                              0x0084b4cc
                                                                                                                                                              0x0084b4d0
                                                                                                                                                              0x0084b4d2
                                                                                                                                                              0x0084b4f7
                                                                                                                                                              0x0084b4f9
                                                                                                                                                              0x0084b512
                                                                                                                                                              0x0084b519
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b4fb
                                                                                                                                                              0x0084b4fb
                                                                                                                                                              0x0084b504
                                                                                                                                                              0x0084b509
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b509
                                                                                                                                                              0x0084b4d4
                                                                                                                                                              0x0084b4d4
                                                                                                                                                              0x0084b4d4
                                                                                                                                                              0x0084b4dd
                                                                                                                                                              0x0084b4e2
                                                                                                                                                              0x0084b4e3
                                                                                                                                                              0x0084b4e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b4e8
                                                                                                                                                              0x0084b4d2
                                                                                                                                                              0x0084b498
                                                                                                                                                              0x0084b49e
                                                                                                                                                              0x0084b4a0
                                                                                                                                                              0x0084b4a2
                                                                                                                                                              0x0084b4af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b4a4
                                                                                                                                                              0x0084b4a4
                                                                                                                                                              0x0084b4a7
                                                                                                                                                              0x0084b521
                                                                                                                                                              0x0084b521
                                                                                                                                                              0x0084b4a9
                                                                                                                                                              0x0084b4a9
                                                                                                                                                              0x0084b4a9
                                                                                                                                                              0x0084b4a9
                                                                                                                                                              0x0084b4ab
                                                                                                                                                              0x0084b4ab
                                                                                                                                                              0x0084b4ab
                                                                                                                                                              0x0084b4a7
                                                                                                                                                              0x0084b4a2
                                                                                                                                                              0x0084b524
                                                                                                                                                              0x0084b52c
                                                                                                                                                              0x0084b52e
                                                                                                                                                              0x0084b52e
                                                                                                                                                              0x0084b535
                                                                                                                                                              0x0084b403
                                                                                                                                                              0x0084b473
                                                                                                                                                              0x0084b473
                                                                                                                                                              0x0084b475
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084b477
                                                                                                                                                              0x0084b47a
                                                                                                                                                              0x0084b47a
                                                                                                                                                              0x0084b475
                                                                                                                                                              0x0084b401
                                                                                                                                                              0x0084b3fc
                                                                                                                                                              0x0084b3db
                                                                                                                                                              0x0084b3e0
                                                                                                                                                              0x0084b3e0

                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,E041A7C9,?,00831E34,E041A7C9,?,?,?,0083F839,?,?,?,558DE045,004041F3,?,003810B8), ref: 0084B32F
                                                                                                                                                              • _free.LIBCMT ref: 0084B38C
                                                                                                                                                              • _free.LIBCMT ref: 0084B3C2
                                                                                                                                                              • SetLastError.KERNEL32(00000000,00000006,000000FF,?,0083F839,?,?,?,558DE045,004041F3,?,003810B8,?,?,?,003CCBF4), ref: 0084B3CD
                                                                                                                                                              • _free.LIBCMT ref: 0084B437
                                                                                                                                                              • _free.LIBCMT ref: 0084B46B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _free$ErrorLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3291180501-0
                                                                                                                                                              • Opcode ID: db6e838163eaf3dc91a69c7545eb9e2a8d7a055f82c5a72e977676649a2e4162
                                                                                                                                                              • Instruction ID: 0b6e412d46890ed6febb988c296ee7bb5388139cf309c4e85f809210855cabc4
                                                                                                                                                              • Opcode Fuzzy Hash: db6e838163eaf3dc91a69c7545eb9e2a8d7a055f82c5a72e977676649a2e4162
                                                                                                                                                              • Instruction Fuzzy Hash: 2031D87254566D6BDA11ABBDACC2A2B219DFF40774B190630F521DF6D2DB11CC02C266
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00507A40 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                              			E00507A40(void* __ebx, void* __edi) {
				intOrPtr _t10;
				void* _t12;
				intOrPtr _t14;
				intOrPtr _t19;
				void* _t28;
				signed int _t29;
				signed int _t32;
				intOrPtr _t33;
				signed int _t36;
				intOrPtr _t37;
				void* _t45;
				void* _t46;
				void* _t47;

				_t45 = __edi;
				_t28 = __ebx;
				_t29 =  *0xaee0a8; // 0x0
				_t10 =  *0xaee1f8; // 0x0
				if(_t10 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t29 * 4)) + 0x18))) {
					E0082CC77(_t10, 0xaee1f8);
					_t47 = _t47 + 4;
					__eflags =  *0xaee1f8 - 0xffffffff;
					if( *0xaee1f8 == 0xffffffff) {
						E003F2A70(0xaee1f0, E00508030);
						E0082CCED(0xaee1f8);
						_t47 = _t47 + 4;
					}
				}
				_t12 = E003F2A00(0xaee1f0);
				if(_t12 == 0xffffffff) {
					_t46 = 0;
				} else {
					_t46 = _t12;
					if(_t12 == 0) {
						_t32 =  *0xaee0a8; // 0x0
						_t14 =  *0xaee1f8; // 0x0
						_t33 =  *((intOrPtr*)( *[fs:0x2c] + _t32 * 4));
						__eflags = _t14 -  *((intOrPtr*)(_t33 + 0x18));
						if(_t14 >  *((intOrPtr*)(_t33 + 0x18))) {
							E0082CC77(_t14, 0xaee1f8);
							_t47 = _t47 + 4;
							__eflags =  *0xaee1f8 - 0xffffffff;
							if( *0xaee1f8 == 0xffffffff) {
								E003F2A70(0xaee1f0, E00508030);
								E0082CCED(0xaee1f8);
								_t47 = _t47 + 4;
							}
						}
						E003F2A30(0xaee1f0, 0xffffffff);
						_push(0x20);
						_t46 = E0082CB74();
						E00507BB0(_t28, _t17, _t45, __eflags);
						_t36 =  *0xaee0a8; // 0x0
						_t19 =  *0xaee1f8; // 0x0
						_t37 =  *((intOrPtr*)( *[fs:0x2c] + _t36 * 4));
						__eflags = _t19 -  *((intOrPtr*)(_t37 + 0x18));
						if(_t19 >  *((intOrPtr*)(_t37 + 0x18))) {
							E0082CC77(_t19, 0xaee1f8);
							__eflags =  *0xaee1f8 - 0xffffffff;
							if( *0xaee1f8 == 0xffffffff) {
								E003F2A70(0xaee1f0, E00508030);
								E0082CCED(0xaee1f8);
							}
						}
						E003F2A30(0xaee1f0, _t46);
					}
				}
				return _t46;
			}
















                                                                                                                                                              0x00507a40
                                                                                                                                                              0x00507a40
                                                                                                                                                              0x00507a44
                                                                                                                                                              0x00507a51
                                                                                                                                                              0x00507a5f
                                                                                                                                                              0x00507af6
                                                                                                                                                              0x00507afb
                                                                                                                                                              0x00507afe
                                                                                                                                                              0x00507b05
                                                                                                                                                              0x00507b15
                                                                                                                                                              0x00507b1f
                                                                                                                                                              0x00507b24
                                                                                                                                                              0x00507b24
                                                                                                                                                              0x00507b05
                                                                                                                                                              0x00507a6a
                                                                                                                                                              0x00507a72
                                                                                                                                                              0x00507ba2
                                                                                                                                                              0x00507a78
                                                                                                                                                              0x00507a78
                                                                                                                                                              0x00507a7c
                                                                                                                                                              0x00507a83
                                                                                                                                                              0x00507a90
                                                                                                                                                              0x00507a95
                                                                                                                                                              0x00507a98
                                                                                                                                                              0x00507a9e
                                                                                                                                                              0x00507b31
                                                                                                                                                              0x00507b36
                                                                                                                                                              0x00507b39
                                                                                                                                                              0x00507b40
                                                                                                                                                              0x00507b50
                                                                                                                                                              0x00507b5a
                                                                                                                                                              0x00507b5f
                                                                                                                                                              0x00507b5f
                                                                                                                                                              0x00507b40
                                                                                                                                                              0x00507aab
                                                                                                                                                              0x00507ab0
                                                                                                                                                              0x00507abc
                                                                                                                                                              0x00507abe
                                                                                                                                                              0x00507ac3
                                                                                                                                                              0x00507ad0
                                                                                                                                                              0x00507ad5
                                                                                                                                                              0x00507ad8
                                                                                                                                                              0x00507ade
                                                                                                                                                              0x00507b6c
                                                                                                                                                              0x00507b74
                                                                                                                                                              0x00507b7b
                                                                                                                                                              0x00507b8b
                                                                                                                                                              0x00507b95
                                                                                                                                                              0x00507b9a
                                                                                                                                                              0x00507b7b
                                                                                                                                                              0x00507aea
                                                                                                                                                              0x00507aea
                                                                                                                                                              0x00507a7c
                                                                                                                                                              0x00507a82

                                                                                                                                                              APIs
                                                                                                                                                              • __Init_thread_header.LIBCMT ref: 00507AF6
                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00507B1F
                                                                                                                                                              • __Init_thread_header.LIBCMT ref: 00507B31
                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00507B5A
                                                                                                                                                              • __Init_thread_header.LIBCMT ref: 00507B6C
                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00507B95
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4092853384-0
                                                                                                                                                              • Opcode ID: 8b77b3c2368867ab6aa3b3e2643ada0a79f38b576616b52331d14ef93891be11
                                                                                                                                                              • Instruction ID: fb35ddd622ea3d83afa5837de6b19746a9d5a7626b8e2dcaa5b00b0df3d7ff48
                                                                                                                                                              • Opcode Fuzzy Hash: 8b77b3c2368867ab6aa3b3e2643ada0a79f38b576616b52331d14ef93891be11
                                                                                                                                                              • Instruction Fuzzy Hash: 0021E130B445A9A7D620E7A8A896E3D3201FFA9760B100774E92A8A3C1DE7179D5C7D2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008493B9 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                              			E008493B9(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t26;
				void* _t27;

				_t13 = __ecx;
				if( *0xae9aa0 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E008596F2(_t13, __eflags,  *0xae9aa0);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E0085972D(_t14, __eflags,  *0xae9aa0, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_t27 = E00404E30(1, 0x28);
								_t18 = _t26;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E0085972D(_t18, __eflags,  *0xae9aa0, 0);
								} else {
									_t8 = E0085972D(_t18, __eflags,  *0xae9aa0, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E00404DC0(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}













                                                                                                                                                              0x008493b9
                                                                                                                                                              0x008493c0
                                                                                                                                                              0x008493d3
                                                                                                                                                              0x008493da
                                                                                                                                                              0x008493dc
                                                                                                                                                              0x008493dd
                                                                                                                                                              0x008493e0
                                                                                                                                                              0x008493f9
                                                                                                                                                              0x008493f9
                                                                                                                                                              0x008493e2
                                                                                                                                                              0x008493e2
                                                                                                                                                              0x008493e4
                                                                                                                                                              0x008493ee
                                                                                                                                                              0x008493f5
                                                                                                                                                              0x008493f7
                                                                                                                                                              0x00849407
                                                                                                                                                              0x0084940a
                                                                                                                                                              0x0084940b
                                                                                                                                                              0x0084940d
                                                                                                                                                              0x00849421
                                                                                                                                                              0x00849421
                                                                                                                                                              0x0084942a
                                                                                                                                                              0x0084940f
                                                                                                                                                              0x00849416
                                                                                                                                                              0x0084941c
                                                                                                                                                              0x0084941d
                                                                                                                                                              0x0084941f
                                                                                                                                                              0x00849433
                                                                                                                                                              0x00849435
                                                                                                                                                              0x00849435
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084941f
                                                                                                                                                              0x00849438
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008493f7
                                                                                                                                                              0x008493e4
                                                                                                                                                              0x00849440
                                                                                                                                                              0x0084944a
                                                                                                                                                              0x008493c2
                                                                                                                                                              0x008493c4
                                                                                                                                                              0x008493c4

                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,00000001,008493B0,0082F2D4,00000011), ref: 008493C7
                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008493D5
                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008493EE
                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 00849440
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                              • Opcode ID: 583d8073f5211163514571b51ec483efa45e5b838e1d9bd23ac819729ff7547e
                                                                                                                                                              • Instruction ID: 0ff919162b6ee3a520aef0a5ed798663897282dea0a123a1a7af85e084f3cd61
                                                                                                                                                              • Opcode Fuzzy Hash: 583d8073f5211163514571b51ec483efa45e5b838e1d9bd23ac819729ff7547e
                                                                                                                                                              • Instruction Fuzzy Hash: 810128722193659FEA342BF8BCC59672684FF063B9760023BF664DA0E0EF520C03D694
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084EF3C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 188COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E0084EF3C(void* __edx, void* __eflags, intOrPtr* _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr _v0;
				intOrPtr* _v8;
				signed int _v12;
				signed int _v36;
				void* __ecx;
				void* __ebp;
				void* _t36;
				short* _t37;
				intOrPtr* _t38;
				signed int _t40;
				intOrPtr* _t41;
				signed short _t42;
				signed short* _t45;
				intOrPtr _t48;
				void* _t50;
				void* _t66;
				void* _t70;
				void* _t71;
				intOrPtr* _t80;
				short* _t82;
				signed int _t85;
				void* _t86;
				intOrPtr* _t88;
				intOrPtr* _t92;
				signed int _t94;
				signed int _t105;
				void* _t106;
				signed int _t108;
				intOrPtr* _t110;
				intOrPtr _t113;
				void* _t114;
				intOrPtr* _t117;
				signed short _t119;
				signed int _t120;
				void* _t124;
				void* _t125;

				_push(_t86);
				_push(_t86);
				_t80 = _a4;
				_t36 = E0084B32A(_t86, __edx);
				_t105 = 0;
				_v12 = 0;
				_t3 = _t36 + 0x50; // 0x50
				_t117 = _t3;
				_t4 = _t117 + 0x250; // 0x2a0
				_t37 = _t4;
				 *((intOrPtr*)(_t117 + 8)) = 0;
				 *_t37 = 0;
				_t6 = _t117 + 4; // 0x54
				_t110 = _t6;
				_v8 = _t37;
				_t88 = _t80;
				_t38 = _t80 + 0x80;
				 *_t117 = _t80;
				 *_t110 = _t38;
				if( *_t38 != 0) {
					_push(_t110);
					_push(0x16);
					_push(0xacd020);
					L40();
					_t88 =  *_t117;
					_t124 = _t124 + 0xc;
					_t105 = 0;
				}
				_push(_t117);
				if( *_t88 == _t105) {
					E0084F63F(_t88);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t110)) == _t105) {
						E0084F520();
					} else {
						E0084F1A4(_t88);
					}
					if( *((intOrPtr*)(_t117 + 8)) == 0) {
						_push(_t117);
						_push(0x40);
						_push(0xaccd10);
						L40();
						_t124 = _t124 + 0xc;
						if(0 != 0) {
							_push(_t117);
							if( *((intOrPtr*)( *_t110)) == 0) {
								E0084F520();
							} else {
								E0084F1A4(0);
							}
							L12:
						}
					}
				}
				if( *((intOrPtr*)(_t117 + 8)) == 0) {
					L37:
					_t40 = 0;
					__eflags = 0;
					goto L38;
				} else {
					_t41 = _t80 + 0x100;
					if( *_t80 != 0 ||  *_t41 != 0) {
						_t42 = E0084F6C6(_t41, _t117);
					} else {
						_t42 = GetACP();
					}
					_t119 = _t42;
					if(_t119 == 0 || _t119 == 0xfde8 || IsValidCodePage(_t119 & 0x0000ffff) == 0) {
						goto L37;
					} else {
						_t45 = _a8;
						if(_t45 != 0) {
							 *_t45 = _t119;
						}
						_t113 = _a12;
						if(_t113 == 0) {
							L36:
							_t40 = 1;
							L38:
							return _t40;
						} else {
							_t92 = _v8;
							_t82 = _t113 + 0x120;
							 *_t82 = 0;
							_t106 = _t92 + 2;
							do {
								_t48 =  *_t92;
								_t92 = _t92 + 2;
							} while (_t48 != _v12);
							_t94 = _t92 - _t106 >> 1;
							_push(_t94 + 1);
							_t50 = E0084EA7E(_t82, 0x55, _v8);
							_t125 = _t124 + 0x10;
							if(_t50 != 0) {
								L39:
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E0083F63C();
								asm("int3");
								_push(_t94);
								_push(_t119);
								_t120 = _v36;
								_push(_t113);
								_t108 = 1;
								_t114 = 0;
								__eflags = _t120;
								if(_t120 >= 0) {
									_push(_t82);
									while(1) {
										__eflags = _t108;
										if(_t108 == 0) {
											break;
										}
										asm("cdq");
										_t85 = _t114 + _t120 - _t108 >> 1;
										_v12 = _t85 * 0xc;
										_t108 = E00844147( *_a8,  *((intOrPtr*)(_t85 * 0xc + _v0)));
										__eflags = _t108;
										if(__eflags != 0) {
											if(__eflags >= 0) {
												_t33 = _t85 + 1; // 0x1
												_t114 = _t33;
											} else {
												_t32 = _t85 - 1; // -1
												_t120 = _t32;
											}
										} else {
											 *_a8 = _v12 + _v0 + 4;
										}
										__eflags = _t114 - _t120;
										if(_t114 <= _t120) {
											continue;
										}
										break;
									}
								}
								__eflags = _t108;
								_t35 = _t108 == 0;
								__eflags = _t35;
								return 0 | _t35;
							} else {
								if(E0084BB6C(_t82, 0x1001, _t113, 0x40) == 0) {
									goto L37;
								} else {
									_t82 = _t113 + 0x80;
									if(E0084BB6C(_t113 + 0x120, 0x1002, _t82, 0x40) == 0) {
										goto L37;
									} else {
										_push(0x5f);
										_t66 = E00831493(_t94);
										_t94 = _t82;
										if(_t66 != 0) {
											L31:
											if(E0084BB6C(_t113 + 0x120, 7, _t82, 0x40) == 0) {
												goto L37;
											} else {
												goto L32;
											}
										} else {
											_push(0x2e);
											_t71 = E00831493(_t94);
											_t94 = _t82;
											if(_t71 == 0) {
												L32:
												_t113 = _t113 + 0x100;
												if(_t119 != 0xfde9) {
													E0083F947(_t94, _t119, _t113, 0x10, 0xa);
													goto L36;
												} else {
													_push(5);
													_t70 = E0084EA7E(_t113, 0x10, L"utf8");
													_t125 = _t125 + 0x10;
													if(_t70 != 0) {
														goto L39;
													} else {
														goto L36;
													}
												}
											} else {
												goto L31;
											}
										}
									}
								}
							}
						}
					}
				}
			}







































                                                                                                                                                              0x0084ef41
                                                                                                                                                              0x0084ef42
                                                                                                                                                              0x0084ef44
                                                                                                                                                              0x0084ef49
                                                                                                                                                              0x0084ef50
                                                                                                                                                              0x0084ef52
                                                                                                                                                              0x0084ef55
                                                                                                                                                              0x0084ef55
                                                                                                                                                              0x0084ef58
                                                                                                                                                              0x0084ef58
                                                                                                                                                              0x0084ef5e
                                                                                                                                                              0x0084ef61
                                                                                                                                                              0x0084ef64
                                                                                                                                                              0x0084ef64
                                                                                                                                                              0x0084ef67
                                                                                                                                                              0x0084ef6a
                                                                                                                                                              0x0084ef6c
                                                                                                                                                              0x0084ef72
                                                                                                                                                              0x0084ef74
                                                                                                                                                              0x0084ef79
                                                                                                                                                              0x0084ef7b
                                                                                                                                                              0x0084ef7c
                                                                                                                                                              0x0084ef7e
                                                                                                                                                              0x0084ef83
                                                                                                                                                              0x0084ef88
                                                                                                                                                              0x0084ef8a
                                                                                                                                                              0x0084ef8d
                                                                                                                                                              0x0084ef8d
                                                                                                                                                              0x0084ef8f
                                                                                                                                                              0x0084ef93
                                                                                                                                                              0x0084efdc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084ef95
                                                                                                                                                              0x0084ef9a
                                                                                                                                                              0x0084efa3
                                                                                                                                                              0x0084ef9c
                                                                                                                                                              0x0084ef9c
                                                                                                                                                              0x0084ef9c
                                                                                                                                                              0x0084efae
                                                                                                                                                              0x0084efb0
                                                                                                                                                              0x0084efb1
                                                                                                                                                              0x0084efb3
                                                                                                                                                              0x0084efb8
                                                                                                                                                              0x0084efbd
                                                                                                                                                              0x0084efc2
                                                                                                                                                              0x0084efc8
                                                                                                                                                              0x0084efcc
                                                                                                                                                              0x0084efd5
                                                                                                                                                              0x0084efce
                                                                                                                                                              0x0084efce
                                                                                                                                                              0x0084efce
                                                                                                                                                              0x0084efe1
                                                                                                                                                              0x0084efe1
                                                                                                                                                              0x0084efc2
                                                                                                                                                              0x0084efae
                                                                                                                                                              0x0084efe7
                                                                                                                                                              0x0084f123
                                                                                                                                                              0x0084f123
                                                                                                                                                              0x0084f123
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084efed
                                                                                                                                                              0x0084efed
                                                                                                                                                              0x0084eff6
                                                                                                                                                              0x0084f007
                                                                                                                                                              0x0084effd
                                                                                                                                                              0x0084effd
                                                                                                                                                              0x0084effd
                                                                                                                                                              0x0084f00e
                                                                                                                                                              0x0084f012
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f036
                                                                                                                                                              0x0084f036
                                                                                                                                                              0x0084f03b
                                                                                                                                                              0x0084f03d
                                                                                                                                                              0x0084f03d
                                                                                                                                                              0x0084f03f
                                                                                                                                                              0x0084f044
                                                                                                                                                              0x0084f11e
                                                                                                                                                              0x0084f120
                                                                                                                                                              0x0084f125
                                                                                                                                                              0x0084f129
                                                                                                                                                              0x0084f04a
                                                                                                                                                              0x0084f04a
                                                                                                                                                              0x0084f04d
                                                                                                                                                              0x0084f055
                                                                                                                                                              0x0084f058
                                                                                                                                                              0x0084f05b
                                                                                                                                                              0x0084f05b
                                                                                                                                                              0x0084f05e
                                                                                                                                                              0x0084f061
                                                                                                                                                              0x0084f069
                                                                                                                                                              0x0084f06e
                                                                                                                                                              0x0084f075
                                                                                                                                                              0x0084f07a
                                                                                                                                                              0x0084f07f
                                                                                                                                                              0x0084f12a
                                                                                                                                                              0x0084f12c
                                                                                                                                                              0x0084f12d
                                                                                                                                                              0x0084f12e
                                                                                                                                                              0x0084f12f
                                                                                                                                                              0x0084f130
                                                                                                                                                              0x0084f131
                                                                                                                                                              0x0084f136
                                                                                                                                                              0x0084f13c
                                                                                                                                                              0x0084f13d
                                                                                                                                                              0x0084f13e
                                                                                                                                                              0x0084f143
                                                                                                                                                              0x0084f144
                                                                                                                                                              0x0084f145
                                                                                                                                                              0x0084f147
                                                                                                                                                              0x0084f149
                                                                                                                                                              0x0084f14b
                                                                                                                                                              0x0084f14c
                                                                                                                                                              0x0084f14c
                                                                                                                                                              0x0084f14e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f153
                                                                                                                                                              0x0084f15b
                                                                                                                                                              0x0084f160
                                                                                                                                                              0x0084f170
                                                                                                                                                              0x0084f174
                                                                                                                                                              0x0084f176
                                                                                                                                                              0x0084f18a
                                                                                                                                                              0x0084f191
                                                                                                                                                              0x0084f191
                                                                                                                                                              0x0084f18c
                                                                                                                                                              0x0084f18c
                                                                                                                                                              0x0084f18c
                                                                                                                                                              0x0084f18c
                                                                                                                                                              0x0084f178
                                                                                                                                                              0x0084f186
                                                                                                                                                              0x0084f186
                                                                                                                                                              0x0084f194
                                                                                                                                                              0x0084f196
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f196
                                                                                                                                                              0x0084f198
                                                                                                                                                              0x0084f19b
                                                                                                                                                              0x0084f19e
                                                                                                                                                              0x0084f19e
                                                                                                                                                              0x0084f1a3
                                                                                                                                                              0x0084f085
                                                                                                                                                              0x0084f095
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f09b
                                                                                                                                                              0x0084f09d
                                                                                                                                                              0x0084f0b7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f0b9
                                                                                                                                                              0x0084f0b9
                                                                                                                                                              0x0084f0bc
                                                                                                                                                              0x0084f0c2
                                                                                                                                                              0x0084f0c5
                                                                                                                                                              0x0084f0d5
                                                                                                                                                              0x0084f0e8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f0c7
                                                                                                                                                              0x0084f0c7
                                                                                                                                                              0x0084f0ca
                                                                                                                                                              0x0084f0d0
                                                                                                                                                              0x0084f0d3
                                                                                                                                                              0x0084f0ea
                                                                                                                                                              0x0084f0ea
                                                                                                                                                              0x0084f0f6
                                                                                                                                                              0x0084f116
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f0f8
                                                                                                                                                              0x0084f0f8
                                                                                                                                                              0x0084f102
                                                                                                                                                              0x0084f107
                                                                                                                                                              0x0084f10c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f10e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f10e
                                                                                                                                                              0x0084f10c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084f0d3
                                                                                                                                                              0x0084f0c5
                                                                                                                                                              0x0084f0b7
                                                                                                                                                              0x0084f095
                                                                                                                                                              0x0084f07f
                                                                                                                                                              0x0084f044
                                                                                                                                                              0x0084f012

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 0084B32A: GetLastError.KERNEL32(?,E041A7C9,?,00831E34,E041A7C9,?,?,?,0083F839,?,?,?,558DE045,004041F3,?,003810B8), ref: 0084B32F
                                                                                                                                                                • Part of subcall function 0084B32A: SetLastError.KERNEL32(00000000,00000006,000000FF,?,0083F839,?,?,?,558DE045,004041F3,?,003810B8,?,?,?,003CCBF4), ref: 0084B3CD
                                                                                                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,0083BA28,?,?,?,?,?,-00000050,?,?,?), ref: 0084EFFD
                                                                                                                                                              • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0083BA28,?,?,?,?,?,-00000050,?,?), ref: 0084F028
                                                                                                                                                              • _wcschr.LIBVCRUNTIME ref: 0084F0BC
                                                                                                                                                              • _wcschr.LIBVCRUNTIME ref: 0084F0CA
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast_wcschr$CodePageValid
                                                                                                                                                              • String ID: utf8
                                                                                                                                                              • API String ID: 650444998-905460609
                                                                                                                                                              • Opcode ID: 6cb2da13aebd78870602bba5964ab87145ab4b3a60149e02dc1a6e7f73724de7
                                                                                                                                                              • Instruction ID: 7a7cd13910c524c759d6b6d8cb243f808e5671f29a2d53b1cae8ece4a0592e96
                                                                                                                                                              • Opcode Fuzzy Hash: 6cb2da13aebd78870602bba5964ab87145ab4b3a60149e02dc1a6e7f73724de7
                                                                                                                                                              • Instruction Fuzzy Hash: 4351C83160070DAAEB26AB75CC46F6673A8FF48740F15447DF605EB183FB70E9418662
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004069F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                              			E004069F0(char _a4) {
				void* _v16;
				signed int _v24;
				signed int _v28;
				union _LARGE_INTEGER _v32;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v84;
				void* __edi;
				void* __esi;
				signed int _t43;
				intOrPtr* _t45;
				intOrPtr _t52;
				signed int _t53;
				signed int _t58;
				intOrPtr _t63;
				signed int _t66;
				intOrPtr _t71;
				signed int _t79;
				signed int _t85;
				intOrPtr* _t86;
				signed int _t87;
				signed int _t88;
				signed int* _t90;

				_t90 = (_t88 & 0xfffffff8) - 0x28;
				_t43 =  *0xae93a0; // 0xe041a7c9
				_t1 =  &_a4; // 0x404027
				_t86 =  *_t1;
				_v24 = _t43 ^ _t87;
				_t45 =  *0xae82c0; // 0x4073a0
				if(_t45 != E004073A0) {
					 *_t45(_t86);
				} else {
					_v28 = 0;
					_v32.LowPart = 0;
					QueryPerformanceCounter( &_v32);
					_t85 = _v32.LowPart;
					_t66 = _v28;
					asm("sbb ecx, ebx");
					if(0x7bd05af6 < _t85) {
						_t52 =  *0xaec6a8; // 0x20b4a9
						_t71 =  *0xaec6ac; // 0x0
						_v48 = _t52;
						_v44 = _t71;
						_t53 = E0082CEE0(_t85, _t66, _t52, _t71);
						_v56 = _t79;
						_v68 = _t53;
						_v52 = _t53 * _v64;
						 *_t90 = _v56 * 0xf4240;
						_t85 = _t85 - _v52;
						asm("sbb ebx, eax");
						_t58 = _v68;
						_v68 = _t58 * 0xf4240;
						 *_t90 = (_t58 * 0xf4240 >> 0x20) +  *_t90;
						_t79 = (_t85 * 0xf4240 >> 0x20) + _t66 * 0xf4240;
						_t63 = E0082CEE0(_t85 * 0xf4240, _t79, _v64, _v60) + _v84;
						asm("adc edx, [esp]");
					} else {
						_t79 = _t85 * 0xf4240 >> 0x20;
						_t63 = E0082CEE0(_t85 * 0xf4240, _t66 * 0xf4240 + _t79,  *0xaec6a8,  *0xaec6ac);
					}
					 *_t86 = _t63;
					 *(_t86 + 4) = _t79;
				}
				L0082CC31(_v24 ^ _t87, _t79, _t85, _t86);
				return _t86;
			}































                                                                                                                                                              0x004069f9
                                                                                                                                                              0x004069fc
                                                                                                                                                              0x00406a01
                                                                                                                                                              0x00406a01
                                                                                                                                                              0x00406a06
                                                                                                                                                              0x00406a0a
                                                                                                                                                              0x00406a14
                                                                                                                                                              0x00406a88
                                                                                                                                                              0x00406a16
                                                                                                                                                              0x00406a1a
                                                                                                                                                              0x00406a22
                                                                                                                                                              0x00406a2b
                                                                                                                                                              0x00406a31
                                                                                                                                                              0x00406a35
                                                                                                                                                              0x00406a45
                                                                                                                                                              0x00406a47
                                                                                                                                                              0x00406a8f
                                                                                                                                                              0x00406a94
                                                                                                                                                              0x00406a9a
                                                                                                                                                              0x00406a9e
                                                                                                                                                              0x00406aa6
                                                                                                                                                              0x00406aad
                                                                                                                                                              0x00406ab1
                                                                                                                                                              0x00406abe
                                                                                                                                                              0x00406ad3
                                                                                                                                                              0x00406add
                                                                                                                                                              0x00406ae1
                                                                                                                                                              0x00406ae3
                                                                                                                                                              0x00406af2
                                                                                                                                                              0x00406af8
                                                                                                                                                              0x00406afd
                                                                                                                                                              0x00406b0e
                                                                                                                                                              0x00406b12
                                                                                                                                                              0x00406a49
                                                                                                                                                              0x00406a50
                                                                                                                                                              0x00406a68
                                                                                                                                                              0x00406a68
                                                                                                                                                              0x00406a6d
                                                                                                                                                              0x00406a6f
                                                                                                                                                              0x00406a6f
                                                                                                                                                              0x00406a78
                                                                                                                                                              0x00406a86

                                                                                                                                                              APIs
                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 00406A2B
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406A68
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406AA6
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406B09
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
                                                                                                                                                              • String ID: '@@
                                                                                                                                                              • API String ID: 374826692-1155958754
                                                                                                                                                              • Opcode ID: e2b68c1fa9039cac407b1a9828737b5082339694c5bcfa2748df3130830c019d
                                                                                                                                                              • Instruction ID: ac37eef619dc196b4e01dc5147f5d4ef846fbf80cf8e56c39cbb6847d882bfe0
                                                                                                                                                              • Opcode Fuzzy Hash: e2b68c1fa9039cac407b1a9828737b5082339694c5bcfa2748df3130830c019d
                                                                                                                                                              • Instruction Fuzzy Hash: C6318FB0604300AFC708EF58D98592FBBE9EBC8350F00883EF989D73A1D73499459B52
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008597B2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E008597B2(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0xaf225c + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0xace840 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E00849323(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}













                                                                                                                                                              0x008597b9
                                                                                                                                                              0x0085982d
                                                                                                                                                              0x008597be
                                                                                                                                                              0x008597c0
                                                                                                                                                              0x008597c7
                                                                                                                                                              0x008597cb
                                                                                                                                                              0x008597d4
                                                                                                                                                              0x008597e3
                                                                                                                                                              0x008597ec
                                                                                                                                                              0x008597f0
                                                                                                                                                              0x00859839
                                                                                                                                                              0x0085983b
                                                                                                                                                              0x0085983f
                                                                                                                                                              0x00859842
                                                                                                                                                              0x00859842
                                                                                                                                                              0x00859848
                                                                                                                                                              0x00859848
                                                                                                                                                              0x00859834
                                                                                                                                                              0x00859838
                                                                                                                                                              0x00859838
                                                                                                                                                              0x008597f2
                                                                                                                                                              0x008597fb
                                                                                                                                                              0x00859825
                                                                                                                                                              0x00859828
                                                                                                                                                              0x0085982a
                                                                                                                                                              0x0085982a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0085982a
                                                                                                                                                              0x008597fd
                                                                                                                                                              0x00859808
                                                                                                                                                              0x0085980d
                                                                                                                                                              0x00859812
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00859819
                                                                                                                                                              0x0085981f
                                                                                                                                                              0x00859823
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00859823
                                                                                                                                                              0x008597d0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008597d2
                                                                                                                                                              0x00859832
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00859873,?,?,?,00000000,?,0085970C,00000002,FlsGetValue,00ACE85C,00ACE864,00000000), ref: 00859842
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                              • API String ID: 3664257935-2084034818
                                                                                                                                                              • Opcode ID: a70236297b7d266f5256325192fd75092c4fd94da76a75e04593b1268a19f1a7
                                                                                                                                                              • Instruction ID: 353f8e44eb374c47f2082cc19fa84298bcfeaa8df4aca1e0ebaa61d2bda29c08
                                                                                                                                                              • Opcode Fuzzy Hash: a70236297b7d266f5256325192fd75092c4fd94da76a75e04593b1268a19f1a7
                                                                                                                                                              • Instruction Fuzzy Hash: 6811CA31A41225E7DF228FA89C44B5937A8FF06772F150131ED94EB2C0E660ED05C7D5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0083ADD3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 25%
                                                                                                                                                              			E0083ADD3(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0xaf3000(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                                                                                                                                              0x0083add9
                                                                                                                                                              0x0083addd
                                                                                                                                                              0x0083ade8
                                                                                                                                                              0x0083adf0
                                                                                                                                                              0x0083adfb
                                                                                                                                                              0x0083ae01
                                                                                                                                                              0x0083ae05
                                                                                                                                                              0x0083ae0c
                                                                                                                                                              0x0083ae12
                                                                                                                                                              0x0083ae12
                                                                                                                                                              0x0083ae14
                                                                                                                                                              0x0083ae19
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0083ae1e
                                                                                                                                                              0x0083ae25

                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0083AE5D,00841BB8,?,0083AEDE,0083F839,?,00841BB8), ref: 0083ADE8
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0083ADFB
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,0083AE5D,00841BB8,?,0083AEDE,0083F839,?,00841BB8), ref: 0083AE1E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                              • Opcode ID: 2af16f2f5e4926d0b86c0fc694ea2f207584c4a4736e09668ad12189bc219653
                                                                                                                                                              • Instruction ID: 1ab6b6c1b40921584fcc8bf12456edf9855b92fecac61e1767e83fa02ef75872
                                                                                                                                                              • Opcode Fuzzy Hash: 2af16f2f5e4926d0b86c0fc694ea2f207584c4a4736e09668ad12189bc219653
                                                                                                                                                              • Instruction Fuzzy Hash: 37F08C31640219FBDB15DB90DC0AF9EBAA8FB40756F050164B405E61A0CB758E01EBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0084E42E Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0084E42E(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0xae9a40; // 0xae9a94
					if(_t23 != 0) {
						E0084ACBE(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0xae9a44; // 0xaf1c98
					if(_t24 != 0) {
						E0084ACBE(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0xae9a48; // 0xaf1c98
					if(_t25 != 0) {
						E0084ACBE(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0xae9a70; // 0xae9a98
					if(_t26 != 0) {
						E0084ACBE(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0xae9a74; // 0xaf1c9c
					if(_t27 != 0) {
						return E0084ACBE(_t6);
					}
				}
				return _t6;
			}










                                                                                                                                                              0x0084e434
                                                                                                                                                              0x0084e439
                                                                                                                                                              0x0084e43d
                                                                                                                                                              0x0084e443
                                                                                                                                                              0x0084e446
                                                                                                                                                              0x0084e44b
                                                                                                                                                              0x0084e44f
                                                                                                                                                              0x0084e455
                                                                                                                                                              0x0084e458
                                                                                                                                                              0x0084e45d
                                                                                                                                                              0x0084e461
                                                                                                                                                              0x0084e467
                                                                                                                                                              0x0084e46a
                                                                                                                                                              0x0084e46f
                                                                                                                                                              0x0084e473
                                                                                                                                                              0x0084e479
                                                                                                                                                              0x0084e47c
                                                                                                                                                              0x0084e481
                                                                                                                                                              0x0084e482
                                                                                                                                                              0x0084e485
                                                                                                                                                              0x0084e48b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0084e493
                                                                                                                                                              0x0084e48b
                                                                                                                                                              0x0084e496

                                                                                                                                                              APIs
                                                                                                                                                              • _free.LIBCMT ref: 0084E446
                                                                                                                                                                • Part of subcall function 0084ACBE: HeapFree.KERNEL32(00000000,00000000,?,0084E8A5,?,00000000,?,?,?,0084E534,?,00000007,?,?,0084EE60,?), ref: 0084ACD4
                                                                                                                                                                • Part of subcall function 0084ACBE: GetLastError.KERNEL32(?,?,0084E8A5,?,00000000,?,?,?,0084E534,?,00000007,?,?,0084EE60,?,?), ref: 0084ACE6
                                                                                                                                                              • _free.LIBCMT ref: 0084E458
                                                                                                                                                              • _free.LIBCMT ref: 0084E46A
                                                                                                                                                              • _free.LIBCMT ref: 0084E47C
                                                                                                                                                              • _free.LIBCMT ref: 0084E48E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                              • Opcode ID: 3387b333ff038a80e47ede18e1534908e5b5b829f3c2e69261c3561abbb49c7a
                                                                                                                                                              • Instruction ID: ed09db4154c29c1aec0f11cef30e78ee450f4a14fcaeee5fa4d700b82c5c65b3
                                                                                                                                                              • Opcode Fuzzy Hash: 3387b333ff038a80e47ede18e1534908e5b5b829f3c2e69261c3561abbb49c7a
                                                                                                                                                              • Instruction Fuzzy Hash: CAF04F32540658A78668EBA8F6C2C5677D9FF007507644809F419DFA01C631FD82875A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004073A0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                                              			E004073A0(intOrPtr* _a4) {
				void* _v16;
				signed int _v24;
				signed int _v28;
				union _LARGE_INTEGER _v32;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v84;
				void* __edi;
				void* __esi;
				signed int _t43;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				intOrPtr _t59;
				signed int _t64;
				intOrPtr _t67;
				signed int _t77;
				signed int _t83;
				signed int _t84;
				intOrPtr* _t85;
				signed int _t86;
				signed int _t87;
				signed int* _t89;

				_t89 = (_t87 & 0xfffffff8) - 0x28;
				_t43 =  *0xae93a0; // 0xe041a7c9
				_t85 = _a4;
				_v24 = _t43 ^ _t86;
				_v28 = 0;
				_v32.LowPart = 0;
				QueryPerformanceCounter( &_v32);
				_t84 = _v32.LowPart;
				_t64 = _v28;
				asm("sbb ecx, ebx");
				if(0x7bd05af6 < _t84) {
					_t48 =  *0xaec6a8; // 0x20b4a9
					_t67 =  *0xaec6ac; // 0x0
					_v48 = _t48;
					_v44 = _t67;
					_t49 = E0082CEE0(_t84, _t64, _t48, _t67);
					_v56 = _t77;
					_v68 = _t49;
					_v52 = _t49 * _v64;
					 *_t89 = _v56 * 0xf4240;
					_t84 = _t84 - _v52;
					asm("sbb ebx, eax");
					_t54 = _v68;
					_v68 = _t54 * 0xf4240;
					 *_t89 = (_t54 * 0xf4240 >> 0x20) +  *_t89;
					_t83 = (_t84 * 0xf4240 >> 0x20) + _t64 * 0xf4240;
					_t59 = E0082CEE0(_t84 * 0xf4240, _t83, _v64, _v60) + _v84;
					asm("adc edx, [esp]");
				} else {
					_t83 = _t84 * 0xf4240 >> 0x20;
					_t59 = E0082CEE0(_t84 * 0xf4240, _t64 * 0xf4240 + _t83,  *0xaec6a8,  *0xaec6ac);
				}
				 *_t85 = _t59;
				 *(_t85 + 4) = _t83;
				L0082CC31(_v24 ^ _t86, _t83, _t84, _t85);
				return _t85;
			}































                                                                                                                                                              0x004073a9
                                                                                                                                                              0x004073ac
                                                                                                                                                              0x004073b1
                                                                                                                                                              0x004073b6
                                                                                                                                                              0x004073be
                                                                                                                                                              0x004073c6
                                                                                                                                                              0x004073cf
                                                                                                                                                              0x004073d5
                                                                                                                                                              0x004073d9
                                                                                                                                                              0x004073e9
                                                                                                                                                              0x004073eb
                                                                                                                                                              0x0040742b
                                                                                                                                                              0x00407430
                                                                                                                                                              0x00407436
                                                                                                                                                              0x0040743a
                                                                                                                                                              0x00407442
                                                                                                                                                              0x00407449
                                                                                                                                                              0x0040744d
                                                                                                                                                              0x0040745a
                                                                                                                                                              0x0040746f
                                                                                                                                                              0x00407479
                                                                                                                                                              0x0040747d
                                                                                                                                                              0x0040747f
                                                                                                                                                              0x0040748e
                                                                                                                                                              0x00407494
                                                                                                                                                              0x00407499
                                                                                                                                                              0x004074aa
                                                                                                                                                              0x004074ae
                                                                                                                                                              0x004073ed
                                                                                                                                                              0x004073f4
                                                                                                                                                              0x0040740c
                                                                                                                                                              0x0040740c
                                                                                                                                                              0x00407411
                                                                                                                                                              0x00407413
                                                                                                                                                              0x0040741c
                                                                                                                                                              0x0040742a

                                                                                                                                                              APIs
                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 004073CF
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0040740C
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00407442
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004074A5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 374826692-0
                                                                                                                                                              • Opcode ID: 7b3fde0d1cd87d9107f60ffcd3f60a762df3ba88e0ef2abcc878e545a57be24c
                                                                                                                                                              • Instruction ID: 1eb08fa483cfcffa750ceb48aa13b834320dbe897f4bd79c625b925b8ac35ceb
                                                                                                                                                              • Opcode Fuzzy Hash: 7b3fde0d1cd87d9107f60ffcd3f60a762df3ba88e0ef2abcc878e545a57be24c
                                                                                                                                                              • Instruction Fuzzy Hash: 06314DB5608305AFC708DF58E98592FFBE9EBC8750F00892EB985C7361D734A8459B52
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 003F2700 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 42%
                                                                                                                                                              			E003F2700(void* __ebx, signed int* __ecx, signed int* _a4) {
				signed int _v24;
				signed int _v40;
				char _v2069;
				char _v2072;
				long _v2076;
				long _v2092;
				void* __edi;
				void* __esi;
				long _t53;
				intOrPtr _t54;
				signed int _t57;
				signed char _t58;
				signed int _t59;
				signed int _t60;
				long _t62;
				void* _t63;
				void* _t64;
				intOrPtr _t65;
				signed int _t73;
				intOrPtr _t74;
				signed int _t84;
				signed int _t93;
				intOrPtr _t95;
				signed int _t100;
				signed int _t105;
				signed int* _t108;
				signed int _t109;
				signed int _t118;
				intOrPtr _t121;
				intOrPtr _t122;
				signed int* _t130;
				signed int* _t131;
				signed int _t133;
				signed int _t137;
				signed int _t139;
				void* _t140;
				void* _t141;

				_t53 =  *0xae82a0; // 0x22
				_t130 = __ecx;
				if(_t53 == 0xffffffff || (TlsGetValue(_t53) & 0x00000003) == 0) {
					L16();
				}
				_t105 =  *0xaee0a8; // 0x0
				_t117 =  *[fs:0x2c];
				_t54 =  *0xaec5e0; // 0x8000000a
				if(_t54 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t105 * 4)) + 0x18))) {
					E0082CC77(_t54, 0xaec5e0);
					_t139 = _t139 + 4;
					if( *0xaec5e0 == 0xffffffff) {
						_push(4);
						_t95 = E0082CB74();
						E00397A30(_t95);
						 *0xaec5dc = _t95;
						E0082CCED(0xaec5e0);
						_t139 = _t139 + 8;
					}
				}
				_t121 =  *0xaec5dc; // 0x52fe1b8
				L00403A10(_t121, _t117);
				_t57 =  *0xaeb9d8; // 0x17
				_t108 = 0x100;
				_t58 = _t57 + 1;
				while(1) {
					_t118 = _t58 & 0x000000ff;
					_t100 = _t118 + _t118 * 2;
					if( *((intOrPtr*)(0xaeb9dc + _t100 * 4)) == 0) {
						_t108 = _a4;
						 *0xaeb9d8 = _t118;
						 *((intOrPtr*)(0xaeb9dc + _t100 * 4)) = 1;
						_t93 = _t118 * 4;
						 *(_t93 + 0xaeb9e0 + _t93 * 2) = _t108;
						 *_t130 = _t118;
						_t18 = _t93 * 2; // 0x0
						_t130[1] =  *(_t93 + _t18 + 0xaeb9e4);
						break;
					}
					_t58 = _t58 + 1;
					_t108 = _t108 - 1;
					if(_t108 != 0) {
						continue;
					} else {
					}
					break;
				}
				__imp__ReleaseSRWLockExclusive(_t121);
				_t59 =  *_t130;
				if(_t59 == 0xffffffff) {
					asm("int3");
					asm("ud2");
					goto L15;
				} else {
					if(_t59 >= 0x100) {
						L15:
						asm("int3");
						asm("ud2");
						asm("int3");
						asm("int3");
						asm("int3");
						_t137 = _t139;
						_push(_t100);
						_push(_t121);
						_push(_t130);
						_t140 = _t139 - 0x808;
						_t60 =  *0xae93a0; // 0xe041a7c9
						_v40 = _t60 ^ _t137;
						_t62 =  *0xae82a0; // 0x22
						_v2092 = _t62;
						if(_t62 == 0xffffffff) {
							_t130 =  &_v2076;
							_t63 = E00501500(_t130);
							_t140 = _t140 + 4;
							if(_t63 == 0) {
								goto L24;
							} else {
								_t108 = _v2076;
								if(_t108 == 0xffffffff) {
									goto L25;
								} else {
									goto L21;
								}
							}
						} else {
							L17:
							if((TlsGetValue(_t62) & 0x00000003) != 0) {
								asm("int3");
								asm("ud2");
								L24:
								asm("int3");
								asm("ud2");
								L25:
								_t64 = E00501500(_t130);
								_t141 = _t140 + 4;
								if(_t64 == 0 || _v2076 == 0xffffffff) {
									asm("int3");
									asm("ud2");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									_push(_t137);
									_push(_t121);
									_push(_t130);
									_t131 = _t108;
									_t109 =  *0xaee0a8; // 0x0
									_t119 =  *[fs:0x2c];
									_t65 =  *0xaec5e0; // 0x8000000a
									if(_t65 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t109 * 4)) + 0x18))) {
										E0082CC77(_t65, 0xaec5e0);
										if( *0xaec5e0 == 0xffffffff) {
											_push(4);
											_t74 = E0082CB74();
											E00397A30(_t74);
											 *0xaec5dc = _t74;
											E0082CCED(0xaec5e0);
										}
									}
									_t122 =  *0xaec5dc; // 0x52fe1b8
									L00403A10(_t122, _t119);
									 *((intOrPtr*)(0xaeb9dc + ( *_t131 +  *_t131 * 2) * 4)) = 0;
									 *((intOrPtr*)(0xaeb9e0 + ( *_t131 +  *_t131 * 2) * 4)) = 0;
									_t73 =  *_t131 +  *_t131 * 2;
									 *((intOrPtr*)(0xaeb9e4 + _t73 * 4)) =  *((intOrPtr*)(0xaeb9e4 + _t73 * 4)) + 1;
									__imp__ReleaseSRWLockExclusive(_t122);
									 *_t131 = 0xffffffff;
									return _t73;
								} else {
									E00501520(0xffffffff);
									_t140 = _t141 + 4;
									_t108 = _v2076;
									L21:
									asm("lock cmpxchg [0xae82a0], ecx");
									_t62 = _v2076;
									if(0xffffffffffffffff != 0) {
										E00501520(_t62);
										_t140 = _t140 + 4;
										_t62 =  *0xae82a0; // 0x22
										_v2076 = _t62;
									}
									goto L17;
								}
							} else {
								E00830E60(0x800,  &_v2072, 0, 0x800);
								E00501530(_v2076,  &_v2069);
								_push(0x800); // executed
								_t84 = E0082CC23(); // executed
								_t133 = _t84;
								E00830360(_t84,  &_v2072, 0x800);
								E00501530(_v2076, _t133 | 0x00000003);
								L0082CC31(_v24 ^ _t137, _t118, 0x800, _t133);
								return _t133;
							}
						}
					} else {
						return _t59;
					}
				}
			}








































                                                                                                                                                              0x003f2706
                                                                                                                                                              0x003f270b
                                                                                                                                                              0x003f2710
                                                                                                                                                              0x003f27be
                                                                                                                                                              0x003f27be
                                                                                                                                                              0x003f2725
                                                                                                                                                              0x003f272b
                                                                                                                                                              0x003f2732
                                                                                                                                                              0x003f2740
                                                                                                                                                              0x003f27cd
                                                                                                                                                              0x003f27d2
                                                                                                                                                              0x003f27dc
                                                                                                                                                              0x003f27e2
                                                                                                                                                              0x003f27e4
                                                                                                                                                              0x003f27f0
                                                                                                                                                              0x003f27f5
                                                                                                                                                              0x003f2800
                                                                                                                                                              0x003f2805
                                                                                                                                                              0x003f2805
                                                                                                                                                              0x003f27dc
                                                                                                                                                              0x003f2746
                                                                                                                                                              0x003f274e
                                                                                                                                                              0x003f2753
                                                                                                                                                              0x003f2758
                                                                                                                                                              0x003f275d
                                                                                                                                                              0x003f275e
                                                                                                                                                              0x003f275e
                                                                                                                                                              0x003f2761
                                                                                                                                                              0x003f276c
                                                                                                                                                              0x003f2772
                                                                                                                                                              0x003f277c
                                                                                                                                                              0x003f2782
                                                                                                                                                              0x003f2788
                                                                                                                                                              0x003f278f
                                                                                                                                                              0x003f2796
                                                                                                                                                              0x003f2798
                                                                                                                                                              0x003f279f
                                                                                                                                                              0x003f279f
                                                                                                                                                              0x003f279f
                                                                                                                                                              0x003f280d
                                                                                                                                                              0x003f280e
                                                                                                                                                              0x003f280f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f2815
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f280f
                                                                                                                                                              0x003f27a3
                                                                                                                                                              0x003f27a9
                                                                                                                                                              0x003f27ae
                                                                                                                                                              0x003f2817
                                                                                                                                                              0x003f2818
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f27b0
                                                                                                                                                              0x003f27b5
                                                                                                                                                              0x003f281a
                                                                                                                                                              0x003f281a
                                                                                                                                                              0x003f281b
                                                                                                                                                              0x003f281d
                                                                                                                                                              0x003f281e
                                                                                                                                                              0x003f281f
                                                                                                                                                              0x003f2821
                                                                                                                                                              0x003f2823
                                                                                                                                                              0x003f2824
                                                                                                                                                              0x003f2825
                                                                                                                                                              0x003f2826
                                                                                                                                                              0x003f282c
                                                                                                                                                              0x003f2833
                                                                                                                                                              0x003f2836
                                                                                                                                                              0x003f283e
                                                                                                                                                              0x003f2844
                                                                                                                                                              0x003f28c2
                                                                                                                                                              0x003f28c9
                                                                                                                                                              0x003f28ce
                                                                                                                                                              0x003f28d3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f28d5
                                                                                                                                                              0x003f28d5
                                                                                                                                                              0x003f28de
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f28de
                                                                                                                                                              0x003f2846
                                                                                                                                                              0x003f2846
                                                                                                                                                              0x003f284f
                                                                                                                                                              0x003f2910
                                                                                                                                                              0x003f2911
                                                                                                                                                              0x003f2913
                                                                                                                                                              0x003f2913
                                                                                                                                                              0x003f2914
                                                                                                                                                              0x003f2916
                                                                                                                                                              0x003f2917
                                                                                                                                                              0x003f291c
                                                                                                                                                              0x003f2921
                                                                                                                                                              0x003f293e
                                                                                                                                                              0x003f293f
                                                                                                                                                              0x003f2941
                                                                                                                                                              0x003f2942
                                                                                                                                                              0x003f2943
                                                                                                                                                              0x003f2944
                                                                                                                                                              0x003f2945
                                                                                                                                                              0x003f2946
                                                                                                                                                              0x003f2947
                                                                                                                                                              0x003f2948
                                                                                                                                                              0x003f2949
                                                                                                                                                              0x003f294a
                                                                                                                                                              0x003f294b
                                                                                                                                                              0x003f294c
                                                                                                                                                              0x003f294d
                                                                                                                                                              0x003f294e
                                                                                                                                                              0x003f294f
                                                                                                                                                              0x003f2950
                                                                                                                                                              0x003f2953
                                                                                                                                                              0x003f2954
                                                                                                                                                              0x003f2955
                                                                                                                                                              0x003f2957
                                                                                                                                                              0x003f295d
                                                                                                                                                              0x003f2964
                                                                                                                                                              0x003f2972
                                                                                                                                                              0x003f29bd
                                                                                                                                                              0x003f29cc
                                                                                                                                                              0x003f29ce
                                                                                                                                                              0x003f29d0
                                                                                                                                                              0x003f29dc
                                                                                                                                                              0x003f29e1
                                                                                                                                                              0x003f29ec
                                                                                                                                                              0x003f29f1
                                                                                                                                                              0x003f29cc
                                                                                                                                                              0x003f2974
                                                                                                                                                              0x003f297c
                                                                                                                                                              0x003f2988
                                                                                                                                                              0x003f2994
                                                                                                                                                              0x003f299d
                                                                                                                                                              0x003f29a0
                                                                                                                                                              0x003f29a8
                                                                                                                                                              0x003f29ae
                                                                                                                                                              0x003f29b7
                                                                                                                                                              0x003f292c
                                                                                                                                                              0x003f292e
                                                                                                                                                              0x003f2933
                                                                                                                                                              0x003f2936
                                                                                                                                                              0x003f28e0
                                                                                                                                                              0x003f28e3
                                                                                                                                                              0x003f28eb
                                                                                                                                                              0x003f28f1
                                                                                                                                                              0x003f28f8
                                                                                                                                                              0x003f28fd
                                                                                                                                                              0x003f2900
                                                                                                                                                              0x003f2905
                                                                                                                                                              0x003f2905
                                                                                                                                                              0x00000000
                                                                                                                                                              0x003f28f1
                                                                                                                                                              0x003f2855
                                                                                                                                                              0x003f2864
                                                                                                                                                              0x003f2879
                                                                                                                                                              0x003f2881
                                                                                                                                                              0x003f2882
                                                                                                                                                              0x003f288a
                                                                                                                                                              0x003f288f
                                                                                                                                                              0x003f28a3
                                                                                                                                                              0x003f28b0
                                                                                                                                                              0x003f28c1
                                                                                                                                                              0x003f28c1
                                                                                                                                                              0x003f284f
                                                                                                                                                              0x003f27b7
                                                                                                                                                              0x003f27bb
                                                                                                                                                              0x003f27bb
                                                                                                                                                              0x003f27b5

                                                                                                                                                              APIs
                                                                                                                                                              • TlsGetValue.KERNEL32(00000022,00AEE1F0,?,-00000020,?,003F2A8C,00507B90,00000000,?,00507B90,00508030,?,000000FF,?,00505498,?), ref: 003F2717
                                                                                                                                                              • ReleaseSRWLockExclusive.KERNEL32(052FE1B8,00508030,?,000000FF,?,00505498,?,?,?,?,?,?,-00000001,7FFFFFFF,-00000001), ref: 003F27A3
                                                                                                                                                              • __Init_thread_header.LIBCMT ref: 003F27CD
                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 003F2800
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExclusiveInit_thread_footerInit_thread_headerLockReleaseValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1098889277-0
                                                                                                                                                              • Opcode ID: b925bb53e57a0765ef773fccc485803422ccd8fc5f9ff2cc1d21a025b08675d4
                                                                                                                                                              • Instruction ID: b54dce4398b399e2cf7add3913572cacc32f28aa8e948c1de24f2c21541bbe69
                                                                                                                                                              • Opcode Fuzzy Hash: b925bb53e57a0765ef773fccc485803422ccd8fc5f9ff2cc1d21a025b08675d4
                                                                                                                                                              • Instruction Fuzzy Hash: EF21D370500248DFD626DF59E8C9A3B37A5FB85360F10052AE715CB3A2E73468478B62
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 003C90A0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                              			E003C90A0() {
				intOrPtr _v20;
				char _v28;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				signed int _t24;
				signed int _t27;
				intOrPtr _t28;
				intOrPtr _t32;
				void* _t33;

				_t13 =  &_v28;
				 *((intOrPtr*)(_t13 - 4)) = _t32;
				 *((intOrPtr*)(_t13 + 8)) = 0xffffffff;
				 *((intOrPtr*)(_t13 + 4)) = 0x3cdcd0;
				 *_t13 =  *[fs:0x0];
				 *[fs:0x0] = _t13;
				_t24 =  *0xaee0a8; // 0x0
				_t14 =  *0xaeb1f0; // 0x80000004
				if(_t14 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t24 * 4)) + 0x18))) {
					E0082CC77(_t14, 0xaeb1f0);
					_t33 = _t32 + 4;
					__eflags =  *0xaeb1f0 - 0xffffffff;
					if( *0xaeb1f0 == 0xffffffff) {
						_t27 =  *0xaee0a8; // 0x0
						_t17 =  *0xaeb1e4; // 0x80000003
						_t28 =  *((intOrPtr*)( *[fs:0x2c] + _t27 * 4));
						__eflags = _t17 -  *((intOrPtr*)(_t28 + 0x18));
						if(_t17 >  *((intOrPtr*)(_t28 + 0x18))) {
							E0082CC77(_t17, 0xaeb1e4);
							_t33 = _t33 + 4;
							__eflags =  *0xaeb1e4 - 0xffffffff;
							if(__eflags == 0) {
								_v20 = 0;
								L003C70A0(0xaeb7f0, __eflags, 1);
								 *0xaeb1dc = 0xaeb7f0;
								 *0xaeb1e0 = 0xaeb1dc;
								E0082CCED(0xaeb1e4);
								_t33 = _t33 + 4;
							}
						}
						_t19 =  *0xaeb1dc; // 0xaeb7f0
						 *0xaeb1e8 = _t19;
						asm("lock inc dword [eax+0x4]");
						 *0xaeb1ec = 0xaeb1e8;
						E0082CCED(0xaeb1f0);
					}
				}
				_t16 =  *0xaeb1ec; // 0xaeb1e8
				 *[fs:0x0] = _v28;
				return _t16;
			}















                                                                                                                                                              0x003c90a9
                                                                                                                                                              0x003c90ac
                                                                                                                                                              0x003c90af
                                                                                                                                                              0x003c90b6
                                                                                                                                                              0x003c90c4
                                                                                                                                                              0x003c90c6
                                                                                                                                                              0x003c90cc
                                                                                                                                                              0x003c90d9
                                                                                                                                                              0x003c90e7
                                                                                                                                                              0x003c9105
                                                                                                                                                              0x003c910a
                                                                                                                                                              0x003c910d
                                                                                                                                                              0x003c9114
                                                                                                                                                              0x003c9116
                                                                                                                                                              0x003c9123
                                                                                                                                                              0x003c9128
                                                                                                                                                              0x003c912b
                                                                                                                                                              0x003c9131
                                                                                                                                                              0x003c915f
                                                                                                                                                              0x003c9164
                                                                                                                                                              0x003c9167
                                                                                                                                                              0x003c916e
                                                                                                                                                              0x003c9170
                                                                                                                                                              0x003c917e
                                                                                                                                                              0x003c9183
                                                                                                                                                              0x003c918d
                                                                                                                                                              0x003c919c
                                                                                                                                                              0x003c91a1
                                                                                                                                                              0x003c91a1
                                                                                                                                                              0x003c916e
                                                                                                                                                              0x003c9133
                                                                                                                                                              0x003c9138
                                                                                                                                                              0x003c913d
                                                                                                                                                              0x003c9141
                                                                                                                                                              0x003c9150
                                                                                                                                                              0x003c9155
                                                                                                                                                              0x003c9114
                                                                                                                                                              0x003c90ec
                                                                                                                                                              0x003c90f1
                                                                                                                                                              0x003c90ff

                                                                                                                                                              APIs
                                                                                                                                                              • __Init_thread_header.LIBCMT ref: 003C9105
                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 003C9150
                                                                                                                                                              • __Init_thread_header.LIBCMT ref: 003C915F
                                                                                                                                                                • Part of subcall function 0082CC77: EnterCriticalSection.KERNEL32(00AEE088,?,?,?,0050554D,00AEE1C4,-00000001,004041F3,00A5A19B,?,?,004041F3), ref: 0082CC82
                                                                                                                                                                • Part of subcall function 0082CC77: LeaveCriticalSection.KERNEL32(00AEE088,?,0050554D,00AEE1C4,-00000001,004041F3,00A5A19B,?,?,004041F3,?,?,?,?,?,-00000001), ref: 0082CCBF
                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 003C919C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalInit_thread_footerInit_thread_headerSection$EnterLeave
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2234156424-0
                                                                                                                                                              • Opcode ID: 75a8da962157b52ec0ab138f97f741318cb316267f683fd22778d6c5526a98f2
                                                                                                                                                              • Instruction ID: dc5d0bffc00ce2b6001f63423c61ecaed4e982b9f947208d401cabf60a029220
                                                                                                                                                              • Opcode Fuzzy Hash: 75a8da962157b52ec0ab138f97f741318cb316267f683fd22778d6c5526a98f2
                                                                                                                                                              • Instruction Fuzzy Hash: 9621DC70910685DFC311DF89E8AEF2A77A0FB45330F00836ED8198B3A1C7316946CBA2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0082CD37 Relevance: 6.0, APIs: 4, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E0082CD37(long _a4) {
				long _t3;
				intOrPtr* _t7;

				_t7 =  *0xaee0a0;
				if(_t7 == 0) {
					LeaveCriticalSection(0xaee088);
					_t3 = WaitForSingleObjectEx( *0xaee084, _a4, 0);
					EnterCriticalSection(0xaee088);
					return _t3;
				}
				 *0xaf3000(0xaee080, 0xaee088, _a4);
				return  *_t7();
			}





                                                                                                                                                              0x0082cd3b
                                                                                                                                                              0x0082cd43
                                                                                                                                                              0x0082cd64
                                                                                                                                                              0x0082cd75
                                                                                                                                                              0x0082cd7c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0082cd7c
                                                                                                                                                              0x0082cd54
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • SleepConditionVariableCS.KERNELBASE(?,0082CC9C,00000064), ref: 0082CD5A
                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00AEE088,?,?,0082CC9C,00000064,?,0050554D,00AEE1C4,-00000001,004041F3,00A5A19B,?,?,004041F3), ref: 0082CD64
                                                                                                                                                              • WaitForSingleObjectEx.KERNEL32(?,00000000,?,0082CC9C,00000064,?,0050554D,00AEE1C4,-00000001,004041F3,00A5A19B,?,?,004041F3), ref: 0082CD75
                                                                                                                                                              • EnterCriticalSection.KERNEL32(00AEE088,?,0082CC9C,00000064,?,0050554D,00AEE1C4,-00000001,004041F3,00A5A19B,?,?,004041F3), ref: 0082CD7C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3269011525-0
                                                                                                                                                              • Opcode ID: 88393ffb1b45ad8ec10398db96d96fa9b40992a52281ada0738f5c1501688661
                                                                                                                                                              • Instruction ID: 09b29c291f9cf81cd7fc60cc9ba0606f972283ef0931b560be224730ee556d1a
                                                                                                                                                              • Opcode Fuzzy Hash: 88393ffb1b45ad8ec10398db96d96fa9b40992a52281ada0738f5c1501688661
                                                                                                                                                              • Instruction Fuzzy Hash: 04E012325C15E8BBDA11EBD1EC49B9D3F29FB04761B000121F6099A5608BA15A52DBD9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 003810E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E003810E0(intOrPtr* __ecx, void* __edi, char _a4) {
				signed int _v12;
				char _v20;
				void* __esi;
				signed int _t14;
				intOrPtr* _t20;
				intOrPtr* _t22;
				signed int _t23;

				_t22 = __ecx;
				_t14 =  *0xae93a0; // 0xe041a7c9
				_t1 =  &_a4; // 0x3ce634
				_v12 = _t14 ^ _t23;
				 *__ecx = 0xa02438;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				_t20 =  &_v20;
				 *_t20 =  *_t1;
				 *((char*)(_t20 + 4)) = 1;
				E0082EEE4(_t20, __ecx + 4);
				 *_t22 = 0xa04e2c;
				_t8 =  &_v12; // 0x3ce634
				L0082CC31( *_t8 ^ _t23, _t20, __edi, _t22);
				return _t22;
			}










                                                                                                                                                              0x003810e7
                                                                                                                                                              0x003810e9
                                                                                                                                                              0x003810ef
                                                                                                                                                              0x003810f6
                                                                                                                                                              0x003810f9
                                                                                                                                                              0x00381102
                                                                                                                                                              0x00381105
                                                                                                                                                              0x00381108
                                                                                                                                                              0x0038110b
                                                                                                                                                              0x0038110d
                                                                                                                                                              0x00381113
                                                                                                                                                              0x0038111b
                                                                                                                                                              0x00381121
                                                                                                                                                              0x00381126
                                                                                                                                                              0x00381132

                                                                                                                                                              APIs
                                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00381113
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___std_exception_copy
                                                                                                                                                              • String ID: 4<qRP$4<qRP
                                                                                                                                                              • API String ID: 2659868963-3201259051
                                                                                                                                                              • Opcode ID: a8af2891e2f2e890c50d3758a409a1e692e2345700ad3f38219f8fe43b1327c0
                                                                                                                                                              • Instruction ID: 4215fcf811e2c09e488b4672861b92289224dffff60ec7b1309d780b6752adcf
                                                                                                                                                              • Opcode Fuzzy Hash: a8af2891e2f2e890c50d3758a409a1e692e2345700ad3f38219f8fe43b1327c0
                                                                                                                                                              • Instruction Fuzzy Hash: 23F05EB19003199FC718DF69E88159AFBE5FF88310B44C42EE88A4B340EA716984CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00505C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 00505C95
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00505CA1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000012.00000002.355504827.00000000001F1000.00000020.00000001.01000000.00000017.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                              • Associated: 00000012.00000002.355492153.00000000001F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.356609412.000000000085C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357664212.0000000000ABA000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357766040.0000000000AE7000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357802707.0000000000AF0000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357817162.0000000000AF4000.00000020.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              • Associated: 00000012.00000002.357832496.0000000000AF9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_18_2_1f0000_chromedriver.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                                              • String ID: GetHandleVerifier
                                                                                                                                                              • API String ID: 1646373207-1090674830
                                                                                                                                                              • Opcode ID: b898c15ab80c35f7723f70e4f3aacb0e2cfcd92cae339081ac4a05f01aabf331
                                                                                                                                                              • Instruction ID: 06d467cffcf86e3c38aaddc41c2109eb7924ffe3763f58e7339669c531bafa54
                                                                                                                                                              • Opcode Fuzzy Hash: b898c15ab80c35f7723f70e4f3aacb0e2cfcd92cae339081ac4a05f01aabf331
                                                                                                                                                              • Instruction Fuzzy Hash: EFD09260684F85AAF640A7A49D4EB6B3A9C7720B02F440E24AA05D54E0FAB49C819B71
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%