Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ITC590-Script 2 V1-2024.exe

Overview

General Information

Sample name:ITC590-Script 2 V1-2024.exe
Analysis ID:1522421
MD5:4ac074744836b3742200b03807655bd9
SHA1:cec4e3902cab847249ca4e63750f8bbfdb503165
SHA256:918bf06d20f2240938fc8a940a4b019cc573cee762ee169ce3e2fba155d5796b
Tags:exeuser-Dyrockful
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found pyInstaller with non standard icon
Uses cmd line tools excessively to alter registry or file data
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses reg.exe to modify the Windows registry

Classification

Process Tree

  • System is w10x64
  • ITC590-Script 2 V1-2024.exe (PID: 6280 cmdline: "C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe" MD5: 4AC074744836B3742200B03807655BD9)
    • ITC590-Script 2 V1-2024.exe (PID: 6536 cmdline: "C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe" MD5: 4AC074744836B3742200B03807655BD9)
      • cmd.exe (PID: 6464 cmdline: C:\Windows\system32\cmd.exe /c reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • reg.exe (PID: 480 cmdline: reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
      • cmd.exe (PID: 4108 cmdline: C:\Windows\system32\cmd.exe /c reg add "HKCU\Software\TestSoftware" /v TestValue /d "Modified Data-ITC590 2024" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • reg.exe (PID: 6128 cmdline: reg add "HKCU\Software\TestSoftware" /v TestValue /d "Modified Data-ITC590 2024" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: ITC590-Script 2 V1-2024.exeReversingLabs: Detection: 20%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.5% probability
Source: ITC590-Script 2 V1-2024.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: python312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662247077.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662247077.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF726E083C0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E09280 FindFirstFileExW,FindClose,0_2_00007FF726E09280
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF726E21874
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E09280 FindFirstFileExW,FindClose,1_2_00007FF726E09280
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF726E21874
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF726E083C0
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ACC000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ACC000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ACC000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ACC000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ACC000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1663624506.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1665487911.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000003.1668988505.000002302F8EC000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1669028545.000002302F990000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1668949826.000002302F988000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1668815262.000002302F920000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1668789731.000002302F988000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F75C000.00000004.00001000.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1668893784.000002302F990000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F6E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F75C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F75C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F7A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F6E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000002.1677118965.000002302FB10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000002.1677118965.000002302FB10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F76C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675473431.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675426974.000002302DF27000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676838876.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1676257331.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1673910594.000002302DF23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675473431.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675426974.000002302DF27000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1674319661.000002302DF37000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676838876.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1676257331.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1673910594.000002302DF23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F6E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000003.1673910594.000002302DF23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675473431.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675426974.000002302DF27000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1674319661.000002302DF37000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676838876.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1676257331.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1673910594.000002302DF23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675473431.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675426974.000002302DF27000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1674319661.000002302DF37000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676838876.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1676257331.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1673910594.000002302DF23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: ITC590-Script 2 V1-2024.exe, 00000001.00000002.1677118965.000002302FB10000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: python312.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: libcrypto-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
Source: python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/)
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E010000_2_00007FF726E01000
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E208C80_2_00007FF726E208C8
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E089E00_2_00007FF726E089E0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E269640_2_00007FF726E26964
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E098000_2_00007FF726E09800
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E187940_2_00007FF726E18794
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E11F600_2_00007FF726E11F60
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E117400_2_00007FF726E11740
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E297280_2_00007FF726E29728
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E180E40_2_00007FF726E180E4
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E240AC0_2_00007FF726E240AC
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E218740_2_00007FF726E21874
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E135A00_2_00007FF726E135A0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E1E5700_2_00007FF726E1E570
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E11D540_2_00007FF726E11D54
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E15D300_2_00007FF726E15D30
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E1DEF00_2_00007FF726E1DEF0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E19EA00_2_00007FF726E19EA0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E25E7C0_2_00007FF726E25E7C
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E23C100_2_00007FF726E23C10
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E12C100_2_00007FF726E12C10
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E25C000_2_00007FF726E25C00
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E11B500_2_00007FF726E11B50
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E0ACAD0_2_00007FF726E0ACAD
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E0A47B0_2_00007FF726E0A47B
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E264180_2_00007FF726E26418
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E208C80_2_00007FF726E208C8
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E139A40_2_00007FF726E139A4
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E121640_2_00007FF726E12164
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E119440_2_00007FF726E11944
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E0A2DB0_2_00007FF726E0A2DB
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E1DA5C0_2_00007FF726E1DA5C
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E010001_2_00007FF726E01000
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E269641_2_00007FF726E26964
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E098001_2_00007FF726E09800
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E187941_2_00007FF726E18794
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E11F601_2_00007FF726E11F60
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E117401_2_00007FF726E11740
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E297281_2_00007FF726E29728
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E180E41_2_00007FF726E180E4
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E208C81_2_00007FF726E208C8
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E240AC1_2_00007FF726E240AC
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E218741_2_00007FF726E21874
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E135A01_2_00007FF726E135A0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E1E5701_2_00007FF726E1E570
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E11D541_2_00007FF726E11D54
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E15D301_2_00007FF726E15D30
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E1DEF01_2_00007FF726E1DEF0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E19EA01_2_00007FF726E19EA0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E25E7C1_2_00007FF726E25E7C
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E23C101_2_00007FF726E23C10
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E12C101_2_00007FF726E12C10
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E25C001_2_00007FF726E25C00
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E11B501_2_00007FF726E11B50
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E0ACAD1_2_00007FF726E0ACAD
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E0A47B1_2_00007FF726E0A47B
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E264181_2_00007FF726E26418
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E208C81_2_00007FF726E208C8
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E089E01_2_00007FF726E089E0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E139A41_2_00007FF726E139A4
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E121641_2_00007FF726E12164
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E119441_2_00007FF726E11944
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E0A2DB1_2_00007FF726E0A2DB
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E1DA5C1_2_00007FF726E1DA5C
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: String function: 00007FF726E02910 appears 34 times
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: String function: 00007FF726E02710 appears 104 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs ITC590-Script 2 V1-2024.exe
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs ITC590-Script 2 V1-2024.exe
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662247077.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs ITC590-Script 2 V1-2024.exe
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662468968.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs ITC590-Script 2 V1-2024.exe
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs ITC590-Script 2 V1-2024.exe
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs ITC590-Script 2 V1-2024.exe
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs ITC590-Script 2 V1-2024.exe
Source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs ITC590-Script 2 V1-2024.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /f
Source: classification engineClassification label: mal60.winEXE@13/11@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3752:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6588:120:WilError_03
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802Jump to behavior
Source: ITC590-Script 2 V1-2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: ITC590-Script 2 V1-2024.exeReversingLabs: Detection: 20%
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile read: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe "C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe"
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeProcess created: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe "C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe"
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /f
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c reg add "HKCU\Software\TestSoftware" /v TestValue /d "Modified Data-ITC590 2024" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\Software\TestSoftware" /v TestValue /d "Modified Data-ITC590 2024" /f
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeProcess created: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe "C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe"Jump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /fJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c reg add "HKCU\Software\TestSoftware" /v TestValue /d "Modified Data-ITC590 2024" /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\Software\TestSoftware" /v TestValue /d "Modified Data-ITC590 2024" /fJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeSection loaded: kernel.appcore.dllJump to behavior
Source: ITC590-Script 2 V1-2024.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: ITC590-Script 2 V1-2024.exeStatic file information: File size 7246596 > 1048576
Source: ITC590-Script 2 V1-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: ITC590-Script 2 V1-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: ITC590-Script 2 V1-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: ITC590-Script 2 V1-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: ITC590-Script 2 V1-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: ITC590-Script 2 V1-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: ITC590-Script 2 V1-2024.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: ITC590-Script 2 V1-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666680527.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: python312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1666826205.000001AF92AC0000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662611257.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662707659.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662362599.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662247077.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662247077.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: ITC590-Script 2 V1-2024.exe, 00000000.00000003.1662811507.000001AF92ABF000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: ITC590-Script 2 V1-2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: ITC590-Script 2 V1-2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: ITC590-Script 2 V1-2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: ITC590-Script 2 V1-2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: ITC590-Script 2 V1-2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeProcess created: "C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe"
Uses cmd line tools excessively to alter registry or file data
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802\select.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62802\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E05830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF726E05830
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62802\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62802\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62802\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62802\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62802\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62802\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62802\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62802\select.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62802\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18086
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeAPI coverage: 6.4 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF726E083C0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E09280 FindFirstFileExW,FindClose,0_2_00007FF726E09280
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF726E21874
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E09280 FindFirstFileExW,FindClose,1_2_00007FF726E09280
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF726E21874
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF726E083C0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF726E1A614
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E23480 GetProcessHeap,0_2_00007FF726E23480
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E0C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF726E0C8A0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF726E1A614
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF726E0D12C
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E0D30C SetUnhandledExceptionFilter,0_2_00007FF726E0D30C
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E0C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF726E0C8A0
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF726E1A614
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF726E0D12C
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 1_2_00007FF726E0D30C SetUnhandledExceptionFilter,1_2_00007FF726E0D30C
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeProcess created: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe "C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe"Jump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /fJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c reg add "HKCU\Software\TestSoftware" /v TestValue /d "Modified Data-ITC590 2024" /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\Software\TestSoftware" /v TestValue /d "Modified Data-ITC590 2024" /fJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E29570 cpuid 0_2_00007FF726E29570
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E0D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF726E0D010
Source: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exeCode function: 0_2_00007FF726E25E7C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF726E25E7C

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		1
DLL Side-Loading		11
Process Injection		1
Modify Registry		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		11
Process Injection		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS22
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1522421 Sample: ITC590-Script 2 V1-2024.exe Startdate: 30/09/2024 Architecture: WINDOWS Score: 60 34 Multi AV Scanner detection for submitted file 2->34 36 AI detected suspicious sample 2->36 38 Found pyInstaller with non standard icon 2->38 8 ITC590-Script 2 V1-2024.exe 12 2->8         started        process3 file4 26 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 8->26 dropped 28 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 8->28 dropped 30 C:\Users\user\AppData\Local\...\python312.dll, PE32+ 8->30 dropped 32 7 other files (none is malicious) 8->32 dropped 11 ITC590-Script 2 V1-2024.exe 8->11         started        process5 process6 13 cmd.exe 1 11->13         started        16 cmd.exe 1 11->16         started        signatures7 40 Uses cmd line tools excessively to alter registry or file data 13->40 18 conhost.exe 13->18         started        20 reg.exe 1 13->20         started        22 conhost.exe 16->22         started        24 reg.exe 1 1 16->24         started        process8

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ITC590-Script 2 V1-2024.exe21%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI62802\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62802\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62802\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62802\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62802\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62802\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62802\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62802\python312.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62802\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62802\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.openssl.org/H0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F6E0000.00000004.00001000.00020000.00000000.sdmpfalse
    		unknown
    https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F75C000.00000004.00001000.00020000.00000000.sdmpfalse
      		unknown
      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerITC590-Script 2 V1-2024.exe, 00000001.00000003.1675473431.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675426974.000002302DF27000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1674319661.000002302DF37000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676838876.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1676257331.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1673910594.000002302DF23000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourceITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F75C000.00000004.00001000.00020000.00000000.sdmpfalse
          		unknown
          https://www.openssl.org/Hlibcrypto-3.dll.0.drfalse
          • URL Reputation: safe
          		unknown
          https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleITC590-Script 2 V1-2024.exe, 00000001.00000002.1677118965.000002302FB10000.00000004.00001000.00020000.00000000.sdmpfalse
            		unknown
            https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F76C000.00000004.00001000.00020000.00000000.sdmpfalse
              		unknown
              https://peps.python.org/pep-0205/ITC590-Script 2 V1-2024.exe, 00000001.00000002.1677118965.000002302FB10000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                		unknown
                https://docs.python.org/3/howto/mro.html.ITC590-Script 2 V1-2024.exe, 00000001.00000003.1668988505.000002302F8EC000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1669028545.000002302F990000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1668949826.000002302F988000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1668815262.000002302F920000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1668789731.000002302F988000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F75C000.00000004.00001000.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1668893784.000002302F990000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                  		unknown
                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packageITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F7A4000.00000004.00001000.00020000.00000000.sdmpfalse
                    		unknown
                    https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesITC590-Script 2 V1-2024.exe, 00000001.00000002.1677118965.000002302FB10000.00000004.00001000.00020000.00000000.sdmpfalse
                      		unknown
                      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675473431.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675426974.000002302DF27000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1674319661.000002302DF37000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676838876.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1676257331.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1673910594.000002302DF23000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://www.python.org/psf/license/)python312.dll.0.drfalse
                          		unknown
                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyITC590-Script 2 V1-2024.exe, 00000001.00000003.1673910594.000002302DF23000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_dataITC590-Script 2 V1-2024.exe, 00000001.00000003.1675473431.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675426974.000002302DF27000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676838876.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1676257331.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1673910594.000002302DF23000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_moduleITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F6E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		unknown
                                https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syITC590-Script 2 V1-2024.exe, 00000001.00000003.1675473431.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1675426974.000002302DF27000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1674319661.000002302DF37000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000002.1676838876.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1676257331.000002302DF2A000.00000004.00000020.00020000.00000000.sdmp, ITC590-Script 2 V1-2024.exe, 00000001.00000003.1673910594.000002302DF23000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://peps.python.org/pep-0263/python312.dll.0.drfalse
                                    		unknown
                                    https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameITC590-Script 2 V1-2024.exe, 00000001.00000002.1676876257.000002302F6E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://www.python.org/psf/license/python312.dll.0.drfalse
                                        		unknown

                                        World Map of Contacted IPs

                                        No contacted IP infos

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1522421
                                        Start date and time:2024-09-30 01:55:07 +02:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 3m 10s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:8
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:ITC590-Script 2 V1-2024.exe
                                        Detection:MAL
                                        Classification:mal60.winEXE@13/11@0/0
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:
                                        • Successful, ratio: 99%
                                        • Number of executed functions: 60
                                        • Number of non-executed functions: 130
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Stop behavior analysis, all processes terminated

                                        Warnings

                                        • Not all processes where analyzed, report is missing behavior information
                                        • VT rate limit hit for: ITC590-Script 2 V1-2024.exe

                                        Simulations

                                        Behavior and APIs

                                        No simulations

                                        Joe Sandbox View / Context

                                        IPs

                                        No context

                                        Domains

                                        No context

                                        ASNs

                                        No context

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        C:\Users\user\AppData\Local\Temp\_MEI62802\_bz2.pydmfsH98ISNV.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousXmrigBrowse
                                            Dkqewub8RE.exeGet hashmaliciousUnknownBrowse
                                              Dkqewub8RE.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousXmrigBrowse
                                                      file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC StealerBrowse
                                                        DoomRat.exeGet hashmaliciousUnknownBrowse
                                                          qIhikjYFSs.exeGet hashmaliciousUnknownBrowse
                                                            C:\Users\user\AppData\Local\Temp\_MEI62802\VCRUNTIME140.dllSecuriteInfo.com.Win64.Evo-gen.1493.31362.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                              HyZh4pn0RF.exeGet hashmaliciousCreal StealerBrowse
                                                                file.exeGet hashmaliciousBlank GrabberBrowse
                                                                  mfsH98ISNV.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousXmrigBrowse
                                                                      Dkqewub8RE.exeGet hashmaliciousUnknownBrowse
                                                                        Dkqewub8RE.exeGet hashmaliciousUnknownBrowse
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                              file.exeGet hashmaliciousXmrigBrowse

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\VCRUNTIME140.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):119192
                                                                                Entropy (8bit):6.6016214745004635
                                                                                Encrypted:false
                                                                                SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Joe Sandbox View:
                                                                                • Filename: SecuriteInfo.com.Win64.Evo-gen.1493.31362.exe, Detection: malicious, Browse
                                                                                • Filename: HyZh4pn0RF.exe, Detection: malicious, Browse
                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                • Filename: mfsH98ISNV.exe, Detection: malicious, Browse
                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                • Filename: Dkqewub8RE.exe, Detection: malicious, Browse
                                                                                • Filename: Dkqewub8RE.exe, Detection: malicious, Browse
                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                Reputation:moderate, very likely benign file
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\_bz2.pyd

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):85272
                                                                                Entropy (8bit):6.591457260071925
                                                                                Encrypted:false
                                                                                SSDEEP:1536:+yhz79151BVo1vXfzIFnaR4bO1AsCn8Bsjk+tI1CVQ7Sy4x+R:Nhzx15evXkuxAB8BMk+tI1CVQF
                                                                                MD5:DD26ED92888DE9C57660A7AD631BB916
                                                                                SHA1:77D479D44D9E04F0A1355569332233459B69A154
                                                                                SHA-256:324268786921EC940CBD4B5E2F71DAFD08E578A12E373A715658527E5B211697
                                                                                SHA-512:D693367565005C1B87823E781DC5925146512182C8D8A3A2201E712C88DF1C0E66E65ECAEC9AF22037F0A8F8B3FB3F511EA47CFD5774651D71673FAB612D2897
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Joe Sandbox View:
                                                                                • Filename: mfsH98ISNV.exe, Detection: malicious, Browse
                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                • Filename: Dkqewub8RE.exe, Detection: malicious, Browse
                                                                                • Filename: Dkqewub8RE.exe, Detection: malicious, Browse
                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                • Filename: DoomRat.exe, Detection: malicious, Browse
                                                                                • Filename: qIhikjYFSs.exe, Detection: malicious, Browse
                                                                                Reputation:moderate, very likely benign file
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b....(......(......(......(......(.....................................................Rich...........PE..d......f.........." ...(.....^...............................................`............`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text...#........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\_decimal.pyd

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):257304
                                                                                Entropy (8bit):6.565090204799859
                                                                                Encrypted:false
                                                                                SSDEEP:6144:3uQjqbJrTwvqM+eYx+lDJOAkl9qWM53pLW1AcfRRR6tlISgOg:3sTwvWeS+xJw4ln7g
                                                                                MD5:CEA3B419C7CA87140A157629C6DBD299
                                                                                SHA1:7DBFF775235B1937B150AE70302B3208833DC9BE
                                                                                SHA-256:95B9850E6FB335B235589DD1348E007507C6B28E332C9ABB111F2A0035C358E5
                                                                                SHA-512:6E3A6781C0F05BB5182073CCA1E69B6DF55F05FF7CDCEA394BACF50F88605E2241B7387F1D8BA9F40A96832D04F55EDB80003F0CF1E537A26F99408EE9312F5B
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............'.....g&......g&......g&......g&.......!.................9....!.......!.......!.......!K......!......Rich............PE..d.....f.........." ...(.....<............................................................`..........................................c..P....c...................&......./......T.......T...........................p...@............................................text...9........................... ..`.rdata..(...........................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\_hashlib.pyd

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):66328
                                                                                Entropy (8bit):6.227566291152438
                                                                                Encrypted:false
                                                                                SSDEEP:1536:/9gLpgE4Z27ARZWZnEmoAlI1OIH7SyT0xq:26RZeEmoAlI1OIHth
                                                                                MD5:D19CB5CA144AE1FD29B6395B0225CF40
                                                                                SHA1:5B9EC6E656261CE179DFCFD5C6A3CFE07C2DFEB4
                                                                                SHA-256:F95EC2562A3C70FB1A6E44D72F4223CE3C7A0F0038159D09DCE629F59591D5AA
                                                                                SHA-512:9AC3A8A4DBDB09BE3760E7CCB11269F82A47B24C03D10D289BCDDED9A43E57D3CD656F8D060D66B810382ECAC3A62F101F83EA626B58CD0B5A3CCA25B67B1519
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........N@.. ... ... ...... ..k!... ..k#... ..k$... ..k%... ..l!... ...!... ..h!... ...!.Y. ..l-... ..l ... ..l.... ..l"... .Rich.. .........................PE..d......f.........." ...(.V.......... @............................................../.....`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\_lzma.pyd

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):160024
                                                                                Entropy (8bit):6.85368707809341
                                                                                Encrypted:false
                                                                                SSDEEP:3072:lsvkxujgo7e2uONOG+hi+C8znfF9mNooXnmbutI1Z1mb:lnu0o7JUrNYOo2Kz
                                                                                MD5:8CFBAFE65D6E38DDE8E2E8006B66BB3E
                                                                                SHA1:CB63ADDD102E47C777D55753C00C29C547E2243C
                                                                                SHA-256:6D548DB0AB73291F82CF0F4CA9EC0C81460185319C8965E829FAEACAE19444FF
                                                                                SHA-512:FA021615D5C080AADCD5B84FD221900054EB763A7AF8638F70CF6CD49BD92773074F1AC6884F3CE1D8A15D59439F554381377FAEE4842ED5BEB13FF3E1B510F4
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.3H%.`H%.`H%.`A]7`L%.`...aJ%.`...aK%.`...a@%.`...aD%.`]..aK%.`.].aJ%.`H%.`-%.`]..ar%.`]..aI%.`].[`I%.`]..aI%.`RichH%.`........................PE..d......f.........." ...(.f..........`8....................................................`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\_socket.pyd

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):83736
                                                                                Entropy (8bit):6.31969940395018
                                                                                Encrypted:false
                                                                                SSDEEP:1536:COYhekrkJqlerLSyypHi9/s+S+pzjii/n1IsJqKNBI1Lw9PD7Sy9duxJ:jwkJqHyypHi9/sT+pzjiE1IwdNBI1LwU
                                                                                MD5:E43AED7D6A8BCD9DDFC59C2D1A2C4B02
                                                                                SHA1:36F367F68FB9868412246725B604B27B5019D747
                                                                                SHA-256:2C2A6A6BA360E38F0C2B5A53B4626F833A3111844D95615EBF35BE0E76B1EF7A
                                                                                SHA-512:D92E26EB88DB891DE389A464F850A8DA0A39AF8A4D86D9894768CB97182B8351817CE14FE1EB8301B18B80D1D5D8876A48BA66EB7B874C7C3D7B009FCDBC8C4E
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}g.c|.Nb}g.a|.Nb}g.f|.Nb}g.g|.Nb}..c|.Nb}.Nc}.Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}................PE..d......f.........." ...(.x..........0-.......................................`......@.....`.........................................@...P............@.......0.........../...P......P...T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\base_library.zip

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                Category:dropped
                                                                                Size (bytes):1332769
                                                                                Entropy (8bit):5.586560217717372
                                                                                Encrypted:false
                                                                                SSDEEP:12288:VHlJGUqQlLmgBvc+fYNXPh26UZWAzyX7j7YQqPQCxi2hdmSPpHg1d6R1RbtRwv6:VHlJGUDa+zy/7UlZhdmSPNaQHtRwv6
                                                                                MD5:48BA559BF70C3EF963F86633530667D6
                                                                                SHA1:E3319E3A70590767AD00290230D77158F8F8307E
                                                                                SHA-256:F8377AA03B7036E7735E2814452C1759AB7CEEC3F8F8A202B697B4132809CE5E
                                                                                SHA-512:567A7BEF4A7C7FF0890708C0E62D2AF748B645C8B9071953873B0DD5AA789C42796860896A6B5E539651DE9A2243338E2A5FB47743C30DFCDE59B1787C4C1871
                                                                                Malicious:false
                                                                                Preview:PK..........!./gJ.O...O......._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\libcrypto-3.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):5191960
                                                                                Entropy (8bit):5.962142634441191
                                                                                Encrypted:false
                                                                                SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\python312.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):6927640
                                                                                Entropy (8bit):5.765554952149868
                                                                                Encrypted:false
                                                                                SSDEEP:49152:Jc7/HNCHh0IWiUDFsx3hghs7g6kIPuch+Xe16/02yWYqiVx7qb4f4wmC36nhIVcF:JcBZhxsje2kUvid5E+vbHDMiEr/l9o
                                                                                MD5:CAE8FA4E7CB32DA83ACF655C2C39D9E1
                                                                                SHA1:7A0055588A2D232BE8C56791642CB0F5ABBC71F8
                                                                                SHA-256:8AD53C67C2B4DB4387D5F72EE2A3CA80C40AF444B22BF41A6CFDA2225A27BB93
                                                                                SHA-512:DB2190DA2C35BCEED0EF91D7553FF0DEA442286490145C3D0E89DB59BA1299B0851E601CC324B5F7FD026414FC73755E8EFF2EF5FB5EEB1C54A9E13E7C66DD0C
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..Z%..Z%..Z%......X%....e.T%......^%......R%......W%..S]..@%...]..Q%..Z%..*$..O....%..O...[%..O.g.[%..O...[%..RichZ%..........PE..d......f.........." ...(..(..6B...............................................j......dj...`.........................................pdN.d....1O.......i......._.`I....i../... i..[..0.2.T.....................H.(....2.@............ (..............................text.....(.......(................. ..`.rdata..f7'.. (..8'...(.............@..@.data....J...`O......HO.............@....pdata..`I...._..J....^.............@..@PyRuntim0.....b.......a.............@....rsrc.........i...... h.............@..@.reloc...[... i..\...*h.............@..B........................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\select.pyd

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):31000
                                                                                Entropy (8bit):6.553885009751671
                                                                                Encrypted:false
                                                                                SSDEEP:384:I8RVBC9t6Lhz64SHfZslDT90YBI1QGjHQIYiSy1pCQQRaAM+o/8E9VF0NytuSS:1GyqHfK1HBI1QGT5YiSyvXAMxkEm
                                                                                MD5:79CE1AE3A23DFF6ED5FC66E6416600CD
                                                                                SHA1:6204374D99144B0A26FD1D61940FF4F0D17C2212
                                                                                SHA-256:678E09AD44BE42FA9BC9C7A18C25DBE995A59B6C36A13EECC09C0F02A647B6F0
                                                                                SHA-512:A4E48696788798A7D061C0EF620D40187850741C2BEC357DB0E37A2DD94D3A50F9F55BA75DC4D95E50946CBAB78B84BA1FC42D51FD498640A231321566613DAA
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'-..&..'-..&..'-..&..'-..&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'................PE..d.....f.........." ...(.....2......................................................._....`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\_MEI62802\unicodedata.pyd

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):1138456
                                                                                Entropy (8bit):5.461877321211646
                                                                                Encrypted:false
                                                                                SSDEEP:12288:FrEHdcM6hb/CjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAa1:FrEXaCjfk7bPNfv42BN6yzUAa1
                                                                                MD5:B848E259FABAF32B4B3C980A0A12488D
                                                                                SHA1:DA2E864E18521C86C7D8968DB74BB2B28E4C23E2
                                                                                SHA-256:C65073B65F107E471C9BE3C699FB11F774E9A07581F41229582F7B2154B6FC3C
                                                                                SHA-512:4C6953504D1401FE0C74435BCEEBC5EC7BF8991FD42B659867A3529CEE5CC64DA54F1AB404E88160E747887A7409098F1A85A546BC40F12F0DDE0025408F9E27
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#.}.#.}.#.}.*..%.}..*|.!.}..*~. .}..*y.+.}..*x...}.6-|. .}.h.|.!.}.#.|.s.}.6-p.".}.6-}.".}.6-..".}.6-..".}.Rich#.}.........PE..d....f.........." ...(.@..........0*.......................................p......]M....`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                Entropy (8bit):7.980422460909289
                                                                                TrID:
                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                File name:ITC590-Script 2 V1-2024.exe
                                                                                File size:7'246'596 bytes
                                                                                MD5:4ac074744836b3742200b03807655bd9
                                                                                SHA1:cec4e3902cab847249ca4e63750f8bbfdb503165
                                                                                SHA256:918bf06d20f2240938fc8a940a4b019cc573cee762ee169ce3e2fba155d5796b
                                                                                SHA512:4a7ebc80561c97fb408c24a21eade3ac709e8380ef4690ce7ab3430cc5dde6de258e016ad612090cfcc04fdd8d81c3e36019e90d179a2a3b31759bf56c77606d
                                                                                SSDEEP:196608:yvV2NBKA1HeT39Iig5Tet4Q4G/NsINyzWWAMYI93:SV2fj1+TtIiOS1NsIkzWWAcx
                                                                                TLSH:43763359B2E14DFAEDB39639C6E54216A7A13C86A360C19F13F812360F336C29D7B750
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Zpc.Zpc.Zpc...`.]pc...f..pc...g.Ppc.....Ypc...`.Spc...g.Kpc...f.rpc...b.Qpc.Zpb..pc.O.g.Cpc.O.a.[pc.RichZpc.........PE..d..

                                                                                File Icon

                                                                                Icon Hash:2b2d343939c92431

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x14000cdb0
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x140000000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x66C463EC [Tue Aug 20 09:37:48 2024 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:6
                                                                                OS Version Minor:0
                                                                                File Version Major:6
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:6
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                dec eax
                                                                                sub esp, 28h
                                                                                call 00007F298CBB105Ch
                                                                                dec eax
                                                                                add esp, 28h
                                                                                jmp 00007F298CBB0C7Fh
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                dec eax
                                                                                sub esp, 28h
                                                                                call 00007F298CBB1428h
                                                                                test eax, eax
                                                                                je 00007F298CBB0E23h
                                                                                dec eax
                                                                                mov eax, dword ptr [00000030h]
                                                                                dec eax
                                                                                mov ecx, dword ptr [eax+08h]
                                                                                jmp 00007F298CBB0E07h
                                                                                dec eax
                                                                                cmp ecx, eax
                                                                                je 00007F298CBB0E16h
                                                                                xor eax, eax
                                                                                dec eax
                                                                                cmpxchg dword ptr [0003577Ch], ecx
                                                                                jne 00007F298CBB0DF0h
                                                                                xor al, al
                                                                                dec eax
                                                                                add esp, 28h
                                                                                ret
                                                                                mov al, 01h
                                                                                jmp 00007F298CBB0DF9h
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                dec eax
                                                                                sub esp, 28h
                                                                                test ecx, ecx
                                                                                jne 00007F298CBB0E09h
                                                                                mov byte ptr [00035765h], 00000001h
                                                                                call 00007F298CBB0555h
                                                                                call 00007F298CBB1840h
                                                                                test al, al
                                                                                jne 00007F298CBB0E06h
                                                                                xor al, al
                                                                                jmp 00007F298CBB0E16h
                                                                                call 00007F298CBBE35Fh
                                                                                test al, al
                                                                                jne 00007F298CBB0E0Bh
                                                                                xor ecx, ecx
                                                                                call 00007F298CBB1850h
                                                                                jmp 00007F298CBB0DECh
                                                                                mov al, 01h
                                                                                dec eax
                                                                                add esp, 28h
                                                                                ret
                                                                                int3
                                                                                int3
                                                                                inc eax
                                                                                push ebx
                                                                                dec eax
                                                                                sub esp, 20h
                                                                                cmp byte ptr [0003572Ch], 00000000h
                                                                                mov ebx, ecx
                                                                                jne 00007F298CBB0E69h
                                                                                cmp ecx, 01h
                                                                                jnbe 00007F298CBB0E6Ch
                                                                                call 00007F298CBB139Eh
                                                                                test eax, eax
                                                                                je 00007F298CBB0E2Ah
                                                                                test ebx, ebx
                                                                                jne 00007F298CBB0E26h
                                                                                dec eax
                                                                                lea ecx, dword ptr [00035716h]
                                                                                call 00007F298CBBE152h

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca5c0x78.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x10e34.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2250.pdata
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x580000x764.reloc
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x10000x29f000x2a000a6c3b829cc8eaabb1a474c227e90407fFalse0.5514206659226191data6.487493643901088IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rdata0x2b0000x12a500x12c00bffd9f49d5d096dff157f032d3af66a3False0.52453125data5.75278310668163IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                .pdata0x440000x22500x2400181312260a85d10a1454ba38901c499bFalse0.4705946180555556data5.290347578351011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .rsrc0x470000x10e340x11000ac076882ea9b4e7ec4bad463ce707931False0.279541015625data3.5945574543114382IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .reloc0x580000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                RT_ICON0x470e80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2443 x 2443 px/m0.27518336685200523
                                                                                RT_GROUP_ICON0x579100x14data1.15
                                                                                RT_MANIFEST0x579240x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                Imports

                                                                                DLLImport
                                                                                USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                COMCTL32.dll
                                                                                KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                Network Behavior

                                                                                No network behavior found

                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:19:55:56
                                                                                Start date:29/09/2024
                                                                                Path:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe"
                                                                                Imagebase:0x7ff726e00000
                                                                                File size:7'246'596 bytes
                                                                                MD5 hash:4AC074744836B3742200B03807655BD9
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:1
                                                                                Start time:19:55:57
                                                                                Start date:29/09/2024
                                                                                Path:C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe"
                                                                                Imagebase:0x7ff726e00000
                                                                                File size:7'246'596 bytes
                                                                                MD5 hash:4AC074744836B3742200B03807655BD9
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:2
                                                                                Start time:19:55:57
                                                                                Start date:29/09/2024
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\cmd.exe /c reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /f
                                                                                Imagebase:0x7ff613450000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:3
                                                                                Start time:19:55:57
                                                                                Start date:29/09/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff7699e0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:4
                                                                                Start time:19:55:57
                                                                                Start date:29/09/2024
                                                                                Path:C:\Windows\System32\reg.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:reg add "HKCU\Software\TestSoftware" /v TestValue /d "Test Data" /f
                                                                                Imagebase:0x7ff6c0520000
                                                                                File size:77'312 bytes
                                                                                MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:5
                                                                                Start time:19:55:57
                                                                                Start date:29/09/2024
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\cmd.exe /c reg add "HKCU\Software\TestSoftware" /v TestValue /d "Modified Data-ITC590 2024" /f
                                                                                Imagebase:0x7ff613450000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:6
                                                                                Start time:19:55:57
                                                                                Start date:29/09/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff7699e0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:7
                                                                                Start time:19:55:57
                                                                                Start date:29/09/2024
                                                                                Path:C:\Windows\System32\reg.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:reg add "HKCU\Software\TestSoftware" /v TestValue /d "Modified Data-ITC590 2024" /f
                                                                                Imagebase:0x7ff6c0520000
                                                                                File size:77'312 bytes
                                                                                MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate
                                                                                Has exited:true

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:9.4%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:17%
                                                                                  Total number of Nodes:2000
                                                                                  Total number of Limit Nodes:34
                                                                                  execution_graph 19668 7ff726e1f98c 19669 7ff726e1fb7e 19668->19669 19671 7ff726e1f9ce _isindst 19668->19671 19670 7ff726e14f08 _get_daylight 11 API calls 19669->19670 19688 7ff726e1fb6e 19670->19688 19671->19669 19674 7ff726e1fa4e _isindst 19671->19674 19672 7ff726e0c550 _log10_special 8 API calls 19673 7ff726e1fb99 19672->19673 19689 7ff726e26194 19674->19689 19679 7ff726e1fbaa 19681 7ff726e1a900 _isindst 17 API calls 19679->19681 19683 7ff726e1fbbe 19681->19683 19686 7ff726e1faab 19686->19688 19714 7ff726e261d8 19686->19714 19688->19672 19690 7ff726e1fa6c 19689->19690 19691 7ff726e261a3 19689->19691 19696 7ff726e25598 19690->19696 19721 7ff726e202d8 EnterCriticalSection 19691->19721 19697 7ff726e1fa81 19696->19697 19698 7ff726e255a1 19696->19698 19697->19679 19702 7ff726e255c8 19697->19702 19699 7ff726e14f08 _get_daylight 11 API calls 19698->19699 19700 7ff726e255a6 19699->19700 19701 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19700->19701 19701->19697 19703 7ff726e1fa92 19702->19703 19704 7ff726e255d1 19702->19704 19703->19679 19708 7ff726e255f8 19703->19708 19705 7ff726e14f08 _get_daylight 11 API calls 19704->19705 19706 7ff726e255d6 19705->19706 19707 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19706->19707 19707->19703 19709 7ff726e25601 19708->19709 19713 7ff726e1faa3 19708->19713 19710 7ff726e14f08 _get_daylight 11 API calls 19709->19710 19711 7ff726e25606 19710->19711 19712 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19711->19712 19712->19713 19713->19679 19713->19686 19722 7ff726e202d8 EnterCriticalSection 19714->19722 19462 7ff726e15410 19463 7ff726e1541b 19462->19463 19471 7ff726e1f2a4 19463->19471 19484 7ff726e202d8 EnterCriticalSection 19471->19484 19485 7ff726e2adfe 19486 7ff726e2ae17 19485->19486 19487 7ff726e2ae0d 19485->19487 19489 7ff726e20338 LeaveCriticalSection 19487->19489 19723 7ff726e2ad69 19726 7ff726e15478 LeaveCriticalSection 19723->19726 19383 7ff726e0bae0 19384 7ff726e0bb0e 19383->19384 19385 7ff726e0baf5 19383->19385 19385->19384 19387 7ff726e1d5fc 12 API calls 19385->19387 19386 7ff726e0bb6e 19387->19386 19388 7ff726e19961 19389 7ff726e1a3d8 45 API calls 19388->19389 19390 7ff726e19966 19389->19390 19391 7ff726e199d7 19390->19391 19392 7ff726e1998d GetModuleHandleW 19390->19392 19400 7ff726e19864 19391->19400 19392->19391 19394 7ff726e1999a 19392->19394 19394->19391 19414 7ff726e19a88 GetModuleHandleExW 19394->19414 19420 7ff726e202d8 EnterCriticalSection 19400->19420 19415 7ff726e19abc GetProcAddress 19414->19415 19416 7ff726e19ae5 19414->19416 19419 7ff726e19ace 19415->19419 19417 7ff726e19aea FreeLibrary 19416->19417 19418 7ff726e19af1 19416->19418 19417->19418 19418->19391 19419->19416 19559 7ff726e2abe3 19560 7ff726e2abf3 19559->19560 19563 7ff726e15478 LeaveCriticalSection 19560->19563 15921 7ff726e208c8 15922 7ff726e208ec 15921->15922 15925 7ff726e208fc 15921->15925 16072 7ff726e14f08 15922->16072 15924 7ff726e20bdc 15927 7ff726e14f08 _get_daylight 11 API calls 15924->15927 15925->15924 15926 7ff726e2091e 15925->15926 15928 7ff726e2093f 15926->15928 16075 7ff726e20f84 15926->16075 15929 7ff726e20be1 15927->15929 15932 7ff726e209b1 15928->15932 15934 7ff726e20965 15928->15934 15939 7ff726e209a5 15928->15939 15931 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15929->15931 15943 7ff726e208f1 15931->15943 15936 7ff726e1eb98 _get_daylight 11 API calls 15932->15936 15953 7ff726e20974 15932->15953 15933 7ff726e20a5e 15942 7ff726e20a7b 15933->15942 15950 7ff726e20acd 15933->15950 16090 7ff726e196c0 15934->16090 15940 7ff726e209c7 15936->15940 15939->15933 15939->15953 16102 7ff726e2712c 15939->16102 15944 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15940->15944 15947 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15942->15947 15948 7ff726e209d5 15944->15948 15945 7ff726e2098d 15945->15939 15952 7ff726e20f84 45 API calls 15945->15952 15946 7ff726e2096f 15949 7ff726e14f08 _get_daylight 11 API calls 15946->15949 15951 7ff726e20a84 15947->15951 15948->15939 15948->15953 15955 7ff726e1eb98 _get_daylight 11 API calls 15948->15955 15949->15953 15950->15953 15954 7ff726e233dc 40 API calls 15950->15954 15962 7ff726e20a89 15951->15962 16138 7ff726e233dc 15951->16138 15952->15939 16096 7ff726e1a948 15953->16096 15956 7ff726e20b0a 15954->15956 15957 7ff726e209f7 15955->15957 15958 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15956->15958 15960 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15957->15960 15961 7ff726e20b14 15958->15961 15960->15939 15961->15953 15961->15962 15963 7ff726e20bd0 15962->15963 16052 7ff726e1eb98 15962->16052 15965 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15963->15965 15964 7ff726e20ab5 15966 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15964->15966 15965->15943 15966->15962 15969 7ff726e20b69 16059 7ff726e1a4a4 15969->16059 15970 7ff726e20b60 15971 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15970->15971 15973 7ff726e20b67 15971->15973 15979 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15973->15979 15975 7ff726e20c0b 16068 7ff726e1a900 IsProcessorFeaturePresent 15975->16068 15976 7ff726e20b80 16147 7ff726e27244 15976->16147 15979->15943 15982 7ff726e20bc8 15985 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15982->15985 15983 7ff726e20ba7 15986 7ff726e14f08 _get_daylight 11 API calls 15983->15986 15985->15963 15989 7ff726e20bac 15986->15989 15992 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15989->15992 15992->15973 16057 7ff726e1eba9 _get_daylight 16052->16057 16053 7ff726e1ebfa 16055 7ff726e14f08 _get_daylight 10 API calls 16053->16055 16054 7ff726e1ebde HeapAlloc 16056 7ff726e1ebf8 16054->16056 16054->16057 16055->16056 16056->15969 16056->15970 16057->16053 16057->16054 16166 7ff726e23590 16057->16166 16060 7ff726e1a4bb 16059->16060 16061 7ff726e1a4b1 16059->16061 16062 7ff726e14f08 _get_daylight 11 API calls 16060->16062 16061->16060 16066 7ff726e1a4d6 16061->16066 16063 7ff726e1a4c2 16062->16063 16175 7ff726e1a8e0 16063->16175 16065 7ff726e1a4ce 16065->15975 16065->15976 16066->16065 16067 7ff726e14f08 _get_daylight 11 API calls 16066->16067 16067->16063 16069 7ff726e1a913 16068->16069 16237 7ff726e1a614 16069->16237 16259 7ff726e1b2c8 GetLastError 16072->16259 16074 7ff726e14f11 16074->15943 16076 7ff726e20fb9 16075->16076 16077 7ff726e20fa1 16075->16077 16078 7ff726e1eb98 _get_daylight 11 API calls 16076->16078 16077->15928 16084 7ff726e20fdd 16078->16084 16079 7ff726e2103e 16081 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16079->16081 16081->16077 16083 7ff726e1eb98 _get_daylight 11 API calls 16083->16084 16084->16079 16084->16083 16085 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16084->16085 16086 7ff726e1a4a4 __std_exception_copy 37 API calls 16084->16086 16087 7ff726e2104d 16084->16087 16089 7ff726e21062 16084->16089 16085->16084 16086->16084 16088 7ff726e1a900 _isindst 17 API calls 16087->16088 16088->16089 16276 7ff726e1a504 16089->16276 16091 7ff726e196d0 16090->16091 16093 7ff726e196d9 16090->16093 16091->16093 16342 7ff726e19198 16091->16342 16093->15945 16093->15946 16097 7ff726e1a94d RtlFreeHeap 16096->16097 16098 7ff726e1a97c 16096->16098 16097->16098 16099 7ff726e1a968 GetLastError 16097->16099 16098->15943 16100 7ff726e1a975 Concurrency::details::SchedulerProxy::DeleteThis 16099->16100 16101 7ff726e14f08 _get_daylight 9 API calls 16100->16101 16101->16098 16103 7ff726e27139 16102->16103 16104 7ff726e26254 16102->16104 16106 7ff726e14f4c 45 API calls 16103->16106 16105 7ff726e26261 16104->16105 16112 7ff726e26297 16104->16112 16109 7ff726e14f08 _get_daylight 11 API calls 16105->16109 16110 7ff726e26208 16105->16110 16108 7ff726e2716d 16106->16108 16107 7ff726e262c1 16111 7ff726e14f08 _get_daylight 11 API calls 16107->16111 16116 7ff726e27183 16108->16116 16119 7ff726e2719a 16108->16119 16131 7ff726e27172 16108->16131 16113 7ff726e2626b 16109->16113 16110->15939 16114 7ff726e262c6 16111->16114 16112->16107 16115 7ff726e262e6 16112->16115 16117 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16113->16117 16118 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16114->16118 16124 7ff726e14f4c 45 API calls 16115->16124 16129 7ff726e262d1 16115->16129 16120 7ff726e14f08 _get_daylight 11 API calls 16116->16120 16121 7ff726e26276 16117->16121 16118->16129 16122 7ff726e271a4 16119->16122 16123 7ff726e271b6 16119->16123 16125 7ff726e27188 16120->16125 16121->15939 16126 7ff726e14f08 _get_daylight 11 API calls 16122->16126 16127 7ff726e271c7 16123->16127 16128 7ff726e271de 16123->16128 16124->16129 16130 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16125->16130 16132 7ff726e271a9 16126->16132 16635 7ff726e262a4 16127->16635 16644 7ff726e28f4c 16128->16644 16129->15939 16130->16131 16131->15939 16135 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16132->16135 16135->16131 16137 7ff726e14f08 _get_daylight 11 API calls 16137->16131 16139 7ff726e2341b 16138->16139 16140 7ff726e233fe 16138->16140 16142 7ff726e23425 16139->16142 16684 7ff726e27c38 16139->16684 16140->16139 16141 7ff726e2340c 16140->16141 16143 7ff726e14f08 _get_daylight 11 API calls 16141->16143 16691 7ff726e27c74 16142->16691 16146 7ff726e23411 __scrt_get_show_window_mode 16143->16146 16146->15964 16148 7ff726e14f4c 45 API calls 16147->16148 16149 7ff726e272aa 16148->16149 16150 7ff726e272b8 16149->16150 16703 7ff726e1ef24 16149->16703 16706 7ff726e154ac 16150->16706 16154 7ff726e273a4 16157 7ff726e273b5 16154->16157 16158 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16154->16158 16155 7ff726e14f4c 45 API calls 16156 7ff726e27327 16155->16156 16160 7ff726e1ef24 5 API calls 16156->16160 16163 7ff726e27330 16156->16163 16159 7ff726e20ba3 16157->16159 16161 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16157->16161 16158->16157 16159->15982 16159->15983 16160->16163 16161->16159 16162 7ff726e154ac 14 API calls 16164 7ff726e2738b 16162->16164 16163->16162 16164->16154 16165 7ff726e27393 SetEnvironmentVariableW 16164->16165 16165->16154 16169 7ff726e235d0 16166->16169 16174 7ff726e202d8 EnterCriticalSection 16169->16174 16178 7ff726e1a778 16175->16178 16177 7ff726e1a8f9 16177->16065 16179 7ff726e1a7a3 16178->16179 16182 7ff726e1a814 16179->16182 16181 7ff726e1a7ca 16181->16177 16192 7ff726e1a55c 16182->16192 16187 7ff726e1a84f 16187->16181 16188 7ff726e1a900 _isindst 17 API calls 16189 7ff726e1a8df 16188->16189 16190 7ff726e1a778 _invalid_parameter_noinfo 37 API calls 16189->16190 16191 7ff726e1a8f9 16190->16191 16191->16181 16193 7ff726e1a578 GetLastError 16192->16193 16194 7ff726e1a5b3 16192->16194 16195 7ff726e1a588 16193->16195 16194->16187 16198 7ff726e1a5c8 16194->16198 16201 7ff726e1b390 16195->16201 16199 7ff726e1a5fc 16198->16199 16200 7ff726e1a5e4 GetLastError SetLastError 16198->16200 16199->16187 16199->16188 16200->16199 16202 7ff726e1b3ca FlsSetValue 16201->16202 16203 7ff726e1b3af FlsGetValue 16201->16203 16205 7ff726e1b3d7 16202->16205 16206 7ff726e1a5a3 SetLastError 16202->16206 16204 7ff726e1b3c4 16203->16204 16203->16206 16204->16202 16207 7ff726e1eb98 _get_daylight 11 API calls 16205->16207 16206->16194 16208 7ff726e1b3e6 16207->16208 16209 7ff726e1b404 FlsSetValue 16208->16209 16210 7ff726e1b3f4 FlsSetValue 16208->16210 16212 7ff726e1b410 FlsSetValue 16209->16212 16213 7ff726e1b422 16209->16213 16211 7ff726e1b3fd 16210->16211 16214 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16211->16214 16212->16211 16218 7ff726e1aef4 16213->16218 16214->16206 16223 7ff726e1adcc 16218->16223 16235 7ff726e202d8 EnterCriticalSection 16223->16235 16238 7ff726e1a64e __GetCurrentState __scrt_get_show_window_mode 16237->16238 16239 7ff726e1a676 RtlCaptureContext RtlLookupFunctionEntry 16238->16239 16240 7ff726e1a6b0 RtlVirtualUnwind 16239->16240 16241 7ff726e1a6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16239->16241 16240->16241 16242 7ff726e1a738 __GetCurrentState 16241->16242 16245 7ff726e0c550 16242->16245 16246 7ff726e0c559 16245->16246 16247 7ff726e0c564 GetCurrentProcess TerminateProcess 16246->16247 16248 7ff726e0c8e0 IsProcessorFeaturePresent 16246->16248 16249 7ff726e0c8f8 16248->16249 16254 7ff726e0cad8 RtlCaptureContext 16249->16254 16255 7ff726e0caf2 RtlLookupFunctionEntry 16254->16255 16256 7ff726e0cb08 RtlVirtualUnwind 16255->16256 16257 7ff726e0c90b 16255->16257 16256->16255 16256->16257 16258 7ff726e0c8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16257->16258 16260 7ff726e1b309 FlsSetValue 16259->16260 16266 7ff726e1b2ec 16259->16266 16261 7ff726e1b31b 16260->16261 16265 7ff726e1b2f9 16260->16265 16263 7ff726e1eb98 _get_daylight 5 API calls 16261->16263 16262 7ff726e1b375 SetLastError 16262->16074 16264 7ff726e1b32a 16263->16264 16267 7ff726e1b348 FlsSetValue 16264->16267 16268 7ff726e1b338 FlsSetValue 16264->16268 16265->16262 16266->16260 16266->16265 16270 7ff726e1b354 FlsSetValue 16267->16270 16271 7ff726e1b366 16267->16271 16269 7ff726e1b341 16268->16269 16272 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16269->16272 16270->16269 16273 7ff726e1aef4 _get_daylight 5 API calls 16271->16273 16272->16265 16274 7ff726e1b36e 16273->16274 16275 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16274->16275 16275->16262 16285 7ff726e23650 16276->16285 16311 7ff726e23608 16285->16311 16316 7ff726e202d8 EnterCriticalSection 16311->16316 16343 7ff726e191b1 16342->16343 16352 7ff726e191ad 16342->16352 16365 7ff726e225f0 16343->16365 16348 7ff726e191cf 16391 7ff726e1927c 16348->16391 16349 7ff726e191c3 16350 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16349->16350 16350->16352 16352->16093 16357 7ff726e194ec 16352->16357 16354 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16355 7ff726e191f6 16354->16355 16356 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16355->16356 16356->16352 16358 7ff726e1952e 16357->16358 16359 7ff726e19515 16357->16359 16358->16359 16360 7ff726e1eb98 _get_daylight 11 API calls 16358->16360 16361 7ff726e195be 16358->16361 16362 7ff726e207e8 WideCharToMultiByte 16358->16362 16364 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16358->16364 16359->16093 16360->16358 16363 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16361->16363 16362->16358 16363->16359 16364->16358 16366 7ff726e191b6 16365->16366 16367 7ff726e225fd 16365->16367 16371 7ff726e2292c GetEnvironmentStringsW 16366->16371 16410 7ff726e1b224 16367->16410 16372 7ff726e191bb 16371->16372 16373 7ff726e2295c 16371->16373 16372->16348 16372->16349 16374 7ff726e207e8 WideCharToMultiByte 16373->16374 16375 7ff726e229ad 16374->16375 16376 7ff726e229b4 FreeEnvironmentStringsW 16375->16376 16377 7ff726e1d5fc _fread_nolock 12 API calls 16375->16377 16376->16372 16378 7ff726e229c7 16377->16378 16379 7ff726e229d8 16378->16379 16380 7ff726e229cf 16378->16380 16382 7ff726e207e8 WideCharToMultiByte 16379->16382 16381 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16380->16381 16383 7ff726e229d6 16381->16383 16384 7ff726e229fb 16382->16384 16383->16376 16385 7ff726e22a09 16384->16385 16386 7ff726e229ff 16384->16386 16388 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16385->16388 16387 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16386->16387 16389 7ff726e22a07 FreeEnvironmentStringsW 16387->16389 16388->16389 16389->16372 16392 7ff726e192a1 16391->16392 16393 7ff726e1eb98 _get_daylight 11 API calls 16392->16393 16405 7ff726e192d7 16393->16405 16394 7ff726e192df 16395 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16394->16395 16397 7ff726e191d7 16395->16397 16396 7ff726e19352 16398 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16396->16398 16397->16354 16398->16397 16399 7ff726e1eb98 _get_daylight 11 API calls 16399->16405 16400 7ff726e19341 16629 7ff726e194a8 16400->16629 16401 7ff726e1a4a4 __std_exception_copy 37 API calls 16401->16405 16404 7ff726e19377 16407 7ff726e1a900 _isindst 17 API calls 16404->16407 16405->16394 16405->16396 16405->16399 16405->16400 16405->16401 16405->16404 16408 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16405->16408 16406 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16406->16394 16409 7ff726e1938a 16407->16409 16408->16405 16411 7ff726e1b250 FlsSetValue 16410->16411 16412 7ff726e1b235 FlsGetValue 16410->16412 16413 7ff726e1b25d 16411->16413 16414 7ff726e1b242 16411->16414 16412->16414 16415 7ff726e1b24a 16412->16415 16418 7ff726e1eb98 _get_daylight 11 API calls 16413->16418 16416 7ff726e1b248 16414->16416 16417 7ff726e1a504 __GetCurrentState 45 API calls 16414->16417 16415->16411 16430 7ff726e222c4 16416->16430 16419 7ff726e1b2c5 16417->16419 16420 7ff726e1b26c 16418->16420 16421 7ff726e1b28a FlsSetValue 16420->16421 16422 7ff726e1b27a FlsSetValue 16420->16422 16424 7ff726e1b2a8 16421->16424 16425 7ff726e1b296 FlsSetValue 16421->16425 16423 7ff726e1b283 16422->16423 16426 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16423->16426 16427 7ff726e1aef4 _get_daylight 11 API calls 16424->16427 16425->16423 16426->16414 16428 7ff726e1b2b0 16427->16428 16429 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16428->16429 16429->16416 16453 7ff726e22534 16430->16453 16432 7ff726e222f9 16468 7ff726e21fc4 16432->16468 16435 7ff726e22316 16435->16366 16438 7ff726e2232f 16439 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16438->16439 16439->16435 16440 7ff726e2233e 16440->16440 16482 7ff726e2266c 16440->16482 16443 7ff726e2243a 16444 7ff726e14f08 _get_daylight 11 API calls 16443->16444 16446 7ff726e2243f 16444->16446 16445 7ff726e22495 16448 7ff726e224fc 16445->16448 16493 7ff726e21df4 16445->16493 16449 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16446->16449 16447 7ff726e22454 16447->16445 16450 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16447->16450 16452 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16448->16452 16449->16435 16450->16445 16452->16435 16454 7ff726e22557 16453->16454 16457 7ff726e22561 16454->16457 16508 7ff726e202d8 EnterCriticalSection 16454->16508 16456 7ff726e225d3 16456->16432 16457->16456 16460 7ff726e1a504 __GetCurrentState 45 API calls 16457->16460 16461 7ff726e225eb 16460->16461 16463 7ff726e22642 16461->16463 16465 7ff726e1b224 50 API calls 16461->16465 16463->16432 16466 7ff726e2262c 16465->16466 16467 7ff726e222c4 65 API calls 16466->16467 16467->16463 16509 7ff726e14f4c 16468->16509 16471 7ff726e21fe4 GetOEMCP 16474 7ff726e2200b 16471->16474 16472 7ff726e21ff6 16473 7ff726e21ffb GetACP 16472->16473 16472->16474 16473->16474 16474->16435 16475 7ff726e1d5fc 16474->16475 16476 7ff726e1d647 16475->16476 16480 7ff726e1d60b _get_daylight 16475->16480 16477 7ff726e14f08 _get_daylight 11 API calls 16476->16477 16479 7ff726e1d645 16477->16479 16478 7ff726e1d62e HeapAlloc 16478->16479 16478->16480 16479->16438 16479->16440 16480->16476 16480->16478 16481 7ff726e23590 _get_daylight 2 API calls 16480->16481 16481->16480 16483 7ff726e21fc4 47 API calls 16482->16483 16484 7ff726e22699 16483->16484 16485 7ff726e227ef 16484->16485 16487 7ff726e226d6 IsValidCodePage 16484->16487 16492 7ff726e226f0 __scrt_get_show_window_mode 16484->16492 16486 7ff726e0c550 _log10_special 8 API calls 16485->16486 16488 7ff726e22431 16486->16488 16487->16485 16489 7ff726e226e7 16487->16489 16488->16443 16488->16447 16490 7ff726e22716 GetCPInfo 16489->16490 16489->16492 16490->16485 16490->16492 16541 7ff726e220dc 16492->16541 16628 7ff726e202d8 EnterCriticalSection 16493->16628 16510 7ff726e14f70 16509->16510 16511 7ff726e14f6b 16509->16511 16510->16511 16512 7ff726e1b150 __GetCurrentState 45 API calls 16510->16512 16511->16471 16511->16472 16513 7ff726e14f8b 16512->16513 16517 7ff726e1d984 16513->16517 16518 7ff726e1d999 16517->16518 16519 7ff726e14fae 16517->16519 16518->16519 16525 7ff726e23304 16518->16525 16521 7ff726e1d9f0 16519->16521 16522 7ff726e1da18 16521->16522 16523 7ff726e1da05 16521->16523 16522->16511 16523->16522 16538 7ff726e22650 16523->16538 16526 7ff726e1b150 __GetCurrentState 45 API calls 16525->16526 16527 7ff726e23313 16526->16527 16528 7ff726e2335e 16527->16528 16537 7ff726e202d8 EnterCriticalSection 16527->16537 16528->16519 16539 7ff726e1b150 __GetCurrentState 45 API calls 16538->16539 16540 7ff726e22659 16539->16540 16542 7ff726e22119 GetCPInfo 16541->16542 16543 7ff726e2220f 16541->16543 16542->16543 16549 7ff726e2212c 16542->16549 16544 7ff726e0c550 _log10_special 8 API calls 16543->16544 16546 7ff726e222ae 16544->16546 16546->16485 16552 7ff726e22e40 16549->16552 16553 7ff726e14f4c 45 API calls 16552->16553 16554 7ff726e22e82 16553->16554 16572 7ff726e1f8a0 16554->16572 16574 7ff726e1f8a9 MultiByteToWideChar 16572->16574 16630 7ff726e194ad 16629->16630 16634 7ff726e19349 16629->16634 16631 7ff726e194d6 16630->16631 16632 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16630->16632 16633 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16631->16633 16632->16630 16633->16634 16634->16406 16636 7ff726e262d8 16635->16636 16637 7ff726e262c1 16635->16637 16636->16637 16640 7ff726e262e6 16636->16640 16638 7ff726e14f08 _get_daylight 11 API calls 16637->16638 16639 7ff726e262c6 16638->16639 16641 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16639->16641 16642 7ff726e262d1 16640->16642 16643 7ff726e14f4c 45 API calls 16640->16643 16641->16642 16642->16131 16643->16642 16645 7ff726e14f4c 45 API calls 16644->16645 16646 7ff726e28f71 16645->16646 16649 7ff726e28bc8 16646->16649 16652 7ff726e28c16 16649->16652 16650 7ff726e0c550 _log10_special 8 API calls 16651 7ff726e27205 16650->16651 16651->16131 16651->16137 16653 7ff726e28c9d 16652->16653 16655 7ff726e28c88 GetCPInfo 16652->16655 16656 7ff726e28ca1 16652->16656 16654 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 16653->16654 16653->16656 16657 7ff726e28d35 16654->16657 16655->16653 16655->16656 16656->16650 16657->16656 16658 7ff726e1d5fc _fread_nolock 12 API calls 16657->16658 16659 7ff726e28d6c 16657->16659 16658->16659 16659->16656 16660 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 16659->16660 16661 7ff726e28dda 16660->16661 16662 7ff726e28ebc 16661->16662 16663 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 16661->16663 16662->16656 16664 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16662->16664 16665 7ff726e28e00 16663->16665 16664->16656 16665->16662 16666 7ff726e1d5fc _fread_nolock 12 API calls 16665->16666 16667 7ff726e28e2d 16665->16667 16666->16667 16667->16662 16668 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 16667->16668 16669 7ff726e28ea4 16668->16669 16670 7ff726e28eaa 16669->16670 16671 7ff726e28ec4 16669->16671 16670->16662 16673 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16670->16673 16678 7ff726e1ef68 16671->16678 16673->16662 16675 7ff726e28f03 16675->16656 16677 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16675->16677 16676 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16676->16675 16677->16656 16679 7ff726e1ed10 __crtLCMapStringW 5 API calls 16678->16679 16680 7ff726e1efa6 16679->16680 16681 7ff726e1efae 16680->16681 16682 7ff726e1f1d0 __crtLCMapStringW 5 API calls 16680->16682 16681->16675 16681->16676 16683 7ff726e1f017 CompareStringW 16682->16683 16683->16681 16685 7ff726e27c5a HeapSize 16684->16685 16686 7ff726e27c41 16684->16686 16687 7ff726e14f08 _get_daylight 11 API calls 16686->16687 16688 7ff726e27c46 16687->16688 16689 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16688->16689 16690 7ff726e27c51 16689->16690 16690->16142 16692 7ff726e27c89 16691->16692 16693 7ff726e27c93 16691->16693 16694 7ff726e1d5fc _fread_nolock 12 API calls 16692->16694 16695 7ff726e27c98 16693->16695 16702 7ff726e27c9f _get_daylight 16693->16702 16700 7ff726e27c91 16694->16700 16696 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16695->16696 16696->16700 16697 7ff726e27cd2 HeapReAlloc 16697->16700 16697->16702 16698 7ff726e27ca5 16699 7ff726e14f08 _get_daylight 11 API calls 16698->16699 16699->16700 16700->16146 16701 7ff726e23590 _get_daylight 2 API calls 16701->16702 16702->16697 16702->16698 16702->16701 16704 7ff726e1ed10 __crtLCMapStringW 5 API calls 16703->16704 16705 7ff726e1ef44 16704->16705 16705->16150 16707 7ff726e154fa 16706->16707 16708 7ff726e154d6 16706->16708 16709 7ff726e154ff 16707->16709 16710 7ff726e15554 16707->16710 16711 7ff726e154e5 16708->16711 16713 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16708->16713 16709->16711 16714 7ff726e15514 16709->16714 16715 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16709->16715 16712 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 16710->16712 16711->16154 16711->16155 16719 7ff726e15570 16712->16719 16713->16711 16716 7ff726e1d5fc _fread_nolock 12 API calls 16714->16716 16715->16714 16716->16711 16717 7ff726e15577 GetLastError 16728 7ff726e14e7c 16717->16728 16719->16717 16722 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16719->16722 16726 7ff726e155a5 16719->16726 16727 7ff726e155b2 16719->16727 16720 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 16724 7ff726e155f6 16720->16724 16722->16726 16723 7ff726e1d5fc _fread_nolock 12 API calls 16723->16727 16724->16711 16724->16717 16725 7ff726e14f08 _get_daylight 11 API calls 16725->16711 16726->16723 16727->16711 16727->16720 16729 7ff726e1b2c8 _get_daylight 11 API calls 16728->16729 16730 7ff726e14e89 Concurrency::details::SchedulerProxy::DeleteThis 16729->16730 16731 7ff726e1b2c8 _get_daylight 11 API calls 16730->16731 16732 7ff726e14eab 16731->16732 16732->16725 19564 7ff726e1afd0 19565 7ff726e1afd5 19564->19565 19569 7ff726e1afea 19564->19569 19570 7ff726e1aff0 19565->19570 19571 7ff726e1b03a 19570->19571 19572 7ff726e1b032 19570->19572 19574 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19571->19574 19573 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19572->19573 19573->19571 19575 7ff726e1b047 19574->19575 19576 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19575->19576 19577 7ff726e1b054 19576->19577 19578 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19577->19578 19579 7ff726e1b061 19578->19579 19580 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19579->19580 19581 7ff726e1b06e 19580->19581 19582 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19581->19582 19583 7ff726e1b07b 19582->19583 19584 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19583->19584 19585 7ff726e1b088 19584->19585 19586 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19585->19586 19587 7ff726e1b095 19586->19587 19588 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19587->19588 19589 7ff726e1b0a5 19588->19589 19590 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19589->19590 19591 7ff726e1b0b5 19590->19591 19596 7ff726e1ae94 19591->19596 19610 7ff726e202d8 EnterCriticalSection 19596->19610 19796 7ff726e19d50 19799 7ff726e19ccc 19796->19799 19806 7ff726e202d8 EnterCriticalSection 19799->19806 19807 7ff726e0cb50 19808 7ff726e0cb60 19807->19808 19824 7ff726e19ba8 19808->19824 19810 7ff726e0cb6c 19830 7ff726e0ce48 19810->19830 19812 7ff726e0d12c 7 API calls 19814 7ff726e0cc05 19812->19814 19813 7ff726e0cb84 _RTC_Initialize 19822 7ff726e0cbd9 19813->19822 19835 7ff726e0cff8 19813->19835 19816 7ff726e0cb99 19838 7ff726e19014 19816->19838 19822->19812 19823 7ff726e0cbf5 19822->19823 19825 7ff726e19bb9 19824->19825 19826 7ff726e14f08 _get_daylight 11 API calls 19825->19826 19827 7ff726e19bc1 19825->19827 19828 7ff726e19bd0 19826->19828 19827->19810 19829 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19828->19829 19829->19827 19831 7ff726e0ce59 19830->19831 19832 7ff726e0ce5e __scrt_acquire_startup_lock 19830->19832 19831->19832 19833 7ff726e0d12c 7 API calls 19831->19833 19832->19813 19834 7ff726e0ced2 19833->19834 19863 7ff726e0cfbc 19835->19863 19837 7ff726e0d001 19837->19816 19839 7ff726e19034 19838->19839 19846 7ff726e0cba5 19838->19846 19840 7ff726e1903c 19839->19840 19841 7ff726e19052 GetModuleFileNameW 19839->19841 19842 7ff726e14f08 _get_daylight 11 API calls 19840->19842 19843 7ff726e1907d 19841->19843 19844 7ff726e19041 19842->19844 19878 7ff726e18fb4 19843->19878 19845 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19844->19845 19845->19846 19846->19822 19862 7ff726e0d0cc InitializeSListHead 19846->19862 19849 7ff726e190c5 19850 7ff726e14f08 _get_daylight 11 API calls 19849->19850 19851 7ff726e190ca 19850->19851 19854 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19851->19854 19852 7ff726e190ff 19855 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19852->19855 19853 7ff726e190dd 19853->19852 19856 7ff726e1912b 19853->19856 19857 7ff726e19144 19853->19857 19854->19846 19855->19846 19858 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19856->19858 19860 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19857->19860 19859 7ff726e19134 19858->19859 19861 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19859->19861 19860->19852 19861->19846 19864 7ff726e0cfd6 19863->19864 19866 7ff726e0cfcf 19863->19866 19867 7ff726e1a1ec 19864->19867 19866->19837 19870 7ff726e19e28 19867->19870 19877 7ff726e202d8 EnterCriticalSection 19870->19877 19879 7ff726e18fcc 19878->19879 19883 7ff726e19004 19878->19883 19880 7ff726e1eb98 _get_daylight 11 API calls 19879->19880 19879->19883 19881 7ff726e18ffa 19880->19881 19882 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19881->19882 19882->19883 19883->19849 19883->19853 16943 7ff726e0cc3c 16964 7ff726e0ce0c 16943->16964 16946 7ff726e0cd88 17118 7ff726e0d12c IsProcessorFeaturePresent 16946->17118 16947 7ff726e0cc58 __scrt_acquire_startup_lock 16949 7ff726e0cd92 16947->16949 16956 7ff726e0cc76 __scrt_release_startup_lock 16947->16956 16950 7ff726e0d12c 7 API calls 16949->16950 16952 7ff726e0cd9d __GetCurrentState 16950->16952 16951 7ff726e0cc9b 16953 7ff726e0cd21 16970 7ff726e0d274 16953->16970 16955 7ff726e0cd26 16973 7ff726e01000 16955->16973 16956->16951 16956->16953 17107 7ff726e19b2c 16956->17107 16961 7ff726e0cd49 16961->16952 17114 7ff726e0cf90 16961->17114 16965 7ff726e0ce14 16964->16965 16966 7ff726e0ce20 __scrt_dllmain_crt_thread_attach 16965->16966 16967 7ff726e0cc50 16966->16967 16968 7ff726e0ce2d 16966->16968 16967->16946 16967->16947 16968->16967 17125 7ff726e0d888 16968->17125 16971 7ff726e2a4d0 __scrt_get_show_window_mode 16970->16971 16972 7ff726e0d28b GetStartupInfoW 16971->16972 16972->16955 16974 7ff726e01009 16973->16974 17152 7ff726e15484 16974->17152 16976 7ff726e037fb 17159 7ff726e036b0 16976->17159 16981 7ff726e0c550 _log10_special 8 API calls 16984 7ff726e03ca7 16981->16984 16982 7ff726e0383c 17319 7ff726e01c80 16982->17319 16983 7ff726e0391b 17328 7ff726e045c0 16983->17328 17112 7ff726e0d2b8 GetModuleHandleW 16984->17112 16987 7ff726e0385b 17231 7ff726e08830 16987->17231 16990 7ff726e0396a 17351 7ff726e02710 16990->17351 16992 7ff726e0388e 17001 7ff726e038bb __std_exception_destroy 16992->17001 17323 7ff726e089a0 16992->17323 16994 7ff726e0395d 16995 7ff726e03984 16994->16995 16996 7ff726e03962 16994->16996 16997 7ff726e01c80 49 API calls 16995->16997 17347 7ff726e1004c 16996->17347 17000 7ff726e039a3 16997->17000 17006 7ff726e01950 115 API calls 17000->17006 17003 7ff726e08830 14 API calls 17001->17003 17009 7ff726e038de __std_exception_destroy 17001->17009 17003->17009 17004 7ff726e03a0b 17005 7ff726e089a0 40 API calls 17004->17005 17007 7ff726e03a17 17005->17007 17008 7ff726e039ce 17006->17008 17010 7ff726e089a0 40 API calls 17007->17010 17008->16987 17011 7ff726e039de 17008->17011 17015 7ff726e0390e __std_exception_destroy 17009->17015 17362 7ff726e08940 17009->17362 17012 7ff726e03a23 17010->17012 17013 7ff726e02710 54 API calls 17011->17013 17014 7ff726e089a0 40 API calls 17012->17014 17106 7ff726e03808 __std_exception_destroy 17013->17106 17014->17015 17016 7ff726e08830 14 API calls 17015->17016 17017 7ff726e03a3b 17016->17017 17018 7ff726e03a60 __std_exception_destroy 17017->17018 17019 7ff726e03b2f 17017->17019 17021 7ff726e08940 40 API calls 17018->17021 17032 7ff726e03aab 17018->17032 17020 7ff726e02710 54 API calls 17019->17020 17020->17106 17021->17032 17022 7ff726e08830 14 API calls 17023 7ff726e03bf4 __std_exception_destroy 17022->17023 17024 7ff726e03c46 17023->17024 17025 7ff726e03d41 17023->17025 17027 7ff726e03cd4 17024->17027 17028 7ff726e03c50 17024->17028 17369 7ff726e044e0 17025->17369 17030 7ff726e08830 14 API calls 17027->17030 17244 7ff726e090e0 17028->17244 17034 7ff726e03ce0 17030->17034 17031 7ff726e03d4f 17035 7ff726e03d65 17031->17035 17036 7ff726e03d71 17031->17036 17032->17022 17037 7ff726e03c61 17034->17037 17040 7ff726e03ced 17034->17040 17372 7ff726e04630 17035->17372 17039 7ff726e01c80 49 API calls 17036->17039 17042 7ff726e02710 54 API calls 17037->17042 17049 7ff726e03cc8 __std_exception_destroy 17039->17049 17043 7ff726e01c80 49 API calls 17040->17043 17042->17106 17046 7ff726e03d0b 17043->17046 17044 7ff726e03dbc 17294 7ff726e09390 17044->17294 17048 7ff726e03d12 17046->17048 17046->17049 17052 7ff726e02710 54 API calls 17048->17052 17049->17044 17050 7ff726e03da7 LoadLibraryExW 17049->17050 17050->17044 17051 7ff726e03dcf SetDllDirectoryW 17054 7ff726e03e02 17051->17054 17096 7ff726e03e52 17051->17096 17052->17106 17055 7ff726e08830 14 API calls 17054->17055 17063 7ff726e03e0e __std_exception_destroy 17055->17063 17056 7ff726e04000 17057 7ff726e0402d 17056->17057 17058 7ff726e0400a PostMessageW GetMessageW 17056->17058 17449 7ff726e03360 17057->17449 17058->17057 17059 7ff726e03f13 17299 7ff726e033c0 17059->17299 17066 7ff726e03eea 17063->17066 17070 7ff726e03e46 17063->17070 17069 7ff726e08940 40 API calls 17066->17069 17069->17096 17070->17096 17375 7ff726e06dc0 17070->17375 17075 7ff726e06fc0 FreeLibrary 17083 7ff726e03e79 17086 7ff726e03e9a 17083->17086 17097 7ff726e03e7d 17083->17097 17396 7ff726e06e00 17083->17396 17086->17097 17096->17056 17096->17059 17097->17096 17431 7ff726e02a50 17097->17431 17106->16981 17108 7ff726e19b64 17107->17108 17109 7ff726e19b43 17107->17109 19378 7ff726e1a3d8 17108->19378 17109->16953 17113 7ff726e0d2c9 17112->17113 17113->16961 17116 7ff726e0cfa1 17114->17116 17115 7ff726e0cd60 17115->16951 17116->17115 17117 7ff726e0d888 7 API calls 17116->17117 17117->17115 17119 7ff726e0d152 __GetCurrentState __scrt_get_show_window_mode 17118->17119 17120 7ff726e0d171 RtlCaptureContext RtlLookupFunctionEntry 17119->17120 17121 7ff726e0d19a RtlVirtualUnwind 17120->17121 17122 7ff726e0d1d6 __scrt_get_show_window_mode 17120->17122 17121->17122 17123 7ff726e0d208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17122->17123 17124 7ff726e0d256 __GetCurrentState 17123->17124 17124->16949 17126 7ff726e0d89a 17125->17126 17127 7ff726e0d890 17125->17127 17126->16967 17131 7ff726e0dc24 17127->17131 17132 7ff726e0d895 17131->17132 17133 7ff726e0dc33 17131->17133 17135 7ff726e0dc90 17132->17135 17139 7ff726e0de60 17133->17139 17136 7ff726e0dcbb 17135->17136 17137 7ff726e0dc9e DeleteCriticalSection 17136->17137 17138 7ff726e0dcbf 17136->17138 17137->17136 17138->17126 17143 7ff726e0dcc8 17139->17143 17148 7ff726e0dd0c __vcrt_FlsAlloc 17143->17148 17150 7ff726e0ddb2 TlsFree 17143->17150 17144 7ff726e0dd3a LoadLibraryExW 17146 7ff726e0ddd9 17144->17146 17147 7ff726e0dd5b GetLastError 17144->17147 17145 7ff726e0ddf9 GetProcAddress 17145->17150 17146->17145 17149 7ff726e0ddf0 FreeLibrary 17146->17149 17147->17148 17148->17144 17148->17145 17148->17150 17151 7ff726e0dd7d LoadLibraryExW 17148->17151 17149->17145 17151->17146 17151->17148 17155 7ff726e1f480 17152->17155 17153 7ff726e1f4d3 17154 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17153->17154 17156 7ff726e1f4fc 17154->17156 17155->17153 17157 7ff726e1f526 17155->17157 17156->16976 17462 7ff726e1f358 17157->17462 17470 7ff726e0c850 17159->17470 17162 7ff726e03710 17472 7ff726e09280 FindFirstFileExW 17162->17472 17163 7ff726e036eb GetLastError 17477 7ff726e02c50 17163->17477 17167 7ff726e03723 17492 7ff726e09300 CreateFileW 17167->17492 17168 7ff726e0377d 17503 7ff726e09440 17168->17503 17170 7ff726e0c550 _log10_special 8 API calls 17172 7ff726e037b5 17170->17172 17172->17106 17181 7ff726e01950 17172->17181 17174 7ff726e0378b 17177 7ff726e02810 49 API calls 17174->17177 17179 7ff726e03706 17174->17179 17175 7ff726e03734 17495 7ff726e02810 17175->17495 17176 7ff726e0374c __vcrt_FlsAlloc 17176->17168 17177->17179 17179->17170 17182 7ff726e045c0 108 API calls 17181->17182 17183 7ff726e01985 17182->17183 17184 7ff726e01c43 17183->17184 17186 7ff726e07f90 83 API calls 17183->17186 17185 7ff726e0c550 _log10_special 8 API calls 17184->17185 17187 7ff726e01c5e 17185->17187 17188 7ff726e019cb 17186->17188 17187->16982 17187->16983 17230 7ff726e01a03 17188->17230 17848 7ff726e106d4 17188->17848 17190 7ff726e1004c 74 API calls 17190->17184 17191 7ff726e019e5 17192 7ff726e019e9 17191->17192 17193 7ff726e01a08 17191->17193 17194 7ff726e14f08 _get_daylight 11 API calls 17192->17194 17852 7ff726e1039c 17193->17852 17196 7ff726e019ee 17194->17196 17855 7ff726e02910 17196->17855 17199 7ff726e01a26 17201 7ff726e14f08 _get_daylight 11 API calls 17199->17201 17200 7ff726e01a45 17204 7ff726e01a5c 17200->17204 17205 7ff726e01a7b 17200->17205 17202 7ff726e01a2b 17201->17202 17203 7ff726e02910 54 API calls 17202->17203 17203->17230 17206 7ff726e14f08 _get_daylight 11 API calls 17204->17206 17207 7ff726e01c80 49 API calls 17205->17207 17208 7ff726e01a61 17206->17208 17209 7ff726e01a92 17207->17209 17210 7ff726e02910 54 API calls 17208->17210 17211 7ff726e01c80 49 API calls 17209->17211 17210->17230 17212 7ff726e01add 17211->17212 17213 7ff726e106d4 73 API calls 17212->17213 17214 7ff726e01b01 17213->17214 17215 7ff726e01b16 17214->17215 17216 7ff726e01b35 17214->17216 17218 7ff726e14f08 _get_daylight 11 API calls 17215->17218 17217 7ff726e1039c _fread_nolock 53 API calls 17216->17217 17219 7ff726e01b4a 17217->17219 17220 7ff726e01b1b 17218->17220 17222 7ff726e01b50 17219->17222 17223 7ff726e01b6f 17219->17223 17221 7ff726e02910 54 API calls 17220->17221 17221->17230 17224 7ff726e14f08 _get_daylight 11 API calls 17222->17224 17870 7ff726e10110 17223->17870 17226 7ff726e01b55 17224->17226 17228 7ff726e02910 54 API calls 17226->17228 17228->17230 17229 7ff726e02710 54 API calls 17229->17230 17230->17190 17232 7ff726e0883a 17231->17232 17233 7ff726e09390 2 API calls 17232->17233 17234 7ff726e08859 GetEnvironmentVariableW 17233->17234 17235 7ff726e088c2 17234->17235 17236 7ff726e08876 ExpandEnvironmentStringsW 17234->17236 17238 7ff726e0c550 _log10_special 8 API calls 17235->17238 17236->17235 17237 7ff726e08898 17236->17237 17239 7ff726e09440 2 API calls 17237->17239 17240 7ff726e088d4 17238->17240 17241 7ff726e088aa 17239->17241 17240->16992 17242 7ff726e0c550 _log10_special 8 API calls 17241->17242 17243 7ff726e088ba 17242->17243 17243->16992 17245 7ff726e090f5 17244->17245 18085 7ff726e08570 GetCurrentProcess OpenProcessToken 17245->18085 17248 7ff726e08570 7 API calls 17249 7ff726e09121 17248->17249 17250 7ff726e0913a 17249->17250 17251 7ff726e09154 17249->17251 17252 7ff726e026b0 48 API calls 17250->17252 17253 7ff726e026b0 48 API calls 17251->17253 17254 7ff726e09152 17252->17254 17255 7ff726e09167 LocalFree LocalFree 17253->17255 17254->17255 17256 7ff726e09183 17255->17256 17259 7ff726e0918f 17255->17259 18095 7ff726e02b50 17256->18095 17258 7ff726e0c550 _log10_special 8 API calls 17260 7ff726e03c55 17258->17260 17259->17258 17260->17037 17261 7ff726e08660 17260->17261 17262 7ff726e08678 17261->17262 17263 7ff726e086fa GetTempPathW GetCurrentProcessId 17262->17263 17264 7ff726e0869c 17262->17264 18104 7ff726e025c0 17263->18104 17266 7ff726e08830 14 API calls 17264->17266 17267 7ff726e086a8 17266->17267 18111 7ff726e081d0 17267->18111 17271 7ff726e086e8 __std_exception_destroy 17279 7ff726e087d4 __std_exception_destroy 17271->17279 17274 7ff726e08728 __std_exception_destroy 17281 7ff726e08765 __std_exception_destroy 17274->17281 18108 7ff726e18b68 17274->18108 17280 7ff726e0c550 _log10_special 8 API calls 17279->17280 17282 7ff726e03cbb 17280->17282 17281->17279 17286 7ff726e09390 2 API calls 17281->17286 17282->17037 17282->17049 17287 7ff726e087b1 17286->17287 17288 7ff726e087e9 17287->17288 17289 7ff726e087b6 17287->17289 17291 7ff726e18238 38 API calls 17288->17291 17290 7ff726e09390 2 API calls 17289->17290 17292 7ff726e087c6 17290->17292 17291->17279 17293 7ff726e18238 38 API calls 17292->17293 17293->17279 17295 7ff726e093b2 MultiByteToWideChar 17294->17295 17296 7ff726e093d6 17294->17296 17295->17296 17298 7ff726e093ec __std_exception_destroy 17295->17298 17297 7ff726e093f3 MultiByteToWideChar 17296->17297 17296->17298 17297->17298 17298->17051 17310 7ff726e033ce __scrt_get_show_window_mode 17299->17310 17300 7ff726e0c550 _log10_special 8 API calls 17302 7ff726e03664 17300->17302 17301 7ff726e035c7 17301->17300 17302->17106 17318 7ff726e090c0 LocalFree 17302->17318 17304 7ff726e01c80 49 API calls 17304->17310 17305 7ff726e035e2 17307 7ff726e02710 54 API calls 17305->17307 17307->17301 17309 7ff726e035c9 17313 7ff726e02710 54 API calls 17309->17313 17310->17301 17310->17304 17310->17305 17310->17309 17312 7ff726e02a50 54 API calls 17310->17312 17316 7ff726e035d0 17310->17316 18300 7ff726e04560 17310->18300 18306 7ff726e07e20 17310->18306 18318 7ff726e01600 17310->18318 18366 7ff726e07120 17310->18366 18370 7ff726e04190 17310->18370 18414 7ff726e04450 17310->18414 17312->17310 17313->17301 17317 7ff726e02710 54 API calls 17316->17317 17317->17301 17320 7ff726e01ca5 17319->17320 17321 7ff726e14984 49 API calls 17320->17321 17322 7ff726e01cc8 17321->17322 17322->16987 17324 7ff726e09390 2 API calls 17323->17324 17325 7ff726e089b4 17324->17325 17326 7ff726e18238 38 API calls 17325->17326 17327 7ff726e089c6 __std_exception_destroy 17326->17327 17327->17001 17329 7ff726e045cc 17328->17329 17330 7ff726e09390 2 API calls 17329->17330 17331 7ff726e045f4 17330->17331 17332 7ff726e09390 2 API calls 17331->17332 17333 7ff726e04607 17332->17333 18581 7ff726e15f94 17333->18581 17336 7ff726e0c550 _log10_special 8 API calls 17337 7ff726e0392b 17336->17337 17337->16990 17338 7ff726e07f90 17337->17338 17339 7ff726e07fb4 17338->17339 17340 7ff726e106d4 73 API calls 17339->17340 17345 7ff726e0808b __std_exception_destroy 17339->17345 17341 7ff726e07fd0 17340->17341 17341->17345 18972 7ff726e178c8 17341->18972 17343 7ff726e106d4 73 API calls 17346 7ff726e07fe5 17343->17346 17344 7ff726e1039c _fread_nolock 53 API calls 17344->17346 17345->16994 17346->17343 17346->17344 17346->17345 17348 7ff726e1007c 17347->17348 18987 7ff726e0fe28 17348->18987 17350 7ff726e10095 17350->16990 17352 7ff726e0c850 17351->17352 17353 7ff726e02734 GetCurrentProcessId 17352->17353 17354 7ff726e01c80 49 API calls 17353->17354 17355 7ff726e02787 17354->17355 17356 7ff726e14984 49 API calls 17355->17356 17357 7ff726e027cf 17356->17357 17358 7ff726e02620 12 API calls 17357->17358 17359 7ff726e027f1 17358->17359 17360 7ff726e0c550 _log10_special 8 API calls 17359->17360 17361 7ff726e02801 17360->17361 17361->17106 17363 7ff726e09390 2 API calls 17362->17363 17364 7ff726e0895c 17363->17364 17365 7ff726e09390 2 API calls 17364->17365 17366 7ff726e0896c 17365->17366 17367 7ff726e18238 38 API calls 17366->17367 17368 7ff726e0897a __std_exception_destroy 17367->17368 17368->17004 17370 7ff726e01c80 49 API calls 17369->17370 17371 7ff726e044fd 17370->17371 17371->17031 17373 7ff726e01c80 49 API calls 17372->17373 17374 7ff726e04660 17373->17374 17374->17049 17376 7ff726e06dd5 17375->17376 17377 7ff726e03e64 17376->17377 17378 7ff726e14f08 _get_daylight 11 API calls 17376->17378 17381 7ff726e07340 17377->17381 17379 7ff726e06de2 17378->17379 17380 7ff726e02910 54 API calls 17379->17380 17380->17377 18998 7ff726e01470 17381->18998 17383 7ff726e07368 17384 7ff726e04630 49 API calls 17383->17384 17394 7ff726e074b9 __std_exception_destroy 17383->17394 17385 7ff726e0738a 17384->17385 17386 7ff726e0738f 17385->17386 17387 7ff726e04630 49 API calls 17385->17387 17394->17083 19104 7ff726e06360 17449->19104 17457 7ff726e03399 17458 7ff726e03670 17457->17458 17460 7ff726e0367e 17458->17460 17459 7ff726e0368f 17459->17075 17460->17459 19377 7ff726e08e60 FreeLibrary 17460->19377 17469 7ff726e1546c EnterCriticalSection 17462->17469 17471 7ff726e036bc GetModuleFileNameW 17470->17471 17471->17162 17471->17163 17473 7ff726e092bf FindClose 17472->17473 17474 7ff726e092d2 17472->17474 17473->17474 17475 7ff726e0c550 _log10_special 8 API calls 17474->17475 17476 7ff726e0371a 17475->17476 17476->17167 17476->17168 17478 7ff726e0c850 17477->17478 17479 7ff726e02c70 GetCurrentProcessId 17478->17479 17508 7ff726e026b0 17479->17508 17481 7ff726e02cb9 17512 7ff726e14bd8 17481->17512 17484 7ff726e026b0 48 API calls 17485 7ff726e02d34 FormatMessageW 17484->17485 17487 7ff726e02d7f MessageBoxW 17485->17487 17488 7ff726e02d6d 17485->17488 17490 7ff726e0c550 _log10_special 8 API calls 17487->17490 17489 7ff726e026b0 48 API calls 17488->17489 17489->17487 17491 7ff726e02daf 17490->17491 17491->17179 17493 7ff726e03730 17492->17493 17494 7ff726e09340 GetFinalPathNameByHandleW CloseHandle 17492->17494 17493->17175 17493->17176 17494->17493 17496 7ff726e02834 17495->17496 17497 7ff726e026b0 48 API calls 17496->17497 17498 7ff726e02887 17497->17498 17499 7ff726e14bd8 48 API calls 17498->17499 17500 7ff726e028d0 MessageBoxW 17499->17500 17501 7ff726e0c550 _log10_special 8 API calls 17500->17501 17502 7ff726e02900 17501->17502 17502->17179 17504 7ff726e0946a WideCharToMultiByte 17503->17504 17505 7ff726e09495 17503->17505 17504->17505 17507 7ff726e094ab __std_exception_destroy 17504->17507 17506 7ff726e094b2 WideCharToMultiByte 17505->17506 17505->17507 17506->17507 17507->17174 17509 7ff726e026d5 17508->17509 17510 7ff726e14bd8 48 API calls 17509->17510 17511 7ff726e026f8 17510->17511 17511->17481 17515 7ff726e14c32 17512->17515 17513 7ff726e14c57 17514 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17513->17514 17518 7ff726e14c81 17514->17518 17515->17513 17516 7ff726e14c93 17515->17516 17530 7ff726e12f90 17516->17530 17520 7ff726e0c550 _log10_special 8 API calls 17518->17520 17519 7ff726e14d74 17521 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17519->17521 17522 7ff726e02d04 17520->17522 17521->17518 17522->17484 17524 7ff726e14d49 17527 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17524->17527 17525 7ff726e14d9a 17525->17519 17526 7ff726e14da4 17525->17526 17529 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17526->17529 17527->17518 17528 7ff726e14d40 17528->17519 17528->17524 17529->17518 17531 7ff726e12fce 17530->17531 17532 7ff726e12fbe 17530->17532 17533 7ff726e12fd7 17531->17533 17538 7ff726e13005 17531->17538 17534 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17532->17534 17535 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17533->17535 17536 7ff726e12ffd 17534->17536 17535->17536 17536->17519 17536->17524 17536->17525 17536->17528 17538->17532 17538->17536 17541 7ff726e139a4 17538->17541 17574 7ff726e133f0 17538->17574 17611 7ff726e12b80 17538->17611 17542 7ff726e13a57 17541->17542 17543 7ff726e139e6 17541->17543 17546 7ff726e13a5c 17542->17546 17547 7ff726e13ab0 17542->17547 17544 7ff726e139ec 17543->17544 17545 7ff726e13a81 17543->17545 17550 7ff726e13a20 17544->17550 17551 7ff726e139f1 17544->17551 17634 7ff726e11d54 17545->17634 17548 7ff726e13a5e 17546->17548 17549 7ff726e13a91 17546->17549 17553 7ff726e13ac7 17547->17553 17554 7ff726e13aba 17547->17554 17558 7ff726e13abf 17547->17558 17552 7ff726e13a00 17548->17552 17561 7ff726e13a6d 17548->17561 17641 7ff726e11944 17549->17641 17556 7ff726e139f7 17550->17556 17550->17558 17551->17553 17551->17556 17572 7ff726e13af0 17552->17572 17614 7ff726e14158 17552->17614 17648 7ff726e146ac 17553->17648 17554->17545 17554->17558 17556->17552 17562 7ff726e13a32 17556->17562 17569 7ff726e13a1b 17556->17569 17558->17572 17652 7ff726e12164 17558->17652 17561->17545 17564 7ff726e13a72 17561->17564 17562->17572 17624 7ff726e14494 17562->17624 17564->17572 17630 7ff726e14558 17564->17630 17566 7ff726e0c550 _log10_special 8 API calls 17568 7ff726e13dea 17566->17568 17568->17538 17569->17572 17573 7ff726e13cdc 17569->17573 17659 7ff726e147c0 17569->17659 17572->17566 17573->17572 17665 7ff726e1ea08 17573->17665 17575 7ff726e133fe 17574->17575 17576 7ff726e13414 17574->17576 17577 7ff726e13a57 17575->17577 17578 7ff726e139e6 17575->17578 17580 7ff726e13454 17575->17580 17579 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17576->17579 17576->17580 17583 7ff726e13a5c 17577->17583 17584 7ff726e13ab0 17577->17584 17581 7ff726e139ec 17578->17581 17582 7ff726e13a81 17578->17582 17579->17580 17580->17538 17587 7ff726e13a20 17581->17587 17588 7ff726e139f1 17581->17588 17592 7ff726e11d54 38 API calls 17582->17592 17585 7ff726e13a5e 17583->17585 17586 7ff726e13a91 17583->17586 17590 7ff726e13ac7 17584->17590 17591 7ff726e13aba 17584->17591 17596 7ff726e13abf 17584->17596 17589 7ff726e13a00 17585->17589 17598 7ff726e13a6d 17585->17598 17594 7ff726e11944 38 API calls 17586->17594 17593 7ff726e139f7 17587->17593 17587->17596 17588->17590 17588->17593 17595 7ff726e14158 47 API calls 17589->17595 17609 7ff726e13af0 17589->17609 17597 7ff726e146ac 45 API calls 17590->17597 17591->17582 17591->17596 17608 7ff726e13a1b 17592->17608 17593->17589 17599 7ff726e13a32 17593->17599 17593->17608 17594->17608 17595->17608 17600 7ff726e12164 38 API calls 17596->17600 17596->17609 17597->17608 17598->17582 17601 7ff726e13a72 17598->17601 17602 7ff726e14494 46 API calls 17599->17602 17599->17609 17600->17608 17604 7ff726e14558 37 API calls 17601->17604 17601->17609 17602->17608 17603 7ff726e0c550 _log10_special 8 API calls 17605 7ff726e13dea 17603->17605 17604->17608 17605->17538 17606 7ff726e147c0 45 API calls 17610 7ff726e13cdc 17606->17610 17607 7ff726e1ea08 46 API calls 17607->17610 17608->17606 17608->17609 17608->17610 17609->17603 17610->17607 17610->17609 17831 7ff726e10fc8 17611->17831 17615 7ff726e1417e 17614->17615 17677 7ff726e10b80 17615->17677 17620 7ff726e142c3 17622 7ff726e147c0 45 API calls 17620->17622 17623 7ff726e14351 17620->17623 17621 7ff726e147c0 45 API calls 17621->17620 17622->17623 17623->17569 17626 7ff726e144c9 17624->17626 17625 7ff726e1450e 17625->17569 17626->17625 17627 7ff726e144e7 17626->17627 17628 7ff726e147c0 45 API calls 17626->17628 17629 7ff726e1ea08 46 API calls 17627->17629 17628->17627 17629->17625 17633 7ff726e14579 17630->17633 17631 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17632 7ff726e145aa 17631->17632 17632->17569 17633->17631 17633->17632 17636 7ff726e11d87 17634->17636 17635 7ff726e11db6 17640 7ff726e11df3 17635->17640 17804 7ff726e10c28 17635->17804 17636->17635 17638 7ff726e11e73 17636->17638 17639 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17638->17639 17639->17640 17640->17569 17642 7ff726e11977 17641->17642 17643 7ff726e119a6 17642->17643 17645 7ff726e11a63 17642->17645 17644 7ff726e10c28 12 API calls 17643->17644 17647 7ff726e119e3 17643->17647 17644->17647 17646 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17645->17646 17646->17647 17647->17569 17649 7ff726e146ef 17648->17649 17651 7ff726e146f3 __crtLCMapStringW 17649->17651 17812 7ff726e14748 17649->17812 17651->17569 17653 7ff726e12197 17652->17653 17654 7ff726e121c6 17653->17654 17656 7ff726e12283 17653->17656 17655 7ff726e10c28 12 API calls 17654->17655 17658 7ff726e12203 17654->17658 17655->17658 17657 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17656->17657 17657->17658 17658->17569 17660 7ff726e147d7 17659->17660 17816 7ff726e1d9b8 17660->17816 17667 7ff726e1ea39 17665->17667 17675 7ff726e1ea47 17665->17675 17666 7ff726e1ea67 17669 7ff726e1ea78 17666->17669 17670 7ff726e1ea9f 17666->17670 17667->17666 17668 7ff726e147c0 45 API calls 17667->17668 17667->17675 17668->17666 17824 7ff726e200a0 17669->17824 17672 7ff726e1eb2a 17670->17672 17673 7ff726e1eac9 17670->17673 17670->17675 17674 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 17672->17674 17673->17675 17676 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 17673->17676 17674->17675 17675->17573 17676->17675 17678 7ff726e10bb7 17677->17678 17684 7ff726e10ba6 17677->17684 17679 7ff726e1d5fc _fread_nolock 12 API calls 17678->17679 17678->17684 17680 7ff726e10be4 17679->17680 17681 7ff726e10bf8 17680->17681 17682 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17680->17682 17683 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17681->17683 17682->17681 17683->17684 17685 7ff726e1e570 17684->17685 17686 7ff726e1e58d 17685->17686 17687 7ff726e1e5c0 17685->17687 17688 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17686->17688 17687->17686 17689 7ff726e1e5f2 17687->17689 17704 7ff726e142a1 17688->17704 17694 7ff726e1e705 17689->17694 17701 7ff726e1e63a 17689->17701 17690 7ff726e1e7f7 17731 7ff726e1da5c 17690->17731 17692 7ff726e1e7bd 17724 7ff726e1ddf4 17692->17724 17694->17690 17694->17692 17695 7ff726e1e78c 17694->17695 17696 7ff726e1e74f 17694->17696 17698 7ff726e1e745 17694->17698 17717 7ff726e1e0d4 17695->17717 17707 7ff726e1e304 17696->17707 17698->17692 17700 7ff726e1e74a 17698->17700 17700->17695 17700->17696 17702 7ff726e1a4a4 __std_exception_copy 37 API calls 17701->17702 17701->17704 17703 7ff726e1e6f2 17702->17703 17703->17704 17705 7ff726e1a900 _isindst 17 API calls 17703->17705 17704->17620 17704->17621 17706 7ff726e1e854 17705->17706 17740 7ff726e240ac 17707->17740 17711 7ff726e1e3ac 17712 7ff726e1e401 17711->17712 17714 7ff726e1e3cc 17711->17714 17716 7ff726e1e3b0 17711->17716 17793 7ff726e1def0 17712->17793 17714->17714 17789 7ff726e1e1ac 17714->17789 17716->17704 17718 7ff726e240ac 38 API calls 17717->17718 17719 7ff726e1e11e 17718->17719 17720 7ff726e23af4 37 API calls 17719->17720 17721 7ff726e1e16e 17720->17721 17722 7ff726e1e172 17721->17722 17723 7ff726e1e1ac 45 API calls 17721->17723 17722->17704 17723->17722 17725 7ff726e240ac 38 API calls 17724->17725 17726 7ff726e1de3f 17725->17726 17727 7ff726e23af4 37 API calls 17726->17727 17728 7ff726e1de97 17727->17728 17729 7ff726e1de9b 17728->17729 17730 7ff726e1def0 45 API calls 17728->17730 17729->17704 17730->17729 17732 7ff726e1daa1 17731->17732 17733 7ff726e1dad4 17731->17733 17734 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17732->17734 17735 7ff726e1daec 17733->17735 17737 7ff726e1db6d 17733->17737 17739 7ff726e1dacd __scrt_get_show_window_mode 17734->17739 17736 7ff726e1ddf4 46 API calls 17735->17736 17736->17739 17738 7ff726e147c0 45 API calls 17737->17738 17737->17739 17738->17739 17739->17704 17741 7ff726e240ff fegetenv 17740->17741 17742 7ff726e27e2c 37 API calls 17741->17742 17746 7ff726e24152 17742->17746 17743 7ff726e2417f 17748 7ff726e1a4a4 __std_exception_copy 37 API calls 17743->17748 17744 7ff726e24242 17745 7ff726e27e2c 37 API calls 17744->17745 17747 7ff726e2426c 17745->17747 17746->17744 17749 7ff726e2416d 17746->17749 17750 7ff726e2421c 17746->17750 17751 7ff726e27e2c 37 API calls 17747->17751 17752 7ff726e241fd 17748->17752 17749->17743 17749->17744 17755 7ff726e1a4a4 __std_exception_copy 37 API calls 17750->17755 17753 7ff726e2427d 17751->17753 17754 7ff726e25324 17752->17754 17759 7ff726e24205 17752->17759 17756 7ff726e28020 20 API calls 17753->17756 17757 7ff726e1a900 _isindst 17 API calls 17754->17757 17755->17752 17767 7ff726e242e6 __scrt_get_show_window_mode 17756->17767 17758 7ff726e25339 17757->17758 17760 7ff726e0c550 _log10_special 8 API calls 17759->17760 17761 7ff726e1e351 17760->17761 17785 7ff726e23af4 17761->17785 17762 7ff726e2468f __scrt_get_show_window_mode 17763 7ff726e249cf 17764 7ff726e23c10 37 API calls 17763->17764 17772 7ff726e250e7 17764->17772 17765 7ff726e2497b 17765->17763 17768 7ff726e2533c memcpy_s 37 API calls 17765->17768 17766 7ff726e24327 memcpy_s 17770 7ff726e24c6b memcpy_s __scrt_get_show_window_mode 17766->17770 17775 7ff726e24783 memcpy_s __scrt_get_show_window_mode 17766->17775 17767->17762 17767->17766 17769 7ff726e14f08 _get_daylight 11 API calls 17767->17769 17768->17763 17771 7ff726e24760 17769->17771 17770->17763 17770->17765 17780 7ff726e14f08 11 API calls _get_daylight 17770->17780 17783 7ff726e1a8e0 37 API calls _invalid_parameter_noinfo 17770->17783 17773 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17771->17773 17774 7ff726e25142 17772->17774 17776 7ff726e2533c memcpy_s 37 API calls 17772->17776 17773->17766 17777 7ff726e252c8 17774->17777 17782 7ff726e23c10 37 API calls 17774->17782 17784 7ff726e2533c memcpy_s 37 API calls 17774->17784 17775->17765 17778 7ff726e14f08 11 API calls _get_daylight 17775->17778 17781 7ff726e1a8e0 37 API calls _invalid_parameter_noinfo 17775->17781 17776->17774 17779 7ff726e27e2c 37 API calls 17777->17779 17778->17775 17779->17759 17780->17770 17781->17775 17782->17774 17783->17770 17784->17774 17786 7ff726e23b13 17785->17786 17787 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17786->17787 17788 7ff726e23b3e memcpy_s 17786->17788 17787->17788 17788->17711 17790 7ff726e1e1d8 memcpy_s 17789->17790 17791 7ff726e147c0 45 API calls 17790->17791 17792 7ff726e1e292 memcpy_s __scrt_get_show_window_mode 17790->17792 17791->17792 17792->17716 17794 7ff726e1df2b 17793->17794 17798 7ff726e1df78 memcpy_s 17793->17798 17795 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17794->17795 17796 7ff726e1df57 17795->17796 17796->17716 17797 7ff726e1dfe3 17799 7ff726e1a4a4 __std_exception_copy 37 API calls 17797->17799 17798->17797 17800 7ff726e147c0 45 API calls 17798->17800 17803 7ff726e1e025 memcpy_s 17799->17803 17800->17797 17801 7ff726e1a900 _isindst 17 API calls 17802 7ff726e1e0d0 17801->17802 17803->17801 17805 7ff726e10c5f 17804->17805 17811 7ff726e10c4e 17804->17811 17806 7ff726e1d5fc _fread_nolock 12 API calls 17805->17806 17805->17811 17807 7ff726e10c90 17806->17807 17808 7ff726e10ca4 17807->17808 17809 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17807->17809 17810 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17808->17810 17809->17808 17810->17811 17811->17640 17813 7ff726e1476e 17812->17813 17814 7ff726e14766 17812->17814 17813->17651 17815 7ff726e147c0 45 API calls 17814->17815 17815->17813 17817 7ff726e147ff 17816->17817 17818 7ff726e1d9d1 17816->17818 17820 7ff726e1da24 17817->17820 17818->17817 17819 7ff726e23304 45 API calls 17818->17819 17819->17817 17821 7ff726e1da3d 17820->17821 17822 7ff726e1480f 17820->17822 17821->17822 17823 7ff726e22650 45 API calls 17821->17823 17822->17573 17823->17822 17827 7ff726e26d88 17824->17827 17830 7ff726e26dec 17827->17830 17828 7ff726e0c550 _log10_special 8 API calls 17829 7ff726e200bd 17828->17829 17829->17675 17830->17828 17832 7ff726e10ffd 17831->17832 17833 7ff726e1100f 17831->17833 17834 7ff726e14f08 _get_daylight 11 API calls 17832->17834 17835 7ff726e1101d 17833->17835 17840 7ff726e11059 17833->17840 17836 7ff726e11002 17834->17836 17837 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17835->17837 17838 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17836->17838 17839 7ff726e1100d 17837->17839 17838->17839 17839->17538 17841 7ff726e113d5 17840->17841 17843 7ff726e14f08 _get_daylight 11 API calls 17840->17843 17841->17839 17842 7ff726e14f08 _get_daylight 11 API calls 17841->17842 17844 7ff726e11669 17842->17844 17845 7ff726e113ca 17843->17845 17846 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17844->17846 17847 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17845->17847 17846->17839 17847->17841 17849 7ff726e10704 17848->17849 17876 7ff726e10464 17849->17876 17851 7ff726e1071d 17851->17191 17888 7ff726e103bc 17852->17888 17856 7ff726e0c850 17855->17856 17857 7ff726e02930 GetCurrentProcessId 17856->17857 17858 7ff726e01c80 49 API calls 17857->17858 17859 7ff726e02979 17858->17859 17902 7ff726e14984 17859->17902 17864 7ff726e01c80 49 API calls 17865 7ff726e029ff 17864->17865 17932 7ff726e02620 17865->17932 17868 7ff726e0c550 _log10_special 8 API calls 17869 7ff726e02a31 17868->17869 17869->17230 17871 7ff726e10119 17870->17871 17873 7ff726e01b89 17870->17873 17872 7ff726e14f08 _get_daylight 11 API calls 17871->17872 17874 7ff726e1011e 17872->17874 17873->17229 17873->17230 17875 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17874->17875 17875->17873 17877 7ff726e104ce 17876->17877 17878 7ff726e1048e 17876->17878 17877->17878 17880 7ff726e104da 17877->17880 17879 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17878->17879 17882 7ff726e104b5 17879->17882 17887 7ff726e1546c EnterCriticalSection 17880->17887 17882->17851 17889 7ff726e01a20 17888->17889 17890 7ff726e103e6 17888->17890 17889->17199 17889->17200 17890->17889 17891 7ff726e10432 17890->17891 17892 7ff726e103f5 __scrt_get_show_window_mode 17890->17892 17901 7ff726e1546c EnterCriticalSection 17891->17901 17894 7ff726e14f08 _get_daylight 11 API calls 17892->17894 17896 7ff726e1040a 17894->17896 17898 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17896->17898 17898->17889 17904 7ff726e149de 17902->17904 17903 7ff726e14a03 17905 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17903->17905 17904->17903 17906 7ff726e14a3f 17904->17906 17908 7ff726e14a2d 17905->17908 17941 7ff726e12c10 17906->17941 17910 7ff726e0c550 _log10_special 8 API calls 17908->17910 17909 7ff726e14b1c 17911 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17909->17911 17912 7ff726e029c3 17910->17912 17911->17908 17920 7ff726e15160 17912->17920 17914 7ff726e14b40 17914->17909 17916 7ff726e14b4a 17914->17916 17915 7ff726e14af1 17917 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17915->17917 17919 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17916->17919 17917->17908 17918 7ff726e14ae8 17918->17909 17918->17915 17919->17908 17921 7ff726e1b2c8 _get_daylight 11 API calls 17920->17921 17922 7ff726e15177 17921->17922 17923 7ff726e029e5 17922->17923 17924 7ff726e1eb98 _get_daylight 11 API calls 17922->17924 17927 7ff726e151b7 17922->17927 17923->17864 17925 7ff726e151ac 17924->17925 17926 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17925->17926 17926->17927 17927->17923 18076 7ff726e1ec20 17927->18076 17930 7ff726e1a900 _isindst 17 API calls 17931 7ff726e151fc 17930->17931 17933 7ff726e0262f 17932->17933 17934 7ff726e09390 2 API calls 17933->17934 17935 7ff726e02660 17934->17935 17936 7ff726e02683 MessageBoxA 17935->17936 17937 7ff726e0266f MessageBoxW 17935->17937 17938 7ff726e02690 17936->17938 17937->17938 17939 7ff726e0c550 _log10_special 8 API calls 17938->17939 17940 7ff726e026a0 17939->17940 17940->17868 17942 7ff726e12c4e 17941->17942 17943 7ff726e12c3e 17941->17943 17944 7ff726e12c57 17942->17944 17953 7ff726e12c85 17942->17953 17945 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17943->17945 17946 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17944->17946 17947 7ff726e12c7d 17945->17947 17946->17947 17947->17909 17947->17914 17947->17915 17947->17918 17948 7ff726e147c0 45 API calls 17948->17953 17950 7ff726e12f34 17952 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17950->17952 17952->17943 17953->17943 17953->17947 17953->17948 17953->17950 17955 7ff726e135a0 17953->17955 17981 7ff726e13268 17953->17981 18011 7ff726e12af0 17953->18011 17956 7ff726e135e2 17955->17956 17957 7ff726e13655 17955->17957 17960 7ff726e135e8 17956->17960 17961 7ff726e1367f 17956->17961 17958 7ff726e1365a 17957->17958 17959 7ff726e136af 17957->17959 17962 7ff726e1365c 17958->17962 17963 7ff726e1368f 17958->17963 17959->17961 17969 7ff726e13618 17959->17969 17973 7ff726e136be 17959->17973 17968 7ff726e135ed 17960->17968 17960->17973 18028 7ff726e11b50 17961->18028 17964 7ff726e135fd 17962->17964 17972 7ff726e1366b 17962->17972 18035 7ff726e11740 17963->18035 17980 7ff726e136ed 17964->17980 18014 7ff726e13f04 17964->18014 17968->17964 17968->17969 17971 7ff726e13630 17968->17971 17969->17980 18049 7ff726e1e858 17969->18049 17971->17980 18024 7ff726e143c0 17971->18024 17972->17961 17974 7ff726e13670 17972->17974 17973->17980 18042 7ff726e11f60 17973->18042 17977 7ff726e14558 37 API calls 17974->17977 17974->17980 17976 7ff726e0c550 _log10_special 8 API calls 17978 7ff726e13983 17976->17978 17977->17969 17978->17953 17980->17976 17982 7ff726e13289 17981->17982 17983 7ff726e13273 17981->17983 17984 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17982->17984 17985 7ff726e132c7 17982->17985 17983->17985 17986 7ff726e135e2 17983->17986 17987 7ff726e13655 17983->17987 17984->17985 17985->17953 17990 7ff726e135e8 17986->17990 17991 7ff726e1367f 17986->17991 17988 7ff726e1365a 17987->17988 17989 7ff726e136af 17987->17989 17992 7ff726e1365c 17988->17992 17993 7ff726e1368f 17988->17993 17989->17991 18000 7ff726e136be 17989->18000 18009 7ff726e13618 17989->18009 17998 7ff726e135ed 17990->17998 17990->18000 17995 7ff726e11b50 38 API calls 17991->17995 17994 7ff726e135fd 17992->17994 18002 7ff726e1366b 17992->18002 17996 7ff726e11740 38 API calls 17993->17996 17997 7ff726e13f04 47 API calls 17994->17997 18010 7ff726e136ed 17994->18010 17995->18009 17996->18009 17997->18009 17998->17994 17999 7ff726e13630 17998->17999 17998->18009 18003 7ff726e143c0 47 API calls 17999->18003 17999->18010 18001 7ff726e11f60 38 API calls 18000->18001 18000->18010 18001->18009 18002->17991 18004 7ff726e13670 18002->18004 18003->18009 18006 7ff726e14558 37 API calls 18004->18006 18004->18010 18005 7ff726e0c550 _log10_special 8 API calls 18007 7ff726e13983 18005->18007 18006->18009 18007->17953 18008 7ff726e1e858 47 API calls 18008->18009 18009->18008 18009->18010 18010->18005 18059 7ff726e10d14 18011->18059 18015 7ff726e13f26 18014->18015 18016 7ff726e10b80 12 API calls 18015->18016 18017 7ff726e13f6e 18016->18017 18018 7ff726e1e570 46 API calls 18017->18018 18019 7ff726e14041 18018->18019 18020 7ff726e147c0 45 API calls 18019->18020 18023 7ff726e14063 18019->18023 18020->18023 18021 7ff726e140ec 18021->17969 18021->18021 18022 7ff726e147c0 45 API calls 18022->18021 18023->18021 18023->18022 18023->18023 18025 7ff726e143d8 18024->18025 18027 7ff726e14440 18024->18027 18026 7ff726e1e858 47 API calls 18025->18026 18025->18027 18026->18027 18027->17969 18029 7ff726e11b83 18028->18029 18030 7ff726e11bb2 18029->18030 18032 7ff726e11c6f 18029->18032 18031 7ff726e10b80 12 API calls 18030->18031 18034 7ff726e11bef 18030->18034 18031->18034 18033 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 18032->18033 18033->18034 18034->17969 18037 7ff726e11773 18035->18037 18036 7ff726e117a2 18038 7ff726e10b80 12 API calls 18036->18038 18041 7ff726e117df 18036->18041 18037->18036 18039 7ff726e1185f 18037->18039 18038->18041 18040 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 18039->18040 18040->18041 18041->17969 18044 7ff726e11f93 18042->18044 18043 7ff726e11fc2 18045 7ff726e10b80 12 API calls 18043->18045 18048 7ff726e11fff 18043->18048 18044->18043 18046 7ff726e1207f 18044->18046 18045->18048 18047 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 18046->18047 18047->18048 18048->17969 18050 7ff726e1e880 18049->18050 18051 7ff726e1e8c5 18050->18051 18052 7ff726e147c0 45 API calls 18050->18052 18054 7ff726e1e885 __scrt_get_show_window_mode 18050->18054 18058 7ff726e1e8ae __scrt_get_show_window_mode 18050->18058 18051->18054 18055 7ff726e207e8 WideCharToMultiByte 18051->18055 18051->18058 18052->18051 18053 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 18053->18054 18054->17969 18056 7ff726e1e9a1 18055->18056 18056->18054 18057 7ff726e1e9b6 GetLastError 18056->18057 18057->18054 18057->18058 18058->18053 18058->18054 18060 7ff726e10d41 18059->18060 18061 7ff726e10d53 18059->18061 18062 7ff726e14f08 _get_daylight 11 API calls 18060->18062 18063 7ff726e10d60 18061->18063 18067 7ff726e10d9d 18061->18067 18064 7ff726e10d46 18062->18064 18065 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 18063->18065 18066 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 18064->18066 18072 7ff726e10d51 18065->18072 18066->18072 18068 7ff726e14f08 _get_daylight 11 API calls 18067->18068 18075 7ff726e10e46 18067->18075 18070 7ff726e10e3b 18068->18070 18069 7ff726e14f08 _get_daylight 11 API calls 18071 7ff726e10ef0 18069->18071 18073 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 18070->18073 18074 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 18071->18074 18072->17953 18073->18075 18074->18072 18075->18069 18075->18072 18081 7ff726e1ec3d 18076->18081 18077 7ff726e1ec42 18078 7ff726e151dd 18077->18078 18079 7ff726e14f08 _get_daylight 11 API calls 18077->18079 18078->17923 18078->17930 18080 7ff726e1ec4c 18079->18080 18082 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 18080->18082 18081->18077 18081->18078 18083 7ff726e1ec8c 18081->18083 18082->18078 18083->18078 18084 7ff726e14f08 _get_daylight 11 API calls 18083->18084 18084->18080 18086 7ff726e085b1 GetTokenInformation 18085->18086 18087 7ff726e08633 __std_exception_destroy 18085->18087 18088 7ff726e085dd 18086->18088 18089 7ff726e085d2 GetLastError 18086->18089 18090 7ff726e0864c 18087->18090 18091 7ff726e08646 CloseHandle 18087->18091 18088->18087 18092 7ff726e085f9 GetTokenInformation 18088->18092 18089->18087 18089->18088 18090->17248 18091->18090 18092->18087 18093 7ff726e0861c 18092->18093 18093->18087 18094 7ff726e08626 ConvertSidToStringSidW 18093->18094 18094->18087 18096 7ff726e0c850 18095->18096 18097 7ff726e02b74 GetCurrentProcessId 18096->18097 18098 7ff726e026b0 48 API calls 18097->18098 18099 7ff726e02bc7 18098->18099 18100 7ff726e14bd8 48 API calls 18099->18100 18101 7ff726e02c10 MessageBoxW 18100->18101 18102 7ff726e0c550 _log10_special 8 API calls 18101->18102 18103 7ff726e02c40 18102->18103 18103->17259 18105 7ff726e025e5 18104->18105 18106 7ff726e14bd8 48 API calls 18105->18106 18107 7ff726e02604 18106->18107 18107->17274 18153 7ff726e18794 18108->18153 18112 7ff726e081dc 18111->18112 18113 7ff726e09390 2 API calls 18112->18113 18114 7ff726e081fb 18113->18114 18115 7ff726e08203 18114->18115 18116 7ff726e08216 ExpandEnvironmentStringsW 18114->18116 18117 7ff726e02810 49 API calls 18115->18117 18118 7ff726e0823c __std_exception_destroy 18116->18118 18142 7ff726e0820f __std_exception_destroy 18117->18142 18119 7ff726e08240 18118->18119 18120 7ff726e08253 18118->18120 18121 7ff726e02810 49 API calls 18119->18121 18124 7ff726e082bf 18120->18124 18125 7ff726e08261 GetDriveTypeW 18120->18125 18121->18142 18122 7ff726e0c550 _log10_special 8 API calls 18123 7ff726e083af 18122->18123 18123->17271 18143 7ff726e18238 18123->18143 18126 7ff726e17e08 45 API calls 18124->18126 18129 7ff726e082b0 18125->18129 18130 7ff726e08295 18125->18130 18128 7ff726e082d1 18126->18128 18131 7ff726e082d9 18128->18131 18136 7ff726e082ec 18128->18136 18276 7ff726e1796c 18129->18276 18132 7ff726e02810 49 API calls 18130->18132 18134 7ff726e02810 49 API calls 18131->18134 18132->18142 18134->18142 18135 7ff726e0834e CreateDirectoryW 18135->18142 18136->18135 18138 7ff726e026b0 48 API calls 18136->18138 18142->18122 18144 7ff726e18258 18143->18144 18145 7ff726e18245 18143->18145 18292 7ff726e17ebc 18144->18292 18194 7ff726e21558 18153->18194 18253 7ff726e212d0 18194->18253 18274 7ff726e202d8 EnterCriticalSection 18253->18274 18277 7ff726e1798a 18276->18277 18280 7ff726e179bd 18276->18280 18277->18280 18280->18142 18301 7ff726e0456a 18300->18301 18302 7ff726e09390 2 API calls 18301->18302 18303 7ff726e0458f 18302->18303 18304 7ff726e0c550 _log10_special 8 API calls 18303->18304 18305 7ff726e045b7 18304->18305 18305->17310 18308 7ff726e07e2e 18306->18308 18307 7ff726e07f52 18311 7ff726e0c550 _log10_special 8 API calls 18307->18311 18308->18307 18309 7ff726e01c80 49 API calls 18308->18309 18310 7ff726e07eb5 18309->18310 18310->18307 18313 7ff726e01c80 49 API calls 18310->18313 18314 7ff726e04560 10 API calls 18310->18314 18315 7ff726e07f0b 18310->18315 18312 7ff726e07f83 18311->18312 18312->17310 18313->18310 18314->18310 18316 7ff726e09390 2 API calls 18315->18316 18317 7ff726e07f23 CreateDirectoryW 18316->18317 18317->18307 18317->18310 18319 7ff726e01613 18318->18319 18320 7ff726e01637 18318->18320 18439 7ff726e01050 18319->18439 18322 7ff726e045c0 108 API calls 18320->18322 18324 7ff726e0164b 18322->18324 18323 7ff726e01618 18325 7ff726e0162e 18323->18325 18329 7ff726e02710 54 API calls 18323->18329 18326 7ff726e01653 18324->18326 18327 7ff726e01682 18324->18327 18325->17310 18330 7ff726e14f08 _get_daylight 11 API calls 18326->18330 18328 7ff726e045c0 108 API calls 18327->18328 18331 7ff726e01696 18328->18331 18329->18325 18332 7ff726e01658 18330->18332 18333 7ff726e0169e 18331->18333 18334 7ff726e016b8 18331->18334 18335 7ff726e02910 54 API calls 18332->18335 18336 7ff726e02710 54 API calls 18333->18336 18337 7ff726e106d4 73 API calls 18334->18337 18338 7ff726e01671 18335->18338 18339 7ff726e016ae 18336->18339 18340 7ff726e016cd 18337->18340 18338->17310 18343 7ff726e1004c 74 API calls 18339->18343 18341 7ff726e016d1 18340->18341 18342 7ff726e016f9 18340->18342 18344 7ff726e14f08 _get_daylight 11 API calls 18341->18344 18345 7ff726e016ff 18342->18345 18346 7ff726e01717 18342->18346 18348 7ff726e01829 18343->18348 18349 7ff726e016d6 18344->18349 18417 7ff726e01210 18345->18417 18351 7ff726e01739 18346->18351 18361 7ff726e01761 18346->18361 18348->17310 18350 7ff726e02910 54 API calls 18349->18350 18357 7ff726e016ef __std_exception_destroy 18350->18357 18353 7ff726e14f08 _get_daylight 11 API calls 18351->18353 18356 7ff726e1039c _fread_nolock 53 API calls 18356->18361 18358 7ff726e017da 18361->18356 18361->18357 18361->18358 18363 7ff726e017c5 18361->18363 18470 7ff726e10adc 18361->18470 18367 7ff726e0718b 18366->18367 18369 7ff726e07144 18366->18369 18367->17310 18369->18367 18503 7ff726e15024 18369->18503 18371 7ff726e041a1 18370->18371 18372 7ff726e044e0 49 API calls 18371->18372 18373 7ff726e041db 18372->18373 18374 7ff726e044e0 49 API calls 18373->18374 18375 7ff726e041eb 18374->18375 18376 7ff726e0420d 18375->18376 18377 7ff726e0423c 18375->18377 18518 7ff726e04110 18376->18518 18379 7ff726e04110 51 API calls 18377->18379 18380 7ff726e0423a 18379->18380 18381 7ff726e0429c 18380->18381 18382 7ff726e04267 18380->18382 18383 7ff726e04110 51 API calls 18381->18383 18525 7ff726e07cf0 18382->18525 18385 7ff726e042c0 18383->18385 18387 7ff726e04110 51 API calls 18385->18387 18399 7ff726e04312 18385->18399 18391 7ff726e042e9 18387->18391 18389 7ff726e04393 18392 7ff726e01950 115 API calls 18389->18392 18396 7ff726e04110 51 API calls 18391->18396 18391->18399 18396->18399 18399->18389 18401 7ff726e0438c 18399->18401 18402 7ff726e04317 18399->18402 18404 7ff726e0437b 18399->18404 18401->18402 18415 7ff726e01c80 49 API calls 18414->18415 18416 7ff726e04474 18415->18416 18416->17310 18418 7ff726e01268 18417->18418 18440 7ff726e045c0 108 API calls 18439->18440 18441 7ff726e0108c 18440->18441 18442 7ff726e01094 18441->18442 18443 7ff726e010a9 18441->18443 18444 7ff726e02710 54 API calls 18442->18444 18445 7ff726e106d4 73 API calls 18443->18445 18451 7ff726e010a4 __std_exception_destroy 18444->18451 18446 7ff726e010bf 18445->18446 18447 7ff726e010e6 18446->18447 18448 7ff726e010c3 18446->18448 18453 7ff726e01122 18447->18453 18454 7ff726e010f7 18447->18454 18449 7ff726e14f08 _get_daylight 11 API calls 18448->18449 18450 7ff726e010c8 18449->18450 18452 7ff726e02910 54 API calls 18450->18452 18451->18323 18459 7ff726e010e1 __std_exception_destroy 18452->18459 18455 7ff726e01129 18453->18455 18464 7ff726e0113c 18453->18464 18456 7ff726e14f08 _get_daylight 11 API calls 18454->18456 18458 7ff726e01210 92 API calls 18455->18458 18457 7ff726e01100 18456->18457 18460 7ff726e02910 54 API calls 18457->18460 18458->18459 18461 7ff726e1004c 74 API calls 18459->18461 18460->18459 18462 7ff726e011b4 18461->18462 18462->18451 18474 7ff726e046f0 18462->18474 18463 7ff726e1039c _fread_nolock 53 API calls 18463->18464 18464->18459 18464->18463 18466 7ff726e011ed 18464->18466 18467 7ff726e14f08 _get_daylight 11 API calls 18466->18467 18468 7ff726e011f2 18467->18468 18504 7ff726e15031 18503->18504 18506 7ff726e1505e 18503->18506 18505 7ff726e14f08 _get_daylight 11 API calls 18504->18505 18510 7ff726e14fe8 18504->18510 18509 7ff726e1503b 18505->18509 18507 7ff726e15081 18506->18507 18508 7ff726e1509d 18506->18508 18511 7ff726e14f08 _get_daylight 11 API calls 18507->18511 18513 7ff726e14f4c 45 API calls 18508->18513 18514 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 18509->18514 18510->18369 18512 7ff726e15086 18511->18512 18515 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 18512->18515 18517 7ff726e15091 18513->18517 18516 7ff726e15046 18514->18516 18515->18517 18516->18369 18517->18369 18519 7ff726e04136 18518->18519 18520 7ff726e14984 49 API calls 18519->18520 18521 7ff726e0415c 18520->18521 18522 7ff726e0416d 18521->18522 18523 7ff726e04560 10 API calls 18521->18523 18522->18380 18524 7ff726e0417f 18523->18524 18524->18380 18526 7ff726e07d05 18525->18526 18527 7ff726e045c0 108 API calls 18526->18527 18528 7ff726e07d2b 18527->18528 18529 7ff726e045c0 108 API calls 18528->18529 18582 7ff726e15ec8 18581->18582 18583 7ff726e15eee 18582->18583 18586 7ff726e15f21 18582->18586 18584 7ff726e14f08 _get_daylight 11 API calls 18583->18584 18585 7ff726e15ef3 18584->18585 18587 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 18585->18587 18588 7ff726e15f27 18586->18588 18589 7ff726e15f34 18586->18589 18599 7ff726e04616 18587->18599 18591 7ff726e14f08 _get_daylight 11 API calls 18588->18591 18600 7ff726e1ac28 18589->18600 18591->18599 18599->17336 18613 7ff726e202d8 EnterCriticalSection 18600->18613 18973 7ff726e178f8 18972->18973 18976 7ff726e173d4 18973->18976 18975 7ff726e17911 18975->17346 18977 7ff726e1741e 18976->18977 18978 7ff726e173ef 18976->18978 18986 7ff726e1546c EnterCriticalSection 18977->18986 18980 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 18978->18980 18981 7ff726e1740f 18980->18981 18981->18975 18988 7ff726e0fe71 18987->18988 18989 7ff726e0fe43 18987->18989 18996 7ff726e0fe63 18988->18996 18997 7ff726e1546c EnterCriticalSection 18988->18997 18990 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 18989->18990 18990->18996 18996->17350 18999 7ff726e045c0 108 API calls 18998->18999 19000 7ff726e01493 18999->19000 19001 7ff726e014bc 19000->19001 19002 7ff726e0149b 19000->19002 19004 7ff726e106d4 73 API calls 19001->19004 19003 7ff726e02710 54 API calls 19002->19003 19006 7ff726e014ab 19003->19006 19005 7ff726e014d1 19004->19005 19007 7ff726e014d5 19005->19007 19010 7ff726e014f8 19005->19010 19006->17383 19008 7ff726e14f08 _get_daylight 11 API calls 19007->19008 19009 7ff726e014da 19008->19009 19011 7ff726e02910 54 API calls 19009->19011 19012 7ff726e01532 19010->19012 19013 7ff726e01508 19010->19013 19018 7ff726e014f3 __std_exception_destroy 19011->19018 19015 7ff726e01538 19012->19015 19023 7ff726e0154b 19012->19023 19014 7ff726e14f08 _get_daylight 11 API calls 19013->19014 19017 7ff726e01510 19014->19017 19016 7ff726e01210 92 API calls 19015->19016 19016->19018 19019 7ff726e02910 54 API calls 19017->19019 19020 7ff726e1004c 74 API calls 19018->19020 19019->19018 19022 7ff726e1039c _fread_nolock 53 API calls 19022->19023 19023->19018 19023->19022 19024 7ff726e015d6 19023->19024 19025 7ff726e14f08 _get_daylight 11 API calls 19024->19025 19105 7ff726e06375 19104->19105 19106 7ff726e01c80 49 API calls 19105->19106 19107 7ff726e063b1 19106->19107 19108 7ff726e063dd 19107->19108 19109 7ff726e063ba 19107->19109 19111 7ff726e04630 49 API calls 19108->19111 19110 7ff726e02710 54 API calls 19109->19110 19134 7ff726e063d3 19110->19134 19112 7ff726e063f5 19111->19112 19113 7ff726e06413 19112->19113 19116 7ff726e02710 54 API calls 19112->19116 19114 7ff726e04560 10 API calls 19113->19114 19117 7ff726e0641d 19114->19117 19115 7ff726e0c550 _log10_special 8 API calls 19118 7ff726e0336e 19115->19118 19116->19113 19119 7ff726e0642b 19117->19119 19120 7ff726e08e80 3 API calls 19117->19120 19118->17457 19135 7ff726e06500 19118->19135 19121 7ff726e04630 49 API calls 19119->19121 19120->19119 19122 7ff726e06444 19121->19122 19123 7ff726e06469 19122->19123 19124 7ff726e06449 19122->19124 19134->19115 19284 7ff726e05400 19135->19284 19137 7ff726e06526 19138 7ff726e0653f 19137->19138 19139 7ff726e0652e 19137->19139 19286 7ff726e0542c 19284->19286 19285 7ff726e05434 19285->19137 19286->19285 19289 7ff726e055d4 19286->19289 19315 7ff726e16aa4 19286->19315 19287 7ff726e05797 __std_exception_destroy 19287->19137 19288 7ff726e047d0 47 API calls 19288->19289 19289->19287 19289->19288 19316 7ff726e16ad4 19315->19316 19377->17459 19379 7ff726e1b150 __GetCurrentState 45 API calls 19378->19379 19380 7ff726e1a3e1 19379->19380 19381 7ff726e1a504 __GetCurrentState 45 API calls 19380->19381 19382 7ff726e1a401 19381->19382 16733 7ff726e15628 16734 7ff726e1565f 16733->16734 16735 7ff726e15642 16733->16735 16734->16735 16737 7ff726e15672 CreateFileW 16734->16737 16758 7ff726e14ee8 16735->16758 16739 7ff726e156dc 16737->16739 16740 7ff726e156a6 16737->16740 16787 7ff726e15c04 16739->16787 16761 7ff726e1577c GetFileType 16740->16761 16743 7ff726e14f08 _get_daylight 11 API calls 16746 7ff726e1564f 16743->16746 16751 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16746->16751 16747 7ff726e156bb CloseHandle 16752 7ff726e1565a 16747->16752 16748 7ff726e156d1 CloseHandle 16748->16752 16749 7ff726e15710 16808 7ff726e159c4 16749->16808 16750 7ff726e156e5 16753 7ff726e14e7c _fread_nolock 11 API calls 16750->16753 16751->16752 16757 7ff726e156ef 16753->16757 16757->16752 16759 7ff726e1b2c8 _get_daylight 11 API calls 16758->16759 16760 7ff726e14ef1 16759->16760 16760->16743 16762 7ff726e15887 16761->16762 16763 7ff726e157ca 16761->16763 16765 7ff726e1588f 16762->16765 16766 7ff726e158b1 16762->16766 16764 7ff726e157f6 GetFileInformationByHandle 16763->16764 16767 7ff726e15b00 21 API calls 16763->16767 16768 7ff726e1581f 16764->16768 16769 7ff726e158a2 GetLastError 16764->16769 16765->16769 16770 7ff726e15893 16765->16770 16771 7ff726e158d4 PeekNamedPipe 16766->16771 16778 7ff726e15872 16766->16778 16772 7ff726e157e4 16767->16772 16773 7ff726e159c4 51 API calls 16768->16773 16775 7ff726e14e7c _fread_nolock 11 API calls 16769->16775 16774 7ff726e14f08 _get_daylight 11 API calls 16770->16774 16771->16778 16772->16764 16772->16778 16777 7ff726e1582a 16773->16777 16774->16778 16775->16778 16776 7ff726e0c550 _log10_special 8 API calls 16779 7ff726e156b4 16776->16779 16825 7ff726e15924 16777->16825 16778->16776 16779->16747 16779->16748 16782 7ff726e15924 10 API calls 16783 7ff726e15849 16782->16783 16784 7ff726e15924 10 API calls 16783->16784 16785 7ff726e1585a 16784->16785 16785->16778 16786 7ff726e14f08 _get_daylight 11 API calls 16785->16786 16786->16778 16788 7ff726e15c3a 16787->16788 16789 7ff726e14f08 _get_daylight 11 API calls 16788->16789 16807 7ff726e15cd2 __std_exception_destroy 16788->16807 16791 7ff726e15c4c 16789->16791 16790 7ff726e0c550 _log10_special 8 API calls 16792 7ff726e156e1 16790->16792 16793 7ff726e14f08 _get_daylight 11 API calls 16791->16793 16792->16749 16792->16750 16794 7ff726e15c54 16793->16794 16832 7ff726e17e08 16794->16832 16796 7ff726e15c69 16797 7ff726e15c7b 16796->16797 16798 7ff726e15c71 16796->16798 16800 7ff726e14f08 _get_daylight 11 API calls 16797->16800 16799 7ff726e14f08 _get_daylight 11 API calls 16798->16799 16804 7ff726e15c76 16799->16804 16801 7ff726e15c80 16800->16801 16802 7ff726e14f08 _get_daylight 11 API calls 16801->16802 16801->16807 16803 7ff726e15c8a 16802->16803 16805 7ff726e17e08 45 API calls 16803->16805 16806 7ff726e15cc4 GetDriveTypeW 16804->16806 16804->16807 16805->16804 16806->16807 16807->16790 16810 7ff726e159ec 16808->16810 16809 7ff726e1571d 16818 7ff726e15b00 16809->16818 16810->16809 16926 7ff726e1f724 16810->16926 16812 7ff726e15a80 16812->16809 16813 7ff726e1f724 51 API calls 16812->16813 16814 7ff726e15a93 16813->16814 16814->16809 16815 7ff726e1f724 51 API calls 16814->16815 16816 7ff726e15aa6 16815->16816 16816->16809 16817 7ff726e1f724 51 API calls 16816->16817 16817->16809 16819 7ff726e15b1a 16818->16819 16820 7ff726e15b51 16819->16820 16821 7ff726e15b2a 16819->16821 16822 7ff726e1f5b8 21 API calls 16820->16822 16823 7ff726e14e7c _fread_nolock 11 API calls 16821->16823 16824 7ff726e15b3a 16821->16824 16822->16824 16823->16824 16824->16757 16826 7ff726e1594d FileTimeToSystemTime 16825->16826 16827 7ff726e15940 16825->16827 16828 7ff726e15948 16826->16828 16829 7ff726e15961 SystemTimeToTzSpecificLocalTime 16826->16829 16827->16826 16827->16828 16830 7ff726e0c550 _log10_special 8 API calls 16828->16830 16829->16828 16831 7ff726e15839 16830->16831 16831->16782 16833 7ff726e17e92 16832->16833 16834 7ff726e17e24 16832->16834 16869 7ff726e207c0 16833->16869 16834->16833 16835 7ff726e17e29 16834->16835 16837 7ff726e17e5e 16835->16837 16838 7ff726e17e41 16835->16838 16852 7ff726e17c4c GetFullPathNameW 16837->16852 16844 7ff726e17bd8 GetFullPathNameW 16838->16844 16843 7ff726e17e56 __std_exception_destroy 16843->16796 16845 7ff726e17bfe GetLastError 16844->16845 16847 7ff726e17c14 16844->16847 16846 7ff726e14e7c _fread_nolock 11 API calls 16845->16846 16848 7ff726e17c0b 16846->16848 16849 7ff726e17c10 16847->16849 16850 7ff726e14f08 _get_daylight 11 API calls 16847->16850 16851 7ff726e14f08 _get_daylight 11 API calls 16848->16851 16849->16843 16850->16849 16851->16849 16853 7ff726e17c7f GetLastError 16852->16853 16856 7ff726e17c95 __std_exception_destroy 16852->16856 16854 7ff726e14e7c _fread_nolock 11 API calls 16853->16854 16855 7ff726e17c8c 16854->16855 16857 7ff726e14f08 _get_daylight 11 API calls 16855->16857 16858 7ff726e17c91 16856->16858 16859 7ff726e17cef GetFullPathNameW 16856->16859 16857->16858 16860 7ff726e17d24 16858->16860 16859->16853 16859->16858 16864 7ff726e17d98 memcpy_s 16860->16864 16865 7ff726e17d4d __scrt_get_show_window_mode 16860->16865 16861 7ff726e17d81 16862 7ff726e14f08 _get_daylight 11 API calls 16861->16862 16863 7ff726e17d86 16862->16863 16866 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16863->16866 16864->16843 16865->16861 16865->16864 16867 7ff726e17dba 16865->16867 16866->16864 16867->16864 16868 7ff726e14f08 _get_daylight 11 API calls 16867->16868 16868->16863 16872 7ff726e205d0 16869->16872 16873 7ff726e205fb 16872->16873 16874 7ff726e20612 16872->16874 16875 7ff726e14f08 _get_daylight 11 API calls 16873->16875 16876 7ff726e20637 16874->16876 16877 7ff726e20616 16874->16877 16879 7ff726e20600 16875->16879 16910 7ff726e1f5b8 16876->16910 16898 7ff726e2073c 16877->16898 16883 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16879->16883 16881 7ff726e2063c 16886 7ff726e206e1 16881->16886 16893 7ff726e20663 16881->16893 16894 7ff726e2060b __std_exception_destroy 16883->16894 16884 7ff726e2061f 16885 7ff726e14ee8 _fread_nolock 11 API calls 16884->16885 16887 7ff726e20624 16885->16887 16886->16873 16888 7ff726e206e9 16886->16888 16890 7ff726e14f08 _get_daylight 11 API calls 16887->16890 16891 7ff726e17bd8 13 API calls 16888->16891 16889 7ff726e0c550 _log10_special 8 API calls 16892 7ff726e20731 16889->16892 16890->16879 16891->16894 16892->16843 16895 7ff726e17c4c 14 API calls 16893->16895 16894->16889 16896 7ff726e206a7 16895->16896 16896->16894 16897 7ff726e17d24 37 API calls 16896->16897 16897->16894 16899 7ff726e20786 16898->16899 16900 7ff726e20756 16898->16900 16901 7ff726e20791 GetDriveTypeW 16899->16901 16903 7ff726e20771 16899->16903 16902 7ff726e14ee8 _fread_nolock 11 API calls 16900->16902 16901->16903 16904 7ff726e2075b 16902->16904 16905 7ff726e0c550 _log10_special 8 API calls 16903->16905 16906 7ff726e14f08 _get_daylight 11 API calls 16904->16906 16907 7ff726e2061b 16905->16907 16908 7ff726e20766 16906->16908 16907->16881 16907->16884 16909 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16908->16909 16909->16903 16924 7ff726e2a4d0 16910->16924 16912 7ff726e1f5ee GetCurrentDirectoryW 16913 7ff726e1f62c 16912->16913 16914 7ff726e1f605 16912->16914 16915 7ff726e1eb98 _get_daylight 11 API calls 16913->16915 16916 7ff726e0c550 _log10_special 8 API calls 16914->16916 16917 7ff726e1f63b 16915->16917 16918 7ff726e1f699 16916->16918 16919 7ff726e1f654 16917->16919 16920 7ff726e1f645 GetCurrentDirectoryW 16917->16920 16918->16881 16921 7ff726e14f08 _get_daylight 11 API calls 16919->16921 16920->16919 16922 7ff726e1f659 16920->16922 16921->16922 16923 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16922->16923 16923->16914 16925 7ff726e2a4c0 16924->16925 16925->16912 16925->16925 16927 7ff726e1f755 16926->16927 16928 7ff726e1f731 16926->16928 16931 7ff726e1f78f 16927->16931 16932 7ff726e1f7ae 16927->16932 16928->16927 16929 7ff726e1f736 16928->16929 16930 7ff726e14f08 _get_daylight 11 API calls 16929->16930 16933 7ff726e1f73b 16930->16933 16934 7ff726e14f08 _get_daylight 11 API calls 16931->16934 16935 7ff726e14f4c 45 API calls 16932->16935 16936 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16933->16936 16937 7ff726e1f794 16934->16937 16941 7ff726e1f7bb 16935->16941 16938 7ff726e1f746 16936->16938 16939 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16937->16939 16938->16812 16940 7ff726e1f79f 16939->16940 16940->16812 16941->16940 16942 7ff726e204dc 51 API calls 16941->16942 16942->16941 20138 7ff726e216b0 20149 7ff726e273e4 20138->20149 20150 7ff726e273f1 20149->20150 20151 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20150->20151 20152 7ff726e2740d 20150->20152 20151->20150 20153 7ff726e1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20152->20153 20154 7ff726e216b9 20152->20154 20153->20152 20155 7ff726e202d8 EnterCriticalSection 20154->20155 19905 7ff726e1c520 19916 7ff726e202d8 EnterCriticalSection 19905->19916

                                                                                  Executed Functions

                                                                                  Function 00007FF726E089E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 7ff726e089e0-7ff726e08b26 call 7ff726e0c850 call 7ff726e09390 SetConsoleCtrlHandler GetStartupInfoW call 7ff726e153f0 call 7ff726e1a47c call 7ff726e1871c call 7ff726e153f0 call 7ff726e1a47c call 7ff726e1871c call 7ff726e153f0 call 7ff726e1a47c call 7ff726e1871c GetCommandLineW CreateProcessW 23 7ff726e08b28-7ff726e08b48 GetLastError call 7ff726e02c50 0->23 24 7ff726e08b4d-7ff726e08b89 RegisterClassW 0->24 32 7ff726e08e39-7ff726e08e5f call 7ff726e0c550 23->32 26 7ff726e08b8b GetLastError 24->26 27 7ff726e08b91-7ff726e08be5 CreateWindowExW 24->27 26->27 29 7ff726e08be7-7ff726e08bed GetLastError 27->29 30 7ff726e08bef-7ff726e08bf4 ShowWindow 27->30 31 7ff726e08bfa-7ff726e08c0a WaitForSingleObject 29->31 30->31 33 7ff726e08c88-7ff726e08c8f 31->33 34 7ff726e08c0c 31->34 37 7ff726e08c91-7ff726e08ca1 WaitForSingleObject 33->37 38 7ff726e08cd2-7ff726e08cd9 33->38 36 7ff726e08c10-7ff726e08c13 34->36 40 7ff726e08c1b-7ff726e08c22 36->40 41 7ff726e08c15 GetLastError 36->41 42 7ff726e08ca7-7ff726e08cb7 TerminateProcess 37->42 43 7ff726e08df8-7ff726e08e02 37->43 44 7ff726e08cdf-7ff726e08cf5 QueryPerformanceFrequency QueryPerformanceCounter 38->44 45 7ff726e08dc0-7ff726e08dd9 GetMessageW 38->45 40->37 46 7ff726e08c24-7ff726e08c41 PeekMessageW 40->46 41->40 51 7ff726e08cb9 GetLastError 42->51 52 7ff726e08cbf-7ff726e08ccd WaitForSingleObject 42->52 49 7ff726e08e11-7ff726e08e35 GetExitCodeProcess CloseHandle * 2 43->49 50 7ff726e08e04-7ff726e08e0a DestroyWindow 43->50 53 7ff726e08d00-7ff726e08d38 MsgWaitForMultipleObjects PeekMessageW 44->53 47 7ff726e08ddb-7ff726e08de9 TranslateMessage DispatchMessageW 45->47 48 7ff726e08def-7ff726e08df6 45->48 56 7ff726e08c43-7ff726e08c74 TranslateMessage DispatchMessageW PeekMessageW 46->56 57 7ff726e08c76-7ff726e08c86 WaitForSingleObject 46->57 47->48 48->43 48->45 49->32 50->49 51->52 52->43 54 7ff726e08d3a 53->54 55 7ff726e08d73-7ff726e08d7a 53->55 58 7ff726e08d40-7ff726e08d71 TranslateMessage DispatchMessageW PeekMessageW 54->58 55->45 59 7ff726e08d7c-7ff726e08da5 QueryPerformanceCounter 55->59 56->56 56->57 57->33 57->36 58->55 58->58 59->53 60 7ff726e08dab-7ff726e08db2 59->60 60->43 61 7ff726e08db4-7ff726e08db8 60->61 61->45
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                  • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                  • API String ID: 3832162212-3165540532
                                                                                  • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                  • Instruction ID: 56140732dd04518c015a7d1226bcb9f96f425fcabec3390561e6e55cf2cd54cf
                                                                                  • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                  • Instruction Fuzzy Hash: 5AD16031E08A8286EB10AF74EC542ABB766FF84B58F80023BDA5D53A94DF3CD545CB10
                                                                                  Function 00007FF726E01000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 62 7ff726e01000-7ff726e03806 call 7ff726e0fe18 call 7ff726e0fe20 call 7ff726e0c850 call 7ff726e153f0 call 7ff726e15484 call 7ff726e036b0 76 7ff726e03814-7ff726e03836 call 7ff726e01950 62->76 77 7ff726e03808-7ff726e0380f 62->77 82 7ff726e0383c-7ff726e03856 call 7ff726e01c80 76->82 83 7ff726e0391b-7ff726e03931 call 7ff726e045c0 76->83 78 7ff726e03c97-7ff726e03cb2 call 7ff726e0c550 77->78 87 7ff726e0385b-7ff726e0389b call 7ff726e08830 82->87 90 7ff726e03933-7ff726e03960 call 7ff726e07f90 83->90 91 7ff726e0396a-7ff726e0397f call 7ff726e02710 83->91 96 7ff726e038c1-7ff726e038cc call 7ff726e14f30 87->96 97 7ff726e0389d-7ff726e038a3 87->97 103 7ff726e03984-7ff726e039a6 call 7ff726e01c80 90->103 104 7ff726e03962-7ff726e03965 call 7ff726e1004c 90->104 99 7ff726e03c8f 91->99 111 7ff726e038d2-7ff726e038e1 call 7ff726e08830 96->111 112 7ff726e039fc-7ff726e03a2a call 7ff726e08940 call 7ff726e089a0 * 3 96->112 100 7ff726e038a5-7ff726e038ad 97->100 101 7ff726e038af-7ff726e038bd call 7ff726e089a0 97->101 99->78 100->101 101->96 114 7ff726e039b0-7ff726e039b9 103->114 104->91 119 7ff726e039f4-7ff726e039f7 call 7ff726e14f30 111->119 120 7ff726e038e7-7ff726e038ed 111->120 138 7ff726e03a2f-7ff726e03a3e call 7ff726e08830 112->138 114->114 118 7ff726e039bb-7ff726e039d8 call 7ff726e01950 114->118 118->87 130 7ff726e039de-7ff726e039ef call 7ff726e02710 118->130 119->112 123 7ff726e038f0-7ff726e038fc 120->123 127 7ff726e03905-7ff726e03908 123->127 128 7ff726e038fe-7ff726e03903 123->128 127->119 131 7ff726e0390e-7ff726e03916 call 7ff726e14f30 127->131 128->123 128->127 130->99 131->138 141 7ff726e03b45-7ff726e03b53 138->141 142 7ff726e03a44-7ff726e03a47 138->142 143 7ff726e03b59-7ff726e03b5d 141->143 144 7ff726e03a67 141->144 142->141 145 7ff726e03a4d-7ff726e03a50 142->145 146 7ff726e03a6b-7ff726e03a90 call 7ff726e14f30 143->146 144->146 147 7ff726e03a56-7ff726e03a5a 145->147 148 7ff726e03b14-7ff726e03b17 145->148 156 7ff726e03a92-7ff726e03aa6 call 7ff726e08940 146->156 157 7ff726e03aab-7ff726e03ac0 146->157 147->148 150 7ff726e03a60 147->150 151 7ff726e03b2f-7ff726e03b40 call 7ff726e02710 148->151 152 7ff726e03b19-7ff726e03b1d 148->152 150->144 160 7ff726e03c7f-7ff726e03c87 151->160 152->151 155 7ff726e03b1f-7ff726e03b2a 152->155 155->146 156->157 161 7ff726e03ac6-7ff726e03aca 157->161 162 7ff726e03be8-7ff726e03bfa call 7ff726e08830 157->162 160->99 164 7ff726e03ad0-7ff726e03ae8 call 7ff726e15250 161->164 165 7ff726e03bcd-7ff726e03be2 call 7ff726e01940 161->165 170 7ff726e03c2e 162->170 171 7ff726e03bfc-7ff726e03c02 162->171 175 7ff726e03b62-7ff726e03b7a call 7ff726e15250 164->175 176 7ff726e03aea-7ff726e03b02 call 7ff726e15250 164->176 165->161 165->162 177 7ff726e03c31-7ff726e03c40 call 7ff726e14f30 170->177 173 7ff726e03c04-7ff726e03c1c 171->173 174 7ff726e03c1e-7ff726e03c2c 171->174 173->177 174->177 184 7ff726e03b7c-7ff726e03b80 175->184 185 7ff726e03b87-7ff726e03b9f call 7ff726e15250 175->185 176->165 186 7ff726e03b08-7ff726e03b0f 176->186 187 7ff726e03c46-7ff726e03c4a 177->187 188 7ff726e03d41-7ff726e03d63 call 7ff726e044e0 177->188 184->185 201 7ff726e03ba1-7ff726e03ba5 185->201 202 7ff726e03bac-7ff726e03bc4 call 7ff726e15250 185->202 186->165 191 7ff726e03cd4-7ff726e03ce6 call 7ff726e08830 187->191 192 7ff726e03c50-7ff726e03c5f call 7ff726e090e0 187->192 199 7ff726e03d65-7ff726e03d6f call 7ff726e04630 188->199 200 7ff726e03d71-7ff726e03d82 call 7ff726e01c80 188->200 205 7ff726e03d35-7ff726e03d3c 191->205 206 7ff726e03ce8-7ff726e03ceb 191->206 203 7ff726e03cb3-7ff726e03cb6 call 7ff726e08660 192->203 204 7ff726e03c61 192->204 213 7ff726e03d87-7ff726e03d96 199->213 200->213 201->202 202->165 216 7ff726e03bc6 202->216 221 7ff726e03cbb-7ff726e03cbd 203->221 210 7ff726e03c68 call 7ff726e02710 204->210 205->210 206->205 211 7ff726e03ced-7ff726e03d10 call 7ff726e01c80 206->211 222 7ff726e03c6d-7ff726e03c77 210->222 228 7ff726e03d12-7ff726e03d26 call 7ff726e02710 call 7ff726e14f30 211->228 229 7ff726e03d2b-7ff726e03d33 call 7ff726e14f30 211->229 219 7ff726e03dbc-7ff726e03dd2 call 7ff726e09390 213->219 220 7ff726e03d98-7ff726e03d9f 213->220 216->165 234 7ff726e03dd4 219->234 235 7ff726e03de0-7ff726e03dfc SetDllDirectoryW 219->235 220->219 224 7ff726e03da1-7ff726e03da5 220->224 226 7ff726e03cbf-7ff726e03cc6 221->226 227 7ff726e03cc8-7ff726e03ccf 221->227 222->160 224->219 230 7ff726e03da7-7ff726e03db6 LoadLibraryExW 224->230 226->210 227->213 228->222 229->213 230->219 234->235 236 7ff726e03e02-7ff726e03e11 call 7ff726e08830 235->236 237 7ff726e03ef9-7ff726e03f00 235->237 250 7ff726e03e13-7ff726e03e19 236->250 251 7ff726e03e2a-7ff726e03e34 call 7ff726e14f30 236->251 242 7ff726e03f06-7ff726e03f0d 237->242 243 7ff726e04000-7ff726e04008 237->243 242->243 248 7ff726e03f13-7ff726e03f1d call 7ff726e033c0 242->248 244 7ff726e0402d-7ff726e0405f call 7ff726e036a0 call 7ff726e03360 call 7ff726e03670 call 7ff726e06fc0 call 7ff726e06d70 243->244 245 7ff726e0400a-7ff726e04027 PostMessageW GetMessageW 243->245 245->244 248->222 258 7ff726e03f23-7ff726e03f37 call 7ff726e090c0 248->258 255 7ff726e03e25-7ff726e03e27 250->255 256 7ff726e03e1b-7ff726e03e23 250->256 263 7ff726e03eea-7ff726e03ef4 call 7ff726e08940 251->263 264 7ff726e03e3a-7ff726e03e40 251->264 255->251 256->255 269 7ff726e03f5c-7ff726e03f98 call 7ff726e08940 call 7ff726e089e0 call 7ff726e06fc0 call 7ff726e06d70 call 7ff726e088e0 258->269 270 7ff726e03f39-7ff726e03f56 PostMessageW GetMessageW 258->270 263->237 264->263 268 7ff726e03e46-7ff726e03e4c 264->268 272 7ff726e03e4e-7ff726e03e50 268->272 273 7ff726e03e57-7ff726e03e59 268->273 308 7ff726e03f9d-7ff726e03f9f 269->308 270->269 274 7ff726e03e5f-7ff726e03e7b call 7ff726e06dc0 call 7ff726e07340 272->274 277 7ff726e03e52 272->277 273->237 273->274 289 7ff726e03e86-7ff726e03e8d 274->289 290 7ff726e03e7d-7ff726e03e84 274->290 277->237 293 7ff726e03e8f-7ff726e03e9c call 7ff726e06e00 289->293 294 7ff726e03ea7-7ff726e03eb1 call 7ff726e071b0 289->294 292 7ff726e03ed3-7ff726e03ee8 call 7ff726e02a50 call 7ff726e06fc0 call 7ff726e06d70 290->292 292->237 293->294 305 7ff726e03e9e-7ff726e03ea5 293->305 306 7ff726e03eb3-7ff726e03eba 294->306 307 7ff726e03ebc-7ff726e03eca call 7ff726e074f0 294->307 305->292 306->292 307->237 317 7ff726e03ecc 307->317 310 7ff726e03fa1-7ff726e03fb7 call 7ff726e08ed0 call 7ff726e088e0 308->310 311 7ff726e03fed-7ff726e03ffb call 7ff726e01900 308->311 310->311 323 7ff726e03fb9-7ff726e03fce 310->323 311->222 317->292 324 7ff726e03fd0-7ff726e03fe3 call 7ff726e02710 call 7ff726e01900 323->324 325 7ff726e03fe8 call 7ff726e02a50 323->325 324->222 325->311
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastModuleName
                                                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                  • API String ID: 2776309574-4232158417
                                                                                  • Opcode ID: a80fa7731cb86c6de5e52eb200f65b77ed6edd5c521eca37bca620820f6c168b
                                                                                  • Instruction ID: 36ace8a8618e099710f8a54f217c590f9a5a4fc13b9795f6e23a2ec0b953fd28
                                                                                  • Opcode Fuzzy Hash: a80fa7731cb86c6de5e52eb200f65b77ed6edd5c521eca37bca620820f6c168b
                                                                                  • Instruction Fuzzy Hash: 49326961E0CA8391FA19BB219C543BBA2A2FF54784FC44037DA5D572C6EF2CE559CB20
                                                                                  Function 00007FF726E26964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 538 7ff726e26964-7ff726e269d7 call 7ff726e26698 541 7ff726e269d9-7ff726e269e2 call 7ff726e14ee8 538->541 542 7ff726e269f1-7ff726e269fb call 7ff726e18520 538->542 549 7ff726e269e5-7ff726e269ec call 7ff726e14f08 541->549 547 7ff726e269fd-7ff726e26a14 call 7ff726e14ee8 call 7ff726e14f08 542->547 548 7ff726e26a16-7ff726e26a7f CreateFileW 542->548 547->549 551 7ff726e26afc-7ff726e26b07 GetFileType 548->551 552 7ff726e26a81-7ff726e26a87 548->552 560 7ff726e26d32-7ff726e26d52 549->560 554 7ff726e26b5a-7ff726e26b61 551->554 555 7ff726e26b09-7ff726e26b44 GetLastError call 7ff726e14e7c CloseHandle 551->555 557 7ff726e26ac9-7ff726e26af7 GetLastError call 7ff726e14e7c 552->557 558 7ff726e26a89-7ff726e26a8d 552->558 563 7ff726e26b69-7ff726e26b6c 554->563 564 7ff726e26b63-7ff726e26b67 554->564 555->549 572 7ff726e26b4a-7ff726e26b55 call 7ff726e14f08 555->572 557->549 558->557 565 7ff726e26a8f-7ff726e26ac7 CreateFileW 558->565 569 7ff726e26b72-7ff726e26bc7 call 7ff726e18438 563->569 570 7ff726e26b6e 563->570 564->569 565->551 565->557 577 7ff726e26bc9-7ff726e26bd5 call 7ff726e268a0 569->577 578 7ff726e26be6-7ff726e26c17 call 7ff726e26418 569->578 570->569 572->549 577->578 583 7ff726e26bd7 577->583 584 7ff726e26c19-7ff726e26c1b 578->584 585 7ff726e26c1d-7ff726e26c5f 578->585 586 7ff726e26bd9-7ff726e26be1 call 7ff726e1aac0 583->586 584->586 587 7ff726e26c81-7ff726e26c8c 585->587 588 7ff726e26c61-7ff726e26c65 585->588 586->560 591 7ff726e26d30 587->591 592 7ff726e26c92-7ff726e26c96 587->592 588->587 590 7ff726e26c67-7ff726e26c7c 588->590 590->587 591->560 592->591 594 7ff726e26c9c-7ff726e26ce1 CloseHandle CreateFileW 592->594 595 7ff726e26ce3-7ff726e26d11 GetLastError call 7ff726e14e7c call 7ff726e18660 594->595 596 7ff726e26d16-7ff726e26d2b 594->596 595->596 596->591
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                  • String ID:
                                                                                  • API String ID: 1617910340-0
                                                                                  • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                  • Instruction ID: d94d13ed960abd6dd14c3491b78fb4c6b468c923bbfe3c44ff672fe62494b810
                                                                                  • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                  • Instruction Fuzzy Hash: F8C1E272F24A4186EB10EF64CC806AE7762FB49B98B91533ADE1E57394CF38D451CB10
                                                                                  Function 00007FF726E083C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • FindFirstFileW.KERNELBASE(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E0842B
                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E084AE
                                                                                  • DeleteFileW.KERNELBASE(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E084CD
                                                                                  • FindNextFileW.KERNELBASE(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E084DB
                                                                                  • FindClose.KERNEL32(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E084EC
                                                                                  • RemoveDirectoryW.KERNELBASE(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E084F5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                  • String ID: %s\*
                                                                                  • API String ID: 1057558799-766152087
                                                                                  • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                  • Instruction ID: 7c2a83fcedb87547829ed67f4f862d7e894d9407eb727fc0614df0344199e5b4
                                                                                  • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                  • Instruction Fuzzy Hash: CE416221E0CA4295EE20BB64EC541BBA365FB94754FC00237E6AD526D4EF3CE54ACF60
                                                                                  Function 00007FF726E09280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Find$CloseFileFirst
                                                                                  • String ID:
                                                                                  • API String ID: 2295610775-0
                                                                                  • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                  • Instruction ID: b0b17fe3371bf06a47cbcc4231106e2ff3b1792dabb739556ce8c2a2ca4a1df2
                                                                                  • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                  • Instruction Fuzzy Hash: 27F0A422E1874286F760AF60BC98767B350FB94728F841236D96D126D4DF3CD0588E00
                                                                                  Function 00007FF726E208C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentFeaturePresentProcessProcessor
                                                                                  • String ID:
                                                                                  • API String ID: 1010374628-0
                                                                                  • Opcode ID: 2068119877664191475029464a100297a906049d817fca43118a3528d97b0ad3
                                                                                  • Instruction ID: b8968aa2d182341e64b3c74693d59f730c2eb6f65b280cdb9abab754dc8b16ff
                                                                                  • Opcode Fuzzy Hash: 2068119877664191475029464a100297a906049d817fca43118a3528d97b0ad3
                                                                                  • Instruction Fuzzy Hash: B402E361E1D68242FA65BB259C1027BE683FF41BA0FD5463BDE5D063D9DE3DA8408B30
                                                                                  Function 00007FF726E01950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 331 7ff726e01950-7ff726e0198b call 7ff726e045c0 334 7ff726e01991-7ff726e019d1 call 7ff726e07f90 331->334 335 7ff726e01c4e-7ff726e01c72 call 7ff726e0c550 331->335 340 7ff726e01c3b-7ff726e01c3e call 7ff726e1004c 334->340 341 7ff726e019d7-7ff726e019e7 call 7ff726e106d4 334->341 344 7ff726e01c43-7ff726e01c4b 340->344 346 7ff726e019e9-7ff726e01a03 call 7ff726e14f08 call 7ff726e02910 341->346 347 7ff726e01a08-7ff726e01a24 call 7ff726e1039c 341->347 344->335 346->340 353 7ff726e01a26-7ff726e01a40 call 7ff726e14f08 call 7ff726e02910 347->353 354 7ff726e01a45-7ff726e01a5a call 7ff726e14f28 347->354 353->340 361 7ff726e01a5c-7ff726e01a76 call 7ff726e14f08 call 7ff726e02910 354->361 362 7ff726e01a7b-7ff726e01afc call 7ff726e01c80 * 2 call 7ff726e106d4 354->362 361->340 373 7ff726e01b01-7ff726e01b14 call 7ff726e14f44 362->373 376 7ff726e01b16-7ff726e01b30 call 7ff726e14f08 call 7ff726e02910 373->376 377 7ff726e01b35-7ff726e01b4e call 7ff726e1039c 373->377 376->340 383 7ff726e01b50-7ff726e01b6a call 7ff726e14f08 call 7ff726e02910 377->383 384 7ff726e01b6f-7ff726e01b8b call 7ff726e10110 377->384 383->340 391 7ff726e01b9e-7ff726e01bac 384->391 392 7ff726e01b8d-7ff726e01b99 call 7ff726e02710 384->392 391->340 393 7ff726e01bb2-7ff726e01bb9 391->393 392->340 396 7ff726e01bc1-7ff726e01bc7 393->396 398 7ff726e01be0-7ff726e01bef 396->398 399 7ff726e01bc9-7ff726e01bd6 396->399 398->398 400 7ff726e01bf1-7ff726e01bfa 398->400 399->400 401 7ff726e01c0f 400->401 402 7ff726e01bfc-7ff726e01bff 400->402 404 7ff726e01c11-7ff726e01c24 401->404 402->401 403 7ff726e01c01-7ff726e01c04 402->403 403->401 405 7ff726e01c06-7ff726e01c09 403->405 406 7ff726e01c26 404->406 407 7ff726e01c2d-7ff726e01c39 404->407 405->401 408 7ff726e01c0b-7ff726e01c0d 405->408 406->407 407->340 407->396 408->404
                                                                                  APIs
                                                                                    • Part of subcall function 00007FF726E07F90: _fread_nolock.LIBCMT ref: 00007FF726E0803A
                                                                                  • _fread_nolock.LIBCMT ref: 00007FF726E01A1B
                                                                                    • Part of subcall function 00007FF726E02910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF726E01B6A), ref: 00007FF726E0295E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _fread_nolock$CurrentProcess
                                                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                  • API String ID: 2397952137-3497178890
                                                                                  • Opcode ID: 358a0fc5abdec1ccfacfd9a46411b20eae68398abff90d0c05f3713689534eb0
                                                                                  • Instruction ID: a2ee23256ed109afe47e5df1fe58f8861e3c0d0d1fae9f5d6ed8b0facd1eded0
                                                                                  • Opcode Fuzzy Hash: 358a0fc5abdec1ccfacfd9a46411b20eae68398abff90d0c05f3713689534eb0
                                                                                  • Instruction Fuzzy Hash: EA817F71E0868686EB24FB649C813FAA3A1FF48744F844437E98D5B785DE3CE5858F60
                                                                                  Function 00007FF726E01600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 409 7ff726e01600-7ff726e01611 410 7ff726e01613-7ff726e0161c call 7ff726e01050 409->410 411 7ff726e01637-7ff726e01651 call 7ff726e045c0 409->411 416 7ff726e0162e-7ff726e01636 410->416 417 7ff726e0161e-7ff726e01629 call 7ff726e02710 410->417 418 7ff726e01653-7ff726e01681 call 7ff726e14f08 call 7ff726e02910 411->418 419 7ff726e01682-7ff726e0169c call 7ff726e045c0 411->419 417->416 425 7ff726e0169e-7ff726e016b3 call 7ff726e02710 419->425 426 7ff726e016b8-7ff726e016cf call 7ff726e106d4 419->426 433 7ff726e01821-7ff726e01824 call 7ff726e1004c 425->433 434 7ff726e016d1-7ff726e016f4 call 7ff726e14f08 call 7ff726e02910 426->434 435 7ff726e016f9-7ff726e016fd 426->435 442 7ff726e01829-7ff726e0183b 433->442 447 7ff726e01819-7ff726e0181c call 7ff726e1004c 434->447 438 7ff726e016ff-7ff726e0170b call 7ff726e01210 435->438 439 7ff726e01717-7ff726e01737 call 7ff726e14f44 435->439 444 7ff726e01710-7ff726e01712 438->444 448 7ff726e01761-7ff726e0176c 439->448 449 7ff726e01739-7ff726e0175c call 7ff726e14f08 call 7ff726e02910 439->449 444->447 447->433 453 7ff726e01802-7ff726e0180a call 7ff726e14f30 448->453 454 7ff726e01772-7ff726e01777 448->454 461 7ff726e0180f-7ff726e01814 449->461 453->461 456 7ff726e01780-7ff726e017a2 call 7ff726e1039c 454->456 464 7ff726e017a4-7ff726e017bc call 7ff726e10adc 456->464 465 7ff726e017da-7ff726e017e6 call 7ff726e14f08 456->465 461->447 470 7ff726e017c5-7ff726e017d8 call 7ff726e14f08 464->470 471 7ff726e017be-7ff726e017c1 464->471 472 7ff726e017ed-7ff726e017f8 call 7ff726e02910 465->472 470->472 471->456 473 7ff726e017c3 471->473 476 7ff726e017fd 472->476 473->476 476->453
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                  • API String ID: 2050909247-1550345328
                                                                                  • Opcode ID: de7b126b417864d38bfc5876f1bf03f00ebafffb81aeb3490478ed1b4cbdd5c5
                                                                                  • Instruction ID: e0e7d7f3c9a0ff60e1e6fa5b182ad113f6e29bbb7afe2575e775cd196d89ce12
                                                                                  • Opcode Fuzzy Hash: de7b126b417864d38bfc5876f1bf03f00ebafffb81aeb3490478ed1b4cbdd5c5
                                                                                  • Instruction Fuzzy Hash: 5551AE61E0864782EA14BBA1AC402FBA392FF44798FC44537EE0C1B7D6DE3CE5559B20
                                                                                  Function 00007FF726E08660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetTempPathW.KERNEL32(?,?,00000000,00007FF726E03CBB), ref: 00007FF726E08704
                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00007FF726E03CBB), ref: 00007FF726E0870A
                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00007FF726E03CBB), ref: 00007FF726E0874C
                                                                                    • Part of subcall function 00007FF726E08830: GetEnvironmentVariableW.KERNEL32(00007FF726E0388E), ref: 00007FF726E08867
                                                                                    • Part of subcall function 00007FF726E08830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF726E08889
                                                                                    • Part of subcall function 00007FF726E18238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E18251
                                                                                    • Part of subcall function 00007FF726E02810: MessageBoxW.USER32 ref: 00007FF726E028EA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                  • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                  • API String ID: 3563477958-1339014028
                                                                                  • Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                  • Instruction ID: 7db25616f6551734e944dd4f7b3162c9e402bbbd185c74a5e9aa2a4c288f3d60
                                                                                  • Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                  • Instruction Fuzzy Hash: FB419E51E1964285EA14BB61AC552BB9292FF88780FD42133EE1D677DADE3CE805CE20
                                                                                  Function 00007FF726E01210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 601 7ff726e01210-7ff726e0126d call 7ff726e0bd80 604 7ff726e0126f-7ff726e01296 call 7ff726e02710 601->604 605 7ff726e01297-7ff726e012af call 7ff726e14f44 601->605 610 7ff726e012d4-7ff726e012e4 call 7ff726e14f44 605->610 611 7ff726e012b1-7ff726e012cf call 7ff726e14f08 call 7ff726e02910 605->611 616 7ff726e012e6-7ff726e01304 call 7ff726e14f08 call 7ff726e02910 610->616 617 7ff726e01309-7ff726e0131b 610->617 622 7ff726e01439-7ff726e0144e call 7ff726e0ba60 call 7ff726e14f30 * 2 611->622 616->622 620 7ff726e01320-7ff726e01345 call 7ff726e1039c 617->620 630 7ff726e01431 620->630 631 7ff726e0134b-7ff726e01355 call 7ff726e10110 620->631 639 7ff726e01453-7ff726e0146d 622->639 630->622 631->630 637 7ff726e0135b-7ff726e01367 631->637 638 7ff726e01370-7ff726e01398 call 7ff726e0a1c0 637->638 642 7ff726e01416-7ff726e0142c call 7ff726e02710 638->642 643 7ff726e0139a-7ff726e0139d 638->643 642->630 644 7ff726e01411 643->644 645 7ff726e0139f-7ff726e013a9 643->645 644->642 647 7ff726e013d4-7ff726e013d7 645->647 648 7ff726e013ab-7ff726e013b9 call 7ff726e10adc 645->648 650 7ff726e013ea-7ff726e013ef 647->650 651 7ff726e013d9-7ff726e013e7 call 7ff726e29e30 647->651 653 7ff726e013be-7ff726e013c1 648->653 650->638 652 7ff726e013f5-7ff726e013f8 650->652 651->650 655 7ff726e0140c-7ff726e0140f 652->655 656 7ff726e013fa-7ff726e013fd 652->656 657 7ff726e013c3-7ff726e013cd call 7ff726e10110 653->657 658 7ff726e013cf-7ff726e013d2 653->658 655->630 656->642 660 7ff726e013ff-7ff726e01407 656->660 657->650 657->658 658->642 660->620
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                  • API String ID: 2050909247-2813020118
                                                                                  • Opcode ID: 8f2f3123d1cabff2ad8e3db6a95d4b235f7cad2490955ba460222a7cf36d71df
                                                                                  • Instruction ID: 1b19fcf196fc501c288b0508cf55877df0a2a6a6a2fb9ac346450e5444591c51
                                                                                  • Opcode Fuzzy Hash: 8f2f3123d1cabff2ad8e3db6a95d4b235f7cad2490955ba460222a7cf36d71df
                                                                                  • Instruction Fuzzy Hash: 7751B362E0864285E620BB51AC403BBA291FF85798FD44136ED4D5B7D5EE3CE946CB20
                                                                                  Function 00007FF726E1ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF726E1F0AA,?,?,-00000018,00007FF726E1AD53,?,?,?,00007FF726E1AC4A,?,?,?,00007FF726E15F3E), ref: 00007FF726E1EE8C
                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF726E1F0AA,?,?,-00000018,00007FF726E1AD53,?,?,?,00007FF726E1AC4A,?,?,?,00007FF726E15F3E), ref: 00007FF726E1EE98
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressFreeLibraryProc
                                                                                  • String ID: api-ms-$ext-ms-
                                                                                  • API String ID: 3013587201-537541572
                                                                                  • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                  • Instruction ID: 4a060e5bcca6f9fdda834813f8d5d10fdc2ffbd7d29c37137e74d26c94755a70
                                                                                  • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                  • Instruction Fuzzy Hash: 4F4115A1F19A0281EA16FB169C00677A392FF48B90FC8557BED1D47384EF7CE9059B60
                                                                                  Function 00007FF726E036B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF726E03804), ref: 00007FF726E036E1
                                                                                  • GetLastError.KERNEL32(?,00007FF726E03804), ref: 00007FF726E036EB
                                                                                    • Part of subcall function 00007FF726E02C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF726E03706,?,00007FF726E03804), ref: 00007FF726E02C9E
                                                                                    • Part of subcall function 00007FF726E02C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF726E03706,?,00007FF726E03804), ref: 00007FF726E02D63
                                                                                    • Part of subcall function 00007FF726E02C50: MessageBoxW.USER32 ref: 00007FF726E02D99
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                  • API String ID: 3187769757-2863816727
                                                                                  • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                  • Instruction ID: 68164ce241a62c7ca7796b2a94a15c0a95d6055516e2f467f8967299e3831548
                                                                                  • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                  • Instruction Fuzzy Hash: DD216B61F1C64281FA60BB20EC543BBA252FF98744FC40137E65D925D5EE2CE505CB60
                                                                                  Function 00007FF726E1BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 746 7ff726e1ba5c-7ff726e1ba82 747 7ff726e1ba9d-7ff726e1baa1 746->747 748 7ff726e1ba84-7ff726e1ba98 call 7ff726e14ee8 call 7ff726e14f08 746->748 750 7ff726e1be77-7ff726e1be83 call 7ff726e14ee8 call 7ff726e14f08 747->750 751 7ff726e1baa7-7ff726e1baae 747->751 762 7ff726e1be8e 748->762 770 7ff726e1be89 call 7ff726e1a8e0 750->770 751->750 753 7ff726e1bab4-7ff726e1bae2 751->753 753->750 756 7ff726e1bae8-7ff726e1baef 753->756 759 7ff726e1bb08-7ff726e1bb0b 756->759 760 7ff726e1baf1-7ff726e1bb03 call 7ff726e14ee8 call 7ff726e14f08 756->760 765 7ff726e1bb11-7ff726e1bb17 759->765 766 7ff726e1be73-7ff726e1be75 759->766 760->770 768 7ff726e1be91-7ff726e1bea8 762->768 765->766 767 7ff726e1bb1d-7ff726e1bb20 765->767 766->768 767->760 771 7ff726e1bb22-7ff726e1bb47 767->771 770->762 774 7ff726e1bb7a-7ff726e1bb81 771->774 775 7ff726e1bb49-7ff726e1bb4b 771->775 779 7ff726e1bb83-7ff726e1bbab call 7ff726e1d5fc call 7ff726e1a948 * 2 774->779 780 7ff726e1bb56-7ff726e1bb6d call 7ff726e14ee8 call 7ff726e14f08 call 7ff726e1a8e0 774->780 777 7ff726e1bb4d-7ff726e1bb54 775->777 778 7ff726e1bb72-7ff726e1bb78 775->778 777->778 777->780 782 7ff726e1bbf8-7ff726e1bc0f 778->782 807 7ff726e1bbc8-7ff726e1bbf3 call 7ff726e1c284 779->807 808 7ff726e1bbad-7ff726e1bbc3 call 7ff726e14f08 call 7ff726e14ee8 779->808 811 7ff726e1bd00 780->811 785 7ff726e1bc8a-7ff726e1bc94 call 7ff726e2391c 782->785 786 7ff726e1bc11-7ff726e1bc19 782->786 799 7ff726e1bc9a-7ff726e1bcaf 785->799 800 7ff726e1bd1e 785->800 786->785 791 7ff726e1bc1b-7ff726e1bc1d 786->791 791->785 795 7ff726e1bc1f-7ff726e1bc35 791->795 795->785 796 7ff726e1bc37-7ff726e1bc43 795->796 796->785 801 7ff726e1bc45-7ff726e1bc47 796->801 799->800 805 7ff726e1bcb1-7ff726e1bcc3 GetConsoleMode 799->805 803 7ff726e1bd23-7ff726e1bd43 ReadFile 800->803 801->785 806 7ff726e1bc49-7ff726e1bc61 801->806 809 7ff726e1bd49-7ff726e1bd51 803->809 810 7ff726e1be3d-7ff726e1be46 GetLastError 803->810 805->800 812 7ff726e1bcc5-7ff726e1bccd 805->812 806->785 814 7ff726e1bc63-7ff726e1bc6f 806->814 807->782 808->811 809->810 816 7ff726e1bd57 809->816 819 7ff726e1be48-7ff726e1be5e call 7ff726e14f08 call 7ff726e14ee8 810->819 820 7ff726e1be63-7ff726e1be66 810->820 813 7ff726e1bd03-7ff726e1bd0d call 7ff726e1a948 811->813 812->803 818 7ff726e1bccf-7ff726e1bcf1 ReadConsoleW 812->818 813->768 814->785 823 7ff726e1bc71-7ff726e1bc73 814->823 827 7ff726e1bd5e-7ff726e1bd73 816->827 829 7ff726e1bd12-7ff726e1bd1c 818->829 830 7ff726e1bcf3 GetLastError 818->830 819->811 824 7ff726e1bcf9-7ff726e1bcfb call 7ff726e14e7c 820->824 825 7ff726e1be6c-7ff726e1be6e 820->825 823->785 833 7ff726e1bc75-7ff726e1bc85 823->833 824->811 825->813 827->813 835 7ff726e1bd75-7ff726e1bd80 827->835 829->827 830->824 833->785 839 7ff726e1bda7-7ff726e1bdaf 835->839 840 7ff726e1bd82-7ff726e1bd9b call 7ff726e1b674 835->840 843 7ff726e1be2b-7ff726e1be38 call 7ff726e1b4b4 839->843 844 7ff726e1bdb1-7ff726e1bdc3 839->844 848 7ff726e1bda0-7ff726e1bda2 840->848 843->848 845 7ff726e1be1e-7ff726e1be26 844->845 846 7ff726e1bdc5 844->846 845->813 849 7ff726e1bdca-7ff726e1bdd1 846->849 848->813 851 7ff726e1be0d-7ff726e1be18 849->851 852 7ff726e1bdd3-7ff726e1bdd7 849->852 851->845 853 7ff726e1bdd9-7ff726e1bde0 852->853 854 7ff726e1bdf3 852->854 853->854 855 7ff726e1bde2-7ff726e1bde6 853->855 856 7ff726e1bdf9-7ff726e1be09 854->856 855->854 857 7ff726e1bde8-7ff726e1bdf1 855->857 856->849 858 7ff726e1be0b 856->858 857->856 858->845
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                  • Instruction ID: 9629393d9c752dff4b18062bf588b1fdab8b2a3d0e220d4b640f5af247e551d7
                                                                                  • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                  • Instruction Fuzzy Hash: 94C1E7A2D0C68681E661AB199C402BFB751FF81B80FD561F6EA4D07791CE7CEC459F20
                                                                                  Function 00007FF726E08570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                  • String ID:
                                                                                  • API String ID: 995526605-0
                                                                                  • Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                  • Instruction ID: 72cc69480d690b7562e905daede26b7805fda0ea0966b55e3a2267f312e1132f
                                                                                  • Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                  • Instruction Fuzzy Hash: A7217E31E1C64282EA10BB65BD4062BE3A2FF957A4F900236EA7D53BE4DE7CD4458F10
                                                                                  Function 00007FF726E090E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                    • Part of subcall function 00007FF726E08570: GetCurrentProcess.KERNEL32 ref: 00007FF726E08590
                                                                                    • Part of subcall function 00007FF726E08570: OpenProcessToken.ADVAPI32 ref: 00007FF726E085A3
                                                                                    • Part of subcall function 00007FF726E08570: GetTokenInformation.KERNELBASE ref: 00007FF726E085C8
                                                                                    • Part of subcall function 00007FF726E08570: GetLastError.KERNEL32 ref: 00007FF726E085D2
                                                                                    • Part of subcall function 00007FF726E08570: GetTokenInformation.KERNELBASE ref: 00007FF726E08612
                                                                                    • Part of subcall function 00007FF726E08570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF726E0862E
                                                                                    • Part of subcall function 00007FF726E08570: CloseHandle.KERNEL32 ref: 00007FF726E08646
                                                                                  • LocalFree.KERNEL32(?,00007FF726E03C55), ref: 00007FF726E0916C
                                                                                  • LocalFree.KERNEL32(?,00007FF726E03C55), ref: 00007FF726E09175
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                  • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                  • API String ID: 6828938-1529539262
                                                                                  • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                  • Instruction ID: 537604919cf42d717cdd89e9b6987e67409268ac04255ebd7460d1a098b1eef4
                                                                                  • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                  • Instruction Fuzzy Hash: 1F211E21E0864282E610BB10ED153FBA2A5FF98780FD55037EA4D637D6DF3CD9458B60
                                                                                  Function 00007FF726E1CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 965 7ff726e1cf60-7ff726e1cf85 966 7ff726e1cf8b-7ff726e1cf8e 965->966 967 7ff726e1d253 965->967 969 7ff726e1cfc7-7ff726e1cff3 966->969 970 7ff726e1cf90-7ff726e1cfc2 call 7ff726e1a814 966->970 968 7ff726e1d255-7ff726e1d265 967->968 972 7ff726e1cffe-7ff726e1d004 969->972 973 7ff726e1cff5-7ff726e1cffc 969->973 970->968 974 7ff726e1d014-7ff726e1d029 call 7ff726e2391c 972->974 975 7ff726e1d006-7ff726e1d00f call 7ff726e1c320 972->975 973->970 973->972 980 7ff726e1d02f-7ff726e1d038 974->980 981 7ff726e1d143-7ff726e1d14c 974->981 975->974 980->981 984 7ff726e1d03e-7ff726e1d042 980->984 982 7ff726e1d14e-7ff726e1d154 981->982 983 7ff726e1d1a0-7ff726e1d1c5 WriteFile 981->983 987 7ff726e1d18c-7ff726e1d19e call 7ff726e1ca18 982->987 988 7ff726e1d156-7ff726e1d159 982->988 985 7ff726e1d1c7-7ff726e1d1cd GetLastError 983->985 986 7ff726e1d1d0 983->986 989 7ff726e1d044-7ff726e1d04c call 7ff726e147c0 984->989 990 7ff726e1d053-7ff726e1d05e 984->990 985->986 991 7ff726e1d1d3 986->991 1013 7ff726e1d130-7ff726e1d137 987->1013 992 7ff726e1d178-7ff726e1d18a call 7ff726e1cc38 988->992 993 7ff726e1d15b-7ff726e1d15e 988->993 989->990 995 7ff726e1d060-7ff726e1d069 990->995 996 7ff726e1d06f-7ff726e1d084 GetConsoleMode 990->996 998 7ff726e1d1d8 991->998 992->1013 999 7ff726e1d1e4-7ff726e1d1ee 993->999 1000 7ff726e1d164-7ff726e1d176 call 7ff726e1cb1c 993->1000 995->981 995->996 1003 7ff726e1d08a-7ff726e1d090 996->1003 1004 7ff726e1d13c 996->1004 1006 7ff726e1d1dd 998->1006 1007 7ff726e1d24c-7ff726e1d251 999->1007 1008 7ff726e1d1f0-7ff726e1d1f5 999->1008 1000->1013 1011 7ff726e1d119-7ff726e1d12b call 7ff726e1c5a0 1003->1011 1012 7ff726e1d096-7ff726e1d099 1003->1012 1004->981 1006->999 1007->968 1014 7ff726e1d1f7-7ff726e1d1fa 1008->1014 1015 7ff726e1d223-7ff726e1d22d 1008->1015 1011->1013 1018 7ff726e1d09b-7ff726e1d09e 1012->1018 1019 7ff726e1d0a4-7ff726e1d0b2 1012->1019 1013->998 1022 7ff726e1d1fc-7ff726e1d20b 1014->1022 1023 7ff726e1d213-7ff726e1d21e call 7ff726e14ec4 1014->1023 1024 7ff726e1d22f-7ff726e1d232 1015->1024 1025 7ff726e1d234-7ff726e1d243 1015->1025 1018->1006 1018->1019 1020 7ff726e1d110-7ff726e1d114 1019->1020 1021 7ff726e1d0b4 1019->1021 1020->991 1026 7ff726e1d0b8-7ff726e1d0cf call 7ff726e239e8 1021->1026 1022->1023 1023->1015 1024->967 1024->1025 1025->1007 1031 7ff726e1d107-7ff726e1d10d GetLastError 1026->1031 1032 7ff726e1d0d1-7ff726e1d0dd 1026->1032 1031->1020 1033 7ff726e1d0fc-7ff726e1d103 1032->1033 1034 7ff726e1d0df-7ff726e1d0f1 call 7ff726e239e8 1032->1034 1033->1020 1036 7ff726e1d105 1033->1036 1034->1031 1038 7ff726e1d0f3-7ff726e1d0fa 1034->1038 1036->1026 1038->1033
                                                                                  APIs
                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF726E1CF4B), ref: 00007FF726E1D07C
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF726E1CF4B), ref: 00007FF726E1D107
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ConsoleErrorLastMode
                                                                                  • String ID:
                                                                                  • API String ID: 953036326-0
                                                                                  • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                  • Instruction ID: 7296433d05337163b4ffe008764e0b78e6b9c5d30b7219a072e78d4fdba28294
                                                                                  • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                  • Instruction Fuzzy Hash: 1091E5A2F0865185F750AF259C402BEA7A1FB44B88F9451BBDE0E536C4DF3CD846EB20
                                                                                  Function 00007FF726E15628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 1279662727-0
                                                                                  • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                  • Instruction ID: bbafdf9971a38efc557424901c729331536942c42ac85d81a4254db1f80aa50b
                                                                                  • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                  • Instruction Fuzzy Hash: 8241BAA2D2878183E710AB20DD1037AB360FF95364F50A376E65C03AD5DF7CA5E09B50
                                                                                  Function 00007FF726E0CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                  • String ID:
                                                                                  • API String ID: 3251591375-0
                                                                                  • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                  • Instruction ID: 40ac276e2242cd3a1c96f64dc7cb1396792fc61815f6820ccc917f2121b47100
                                                                                  • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                  • Instruction Fuzzy Hash: CC313A20E4814285EA14BB649C513BB9282FF51B48FC4507BD94D6B2D7DE3DA809CE61
                                                                                  Function 00007FF726E19A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 1703294689-0
                                                                                  • Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                  • Instruction ID: 9288879c25e6fff5d7788ccad788270fad683567a9f1fafd8810ff04d83cea21
                                                                                  • Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                  • Instruction Fuzzy Hash: FCD06750F0870A43FA143B705C5907AA257BF58B05B9424BED81A06393DD2CA88D5B20
                                                                                  Function 00007FF726E1013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                  • Instruction ID: 43dc5f1c2ee7a8dd2b4377e91cb5f36b5e91e82b87ba34fbf385362a6ba6be7d
                                                                                  • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                  • Instruction Fuzzy Hash: 5051FBA1F092C186E724BA259C0467BE281FF44BA8F9467F6DD6D137C5CE3CD841AA20
                                                                                  Function 00007FF726E1C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastPointer
                                                                                  • String ID:
                                                                                  • API String ID: 2976181284-0
                                                                                  • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                  • Instruction ID: a8287df2d603bd193b38dbef249b7e969af258d66cc62add1925aa6a96ad73df
                                                                                  • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                  • Instruction Fuzzy Hash: 5A1104A1F08A8181DA20AB25AC0416AE362FB41FF4F945372EE7D4B7D9CE7CD4049B00
                                                                                  Function 00007FF726E1A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A95E
                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A968
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 485612231-0
                                                                                  • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                  • Instruction ID: bc5d999a5957f1059140cfedb9fab088dc8bbf688740055cb008320e49f10fe0
                                                                                  • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                  • Instruction Fuzzy Hash: EBE04F90E1920283FE057BF26C5513A9252FF88700FC410B6C81D463A1EE2C6C819E30
                                                                                  Function 00007FF726E1AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF726E1A9D5,?,?,00000000,00007FF726E1AA8A), ref: 00007FF726E1ABC6
                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF726E1A9D5,?,?,00000000,00007FF726E1AA8A), ref: 00007FF726E1ABD0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseErrorHandleLast
                                                                                  • String ID:
                                                                                  • API String ID: 918212764-0
                                                                                  • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                  • Instruction ID: 0de3076f10f8449e1da08b48392eade2e7a5f6d7a298c9e86728ba3db2c1277c
                                                                                  • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                  • Instruction Fuzzy Hash: 6721F990F1868641FA5077A59C8037B9282FF84794F8452FBD92E477C5CE6CAC406B30
                                                                                  Function 00007FF726E1BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                  • Instruction ID: d1d1d4f373dea06efb5762c0034cf853843f92d445d892fa52d36b639060e515
                                                                                  • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                  • Instruction Fuzzy Hash: CF41C672D1824587EA34AB1DAD4027AF3A1FB59740F9021B2D69E436D1CF2CE902EF70
                                                                                  Function 00007FF726E07F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _fread_nolock
                                                                                  • String ID:
                                                                                  • API String ID: 840049012-0
                                                                                  • Opcode ID: 18b2c4858c0edfd7677dd7e37cbff4feffd99745866a20de9e73d591d5ddfdc1
                                                                                  • Instruction ID: 972517df00f85c65429cdc3cfa79d3cb5b12a48eb23e90c7d828527ec932c1a6
                                                                                  • Opcode Fuzzy Hash: 18b2c4858c0edfd7677dd7e37cbff4feffd99745866a20de9e73d591d5ddfdc1
                                                                                  • Instruction Fuzzy Hash: 5C217A21F1D69286FE10BA226C043BBD641FB45BD4FC85472EE5927786EE7DE442CA10
                                                                                  Function 00007FF726E1B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                  • Instruction ID: 8a8685ead39aedf2e09e839129f319dee2261838b324c447e609629881baa409
                                                                                  • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                  • Instruction Fuzzy Hash: 333172A2E1860185E611BB698C4137EA690FF54B90FD121F7E91D073D2CF7CAC42AB31
                                                                                  Function 00007FF726E19961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                  • String ID:
                                                                                  • API String ID: 3947729631-0
                                                                                  • Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                  • Instruction ID: 62b71489d0559a5f35972562e653bd68a9f7556f42c1f90fca4609b4a5b46410
                                                                                  • Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                  • Instruction Fuzzy Hash: E8218DB2E047858AEB25AF64CC902AD73A0FB14718F8416B7D76D07AC5DF38D984DB60
                                                                                  Function 00007FF726E15F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                  • Instruction ID: ba1bf88e83a66fa295633ddd4a06e86997c45f6c0738b6b8662f5e8d04cee3d6
                                                                                  • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                  • Instruction Fuzzy Hash: 57111DA1E1864181EA61BF119C0027FE264FF85B84F9464F3EA4C57A96CF3DE9416B60
                                                                                  Function 00007FF726E26354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                  • Instruction ID: 56d1052907e24e9622fd640ffdefb250233e3956691a3c36563d0b84467a0c17
                                                                                  • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                  • Instruction Fuzzy Hash: 822160B2A18A4187DB61AF18DC4037AB7A2FB84B54FA44339EA5D476D9DF3CD8118F10
                                                                                  Function 00007FF726E103BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                  • Instruction ID: 0738d132a70f1c90187b1174a023faa8d6f218b68d781bf90cb34d482407582e
                                                                                  • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                  • Instruction Fuzzy Hash: B901A5A1E0878581E504EF529D4016AE691FF95FE0F8856F2DE6C27BD6CE3CE8129B10
                                                                                  Function 00007FF726E17EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                  • Instruction ID: e4488dfcfa9bdde44d0f7a4e847ff8558166a5df546808556460020bdbc1138e
                                                                                  • Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                  • Instruction Fuzzy Hash: 42015E60E1D68241FE5076255D4217BD590FF48B90FE462F7EA3D426C6DE2DAC416A30
                                                                                  Function 00007FF726E18238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                  • Instruction ID: eac8dd9f588c15297a462b7d3771d09b43a997d2e8f3e87ce9a1e8076df55ff1
                                                                                  • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                  • Instruction Fuzzy Hash: BCE046D0E0860287FA123AA44C822BB9420FF99340FE030F7E928073C3DD6C6C45BA31
                                                                                  Function 00007FF726E1EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF726E1B32A,?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A), ref: 00007FF726E1EBED
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocHeap
                                                                                  • String ID:
                                                                                  • API String ID: 4292702814-0
                                                                                  • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                  • Instruction ID: 59441d0799b9207cf83439474e6330bb6cc562c812ade977ee71f93d4888a685
                                                                                  • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                  • Instruction Fuzzy Hash: B1F04F94F0930241FE6976655C556B69281FF88B40FCC65F2E90F463C5DD9CA8805A70
                                                                                  Function 00007FF726E1D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF726E10C90,?,?,?,00007FF726E122FA,?,?,?,?,?,00007FF726E13AE9), ref: 00007FF726E1D63A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocHeap
                                                                                  • String ID:
                                                                                  • API String ID: 4292702814-0
                                                                                  • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                  • Instruction ID: 14cb95705bc29185a271f207b8b36d740ca67fb73e79bf10cde530a4ac685926
                                                                                  • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                  • Instruction Fuzzy Hash: 25F0FE90F2924A45FE5577715C4167BA291FF847A0F8827F6DD2E462C1DE2CA880AD70

                                                                                  Non-executed Functions

                                                                                  Function 00007FF726E05830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E05840
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E05852
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E05889
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0589B
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E058B4
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E058C6
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E058DF
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E058F1
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0590D
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0591F
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0593B
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0594D
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E05969
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0597B
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E05997
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E059A9
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E059C5
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E059D7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressErrorLastProc
                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                  • API String ID: 199729137-653951865
                                                                                  • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                  • Instruction ID: 0dc8482947e8f70c12426881f5dd01e3ef6f667e73537ff9fcd02ca84971c222
                                                                                  • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                  • Instruction Fuzzy Hash: B722A264E19B07D2FA55BB65AD509B7A3A3FF04B49BD4503BC81E12260FF7CB1488A70
                                                                                  Function 00007FF726E240AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                  • API String ID: 808467561-2761157908
                                                                                  • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                  • Instruction ID: 61edb58aa0ad11ea9573546581c41ab39810d2b6afac48cf81c155d460537824
                                                                                  • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                  • Instruction Fuzzy Hash: 2FB2C372E182928BE7259F64DD407FEB7A3FF54788F90513ADA0957A84DB38A900CF50
                                                                                  Function 00007FF726E0ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                  • API String ID: 0-2665694366
                                                                                  • Opcode ID: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                  • Instruction ID: 00d5cec342c592b177166dc7d866862e768366845c9081edd782ec559ef98e71
                                                                                  • Opcode Fuzzy Hash: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                  • Instruction Fuzzy Hash: 45520672E146AA87D7A4AF14DC58B7E7BA9FB44340F81413AE64A97780EB3DD840CF50
                                                                                  Function 00007FF726E0D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 3140674995-0
                                                                                  • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                  • Instruction ID: 024c16aa29db83ae4a435e589d347779f7b6ce9c82302ae4bfb050d13a7deeea
                                                                                  • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                  • Instruction Fuzzy Hash: 8F313372A08B8186EB60AF60EC403EE7365FB84748F44403ADA4D57B94DF3CD548CB10
                                                                                  Function 00007FF726E25C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25C45
                                                                                    • Part of subcall function 00007FF726E25598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E255AC
                                                                                    • Part of subcall function 00007FF726E1A948: RtlFreeHeap.NTDLL(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A95E
                                                                                    • Part of subcall function 00007FF726E1A948: GetLastError.KERNEL32(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A968
                                                                                    • Part of subcall function 00007FF726E1A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF726E1A8DF,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1A909
                                                                                    • Part of subcall function 00007FF726E1A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF726E1A8DF,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1A92E
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25C34
                                                                                    • Part of subcall function 00007FF726E255F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E2560C
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25EAA
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25EBB
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25ECC
                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF726E2610C), ref: 00007FF726E25EF3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                  • String ID:
                                                                                  • API String ID: 4070488512-0
                                                                                  • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                  • Instruction ID: db1fdf04776b7cf8e62869831e78f936c4cd88ee793f5bb2ae235ed3ea746b99
                                                                                  • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                  • Instruction Fuzzy Hash: 32D18F66E0824247E720BF269D611BBA753FF84B94FD4813BEA0D47695DF3CE8418B60
                                                                                  Function 00007FF726E1A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 1239891234-0
                                                                                  • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                  • Instruction ID: 8cd796e94a00b6fa3d76cca0f60ea5efe00bab367ad530e1776e3b9dd1e7f95c
                                                                                  • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                  • Instruction Fuzzy Hash: 53317176A18B8186DB20DB24EC402AFB3A5FB84758F90013AEA8D43B94DF3CD555CB10
                                                                                  Function 00007FF726E21874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 2227656907-0
                                                                                  • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                  • Instruction ID: 73501ae90ff64b4766b728bc5228e449208e5d97ffbd783de4dacb60bfee0198
                                                                                  • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                  • Instruction Fuzzy Hash: 7EB1D762F1868242EA61AB259D101FBE363FB44BE4F84513BDB5D07B89DE3CE545CB20
                                                                                  Function 00007FF726E25E7C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25EAA
                                                                                    • Part of subcall function 00007FF726E255F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E2560C
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25EBB
                                                                                    • Part of subcall function 00007FF726E25598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E255AC
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25ECC
                                                                                    • Part of subcall function 00007FF726E255C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E255DC
                                                                                    • Part of subcall function 00007FF726E1A948: RtlFreeHeap.NTDLL(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A95E
                                                                                    • Part of subcall function 00007FF726E1A948: GetLastError.KERNEL32(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A968
                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF726E2610C), ref: 00007FF726E25EF3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                  • String ID:
                                                                                  • API String ID: 3458911817-0
                                                                                  • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                  • Instruction ID: 127faa7a849b335067fdcb9de3c5fe7c922eb9e32f11b2bea252dc1d52c9a47f
                                                                                  • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                  • Instruction Fuzzy Hash: 92513922E0864287E720FF36AD915BBA762FB48784F94413BEA4D47695DF3CE4418F60
                                                                                  Function 00007FF726E0D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                  • String ID:
                                                                                  • API String ID: 2933794660-0
                                                                                  • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                  • Instruction ID: 87ca064fa7e925a2fcdd04d8bab378bd088df1403049b9f14041a04e4a7c7868
                                                                                  • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                  • Instruction Fuzzy Hash: 64111F22B14B058AEB00AB70EC542BA73A4F759758F440E36DA5D467A4EF78D1548B50
                                                                                  Function 00007FF726E23C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: memcpy_s
                                                                                  • String ID:
                                                                                  • API String ID: 1502251526-0
                                                                                  • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                  • Instruction ID: 612efb55fd4af033cad683063af1c7a9329e5b3f1858ff54737ef9cdfd3d2e5b
                                                                                  • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                  • Instruction Fuzzy Hash: 82C1D372B1868687E724DF15E844A6AF793FB94B84F84813ADB4A43744DB3DE845CF40
                                                                                  Function 00007FF726E0A47B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $header crc mismatch$unknown header flags set
                                                                                  • API String ID: 0-1127688429
                                                                                  • Opcode ID: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                  • Instruction ID: 7f1f280f7ae11719a3d060b4b328058a77e54dbaee4a9017e037f24516bce624
                                                                                  • Opcode Fuzzy Hash: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                  • Instruction Fuzzy Hash: 97F19272E182C94BE7A5BF18CC88A3BBAA9FF44740F45413ADA4967391DB38D441CF60
                                                                                  Function 00007FF726E29728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                  • String ID:
                                                                                  • API String ID: 15204871-0
                                                                                  • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                  • Instruction ID: dedcf3c2aa65c8350ffe30c0fa09e48b1f5024a668028411016086cd47a342f0
                                                                                  • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                  • Instruction Fuzzy Hash: 86B17E73A04B898BEB19CF2ACC4636D77A2F744B48F188926DB5D837A4CB39D451CB10
                                                                                  Function 00007FF726E139A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $
                                                                                  • API String ID: 0-227171996
                                                                                  • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                  • Instruction ID: 77c4f4d8affb0b55fd37589b52cfdd6d655456ffd8414efe7adf9690f55c449d
                                                                                  • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                  • Instruction Fuzzy Hash: A2E1B5B2E0864281EF64AE258C5017AB360FF45B48F9462F7DA0E07794DF29EC51EF60
                                                                                  Function 00007FF726E0A2DB Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: incorrect header check$invalid window size
                                                                                  • API String ID: 0-900081337
                                                                                  • Opcode ID: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                  • Instruction ID: e38c68d6ab986b41a173ab614819eb636b1c504859ba832f93d12d4a2e3d52ab
                                                                                  • Opcode Fuzzy Hash: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                  • Instruction Fuzzy Hash: D391B972E182CA87E7A4BE19DC48B3F7AA9FB54350F81413ADA4A56781DB39E540CF10
                                                                                  Function 00007FF726E1DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: e+000$gfff
                                                                                  • API String ID: 0-3030954782
                                                                                  • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                  • Instruction ID: a04f4b00f46f1a3f7af339d5beb142a58350b1d74e64298e0b9f38d4376060d7
                                                                                  • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                  • Instruction Fuzzy Hash: 71517BA2F182C146E7259E359C0076EEB91F744B94F88A2B3DBAC47AC5DE7DD9408B10
                                                                                  Function 00007FF726E1DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: gfffffff
                                                                                  • API String ID: 0-1523873471
                                                                                  • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                  • Instruction ID: 89e166c489d23d0142534bb653839921786a5929dab34f926d0c3fdfe77480ca
                                                                                  • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                  • Instruction Fuzzy Hash: DFA146A2E087C946EB21DF25AC007AEB791FB50B84F4491B2DA4D477C5DE3DE801DB10
                                                                                  Function 00007FF726E18794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID: TMP
                                                                                  • API String ID: 3215553584-3125297090
                                                                                  • Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                  • Instruction ID: 02d88428bf75d75e6ba7929b6fae9ba281aab44b630ffa46c1c0026c6ef88c1a
                                                                                  • Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                  • Instruction Fuzzy Hash: C251C591F0864242FA64BA265D1117BD291FF44BD4FD860F7DE2E477C6EE3CE8429A20
                                                                                  Function 00007FF726E23480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: HeapProcess
                                                                                  • String ID:
                                                                                  • API String ID: 54951025-0
                                                                                  • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                  • Instruction ID: ec889d4ff7f754d3c67aad16d3312b45f7b9bab21ebc67f23b9ad66f365f1d08
                                                                                  • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                  • Instruction Fuzzy Hash: 1BB09220E07B02C3EA083B326C8221A62A6BF58700FD8013AC00C42330DE2C20E55B20
                                                                                  Function 00007FF726E135A0 Relevance: .3, Instructions: 327COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                  • Instruction ID: 5e89b4d3c3dade532c5071b5b768d5dbdaf3fcbb213c14f9826a05ee84238205
                                                                                  • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                  • Instruction Fuzzy Hash: 8ED1C5A2E1864686EF28EA258C1027FA690FB45B48F9422F7CD0D477D5CF39DC45EB60
                                                                                  Function 00007FF726E09800 Relevance: .3, Instructions: 287COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                  • Instruction ID: 4e3f74e9121ca272ad329355a7a592431c6a42d6a1e85368c2154263e0bec77a
                                                                                  • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                  • Instruction Fuzzy Hash: 9AC1BD726181E08BD28AEB29E86947A73E1F79930DBD5406BEF87477C5C73CA414DB20
                                                                                  Function 00007FF726E12C10 Relevance: .2, Instructions: 241COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                  • Instruction ID: de8f3d7828c5329bfee6e88830885a6a493ed89f1104b0fd17b980a914e545c2
                                                                                  • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                  • Instruction Fuzzy Hash: FCB1A1B2D0864589E7659F39CC9013E7BA0FB49B48FA421B6CA4D47395CF39D881EF24
                                                                                  Function 00007FF726E1E570 Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                  • Instruction ID: d6d4bb82d07c3af94995c80d43e5ce24e68fadbf8b884387e7c1c48107d5c7f7
                                                                                  • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                  • Instruction Fuzzy Hash: D48123B2E1838186E774EB199C4037BAA91FB45794F8052B6EB8D43BC5CE7CE8409F50
                                                                                  Function 00007FF726E26418 Relevance: .2, Instructions: 183COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                  • Instruction ID: dc9911132de29146762bdc131abab4efc03aa91aa749e1534f84795694022bf6
                                                                                  • Opcode Fuzzy Hash: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                  • Instruction Fuzzy Hash: D961D3A2E1829247E764AA689C5063EE783FF40760FA4073FD65D836C5DE6DEC418F20
                                                                                  Function 00007FF726E11D54 Relevance: .1, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                  • Instruction ID: 5891221d02a814342d725a11e7974b043c71450ce061cb62d0a73211a47b6242
                                                                                  • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                  • Instruction Fuzzy Hash: B75184B6E1865186E7249B29CC402AA73A0FB45B68F6461B2CE4D07794CB3AEC53DF50
                                                                                  Function 00007FF726E12164 Relevance: .1, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                  • Instruction ID: 776f1ba8bade289897a2238fb258d51ee7a64ee9609c0d52ef45e84bd8697db8
                                                                                  • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                  • Instruction Fuzzy Hash: FD51A8B6E1465189E7249B29CC8427E73A1FB54B58F6451B2CE4C07794CB3AEC83DF50
                                                                                  Function 00007FF726E11944 Relevance: .1, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                  • Instruction ID: 837308f5374a8440c09c381225c149e20702d2554224aa491200a7b9b8b1eddc
                                                                                  • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                  • Instruction Fuzzy Hash: 1851B6B2E1865186E7249B29CC5037AB7A0FB44B58F6461F2CE8D17794CB3AEC43DB50
                                                                                  Function 00007FF726E11F60 Relevance: .1, Instructions: 145COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                  • Instruction ID: 32b38fd0a0ba3694db4c1d9e54aa28c2067b0f279f4bd30678889e03ca3db6a0
                                                                                  • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                  • Instruction Fuzzy Hash: 3751F8B6F1465186E7249B29CC9027A73A0FB48B58F6451B2CE4C07795CB3AEC83EF50
                                                                                  Function 00007FF726E11740 Relevance: .1, Instructions: 145COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                  • Instruction ID: 4ac9d147c0246004cdf07c620435c3438cfc5076028b79362cdfd80e72e6398b
                                                                                  • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                  • Instruction Fuzzy Hash: 2D51B7B6E1865186E7249B29CC4027A67A0FB45B58F6461B3CE4C177D4CF3AEC43DB50
                                                                                  Function 00007FF726E11B50 Relevance: .1, Instructions: 145COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                  • Instruction ID: 25496f0603f530dabe4f540aec2a8dc42c52dd172b11fc7c6d59b0612770631b
                                                                                  • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                  • Instruction Fuzzy Hash: AC51B5B6E18651C5E7249B28CC4077A67A0FB44B58FA461F2CE4C17798DB3AEC42DF50
                                                                                  Function 00007FF726E15D30 Relevance: .1, Instructions: 138COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                  • Instruction ID: 26f6e29440c9cb90eac97a023ba53b0aec3aa833c057a7d07b12489bbf4b802d
                                                                                  • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                  • Instruction Fuzzy Hash: D641B4E2C0974A05E9A999180D086B7A680FF127A0DD832FADD9D173C3CD0D7E96DF20
                                                                                  Function 00007FF726E19EA0 Relevance: .1, Instructions: 126COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 485612231-0
                                                                                  • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                  • Instruction ID: 9f84de91833593ba3d26fc2b6180895f96b026ac475ba4c0464bea5a14ab1990
                                                                                  • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                  • Instruction Fuzzy Hash: 1541E662B14A5582EF04DF2ADE1427AB391FB48FD0B89A037EE1D97B54EE3DD4418B00
                                                                                  Function 00007FF726E180E4 Relevance: .1, Instructions: 98COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 67d564c2e7b44ee42bf0f71ae19a60727195e6b4159b30a370380fff6b569437
                                                                                  • Instruction ID: bcb07288b8be4d832f105c054a21648fd2aa9c72c018d721d7100b7839eaa1fe
                                                                                  • Opcode Fuzzy Hash: 67d564c2e7b44ee42bf0f71ae19a60727195e6b4159b30a370380fff6b569437
                                                                                  • Instruction Fuzzy Hash: FB31E372F08B4282E664AB256C4013FA6D5FB84B90F9452BAEAAD53BD5DF3CD4019B10
                                                                                  Function 00007FF726E29570 Relevance: .0, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                  • Instruction ID: d30e2e82170425571f17db17bce1abbf1dfd0a067c01740db41f069a807d23f5
                                                                                  • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                  • Instruction Fuzzy Hash: 7FF06872B182958BDB989F79BC0262A77D1F7083C0F80903AD59D83B04DA3CD0518F14
                                                                                  Function 00007FF726E0D30C Relevance: .0, Instructions: 2COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                  • Instruction ID: e8b0f142a7082fd4db43c559d7e07c810cd28be54480c1295374caf2eacc3383
                                                                                  • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                  • Instruction Fuzzy Hash: A9A00272D0CD0AD1E648BB10EC9403BA336FB68304BC00037E00D620F09F3DA404DB20
                                                                                  Function 00007FF726E076C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressErrorLastProc
                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                  • API String ID: 199729137-3427451314
                                                                                  • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                  • Instruction ID: 19cf3bd53e8533bb11022611ebb47da236f52a0b1758f171921a9abf02d9067e
                                                                                  • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                  • Instruction Fuzzy Hash: B7029524D19B07D2EE15BB65AD559BBA263FF04745BE4003BD92E122A0FF3CB549CA30
                                                                                  Function 00007FF726E081D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00007FF726E09390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF726E045F4,00000000,00007FF726E01985), ref: 00007FF726E093C9
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,00007FF726E086B7,?,?,00000000,00007FF726E03CBB), ref: 00007FF726E0822C
                                                                                    • Part of subcall function 00007FF726E02810: MessageBoxW.USER32 ref: 00007FF726E028EA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                  • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                  • API String ID: 1662231829-930877121
                                                                                  • Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                  • Instruction ID: abadda9430dd74270878fac96b967fd6f83a0169573cb1b9567673aeabc6a74c
                                                                                  • Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                  • Instruction Fuzzy Hash: AF518121E28A8281FA50BB24EC556BFE292FF94780FC45437DA5E536D5EE3CE5048F60
                                                                                  Function 00007FF726E02180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                  • String ID: P%
                                                                                  • API String ID: 2147705588-2959514604
                                                                                  • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                  • Instruction ID: 269b0aab26e8bb2b7e15410f99ff4a62cdd6b6ad445ee29e20b5f8618534164d
                                                                                  • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                  • Instruction Fuzzy Hash: DA51F9269147A187D624AF35A8581BBB7A2F798B65F004126EBDE43694EF3CD045CB20
                                                                                  Function 00007FF726E080C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                  • String ID: Needs to remove its temporary files.
                                                                                  • API String ID: 3975851968-2863640275
                                                                                  • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                  • Instruction ID: 0bfa1609a62a38698c9f602ed5d3a79c6845f2e35a38511df60479a701fe61a2
                                                                                  • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                  • Instruction Fuzzy Hash: DE21A821F08A42C3EB417B79AC4417BA352FF84B94F984136DA3D433D4EE2CD5958A20
                                                                                  Function 00007FF726E16290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID: -$:$f$p$p
                                                                                  • API String ID: 3215553584-2013873522
                                                                                  • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                  • Instruction ID: a1748be9a82ae738f6af83dd9d9a0122cf39ebf6c48bb368f4ec524a0cfd1fc7
                                                                                  • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                  • Instruction Fuzzy Hash: C6126DE2E1824386FB207B149D542BBA791FB50750FE861F7D699466C4DB3CED80AF20
                                                                                  Function 00007FF726E10FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID: f$f$p$p$f
                                                                                  • API String ID: 3215553584-1325933183
                                                                                  • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                  • Instruction ID: c06cfc5d7e11b8eb7f03b1091a3519eb007a5944a6fe8813ccc1cf701bd5c1fe
                                                                                  • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                  • Instruction Fuzzy Hash: 701283A1E0C58386FB207A14EC442FBE695FB40754FC450B7D69A46AC8DB3CED81AF20
                                                                                  Function 00007FF726E01050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                  • API String ID: 2050909247-3659356012
                                                                                  • Opcode ID: 47f3973b0a4ab3f0772bfaa483c83d28d7c8f9bb5c685a1bc2e463b4d16b7a2a
                                                                                  • Instruction ID: 42fcbff4526794445048ec86ee3ff9a5e4a88eaede223f94fa2811c046e77666
                                                                                  • Opcode Fuzzy Hash: 47f3973b0a4ab3f0772bfaa483c83d28d7c8f9bb5c685a1bc2e463b4d16b7a2a
                                                                                  • Instruction Fuzzy Hash: B0419B61E0865286EA14FB62AC006BBE392FF54BC4FD44473ED4C2B786DE3CE5458B60
                                                                                  Function 00007FF726E01470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                  • API String ID: 2050909247-3659356012
                                                                                  • Opcode ID: 0d1645d061f4273fc9cf39e6abeba179f335d8c1755392ef8bb949abc3879981
                                                                                  • Instruction ID: 932e32977ad1560d2bf195ff85d61b361bd9124f07d38262bc0fa5a8051b63e0
                                                                                  • Opcode Fuzzy Hash: 0d1645d061f4273fc9cf39e6abeba179f335d8c1755392ef8bb949abc3879981
                                                                                  • Instruction Fuzzy Hash: BA417B65E0868286EA10FB619C406FBE391FF44798FC44533ED4D2BB95DE3CE9429B20
                                                                                  Function 00007FF726E0EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                  • String ID: csm$csm$csm
                                                                                  • API String ID: 849930591-393685449
                                                                                  • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                  • Instruction ID: adf9db8cfa22f4a5889a4dbb345996a857b87825d4e1b4b76eb490cb19209e99
                                                                                  • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                  • Instruction Fuzzy Hash: FDD17032E1874586EB20BB659C403AEB7A0FB45788F900136DE8D67799DF38E491CF91
                                                                                  Function 00007FF726E02C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF726E03706,?,00007FF726E03804), ref: 00007FF726E02C9E
                                                                                  • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF726E03706,?,00007FF726E03804), ref: 00007FF726E02D63
                                                                                  • MessageBoxW.USER32 ref: 00007FF726E02D99
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$CurrentFormatProcess
                                                                                  • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                  • API String ID: 3940978338-251083826
                                                                                  • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                  • Instruction ID: 65b9c03efdf3707f53f1827ff5268a5eca0d6c49802035fbd0ce71b1cb5dc53d
                                                                                  • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                  • Instruction Fuzzy Hash: 5631B772F0864146E620BB25BC506BBA692FF84B98F810137EF4D67759EE3CD546CB10
                                                                                  Function 00007FF726E0DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF726E0DF7A,?,?,?,00007FF726E0DC6C,?,?,?,00007FF726E0D869), ref: 00007FF726E0DD4D
                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF726E0DF7A,?,?,?,00007FF726E0DC6C,?,?,?,00007FF726E0D869), ref: 00007FF726E0DD5B
                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF726E0DF7A,?,?,?,00007FF726E0DC6C,?,?,?,00007FF726E0D869), ref: 00007FF726E0DD85
                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF726E0DF7A,?,?,?,00007FF726E0DC6C,?,?,?,00007FF726E0D869), ref: 00007FF726E0DDF3
                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF726E0DF7A,?,?,?,00007FF726E0DC6C,?,?,?,00007FF726E0D869), ref: 00007FF726E0DDFF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                  • String ID: api-ms-
                                                                                  • API String ID: 2559590344-2084034818
                                                                                  • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                  • Instruction ID: 5ea7b3ce122536ea458a9eb44df8f4655d02bccd571ad08555032a1602d7759b
                                                                                  • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                  • Instruction Fuzzy Hash: 1A318121F1A642D1EE12BB16AC006BAA395FF48BA4F994636DD1D573C0EF3DE4448F24
                                                                                  Function 00007FF726E06360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                  • API String ID: 2050909247-2434346643
                                                                                  • Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                  • Instruction ID: 80a876b34ccec4baabf6a84f3f9605b164fd5d8cab21900d383ccb8a3c3562ba
                                                                                  • Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                  • Instruction Fuzzy Hash: 42418D61E18A86D1EA21FB20EC542EBA352FF54744FD00137EA5C57295EF3CE509CBA0
                                                                                  Function 00007FF726E02A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF726E0351A,?,00000000,00007FF726E03F1B), ref: 00007FF726E02AA0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                  • API String ID: 2050909247-2900015858
                                                                                  • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                  • Instruction ID: 0278d6b7f9427f231a5f5df7943398d20a22da08efdd7930889d7fc8276465e2
                                                                                  • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                  • Instruction Fuzzy Hash: 4A218172E18B8182E720AB61BC817E7A3A4FB88784F800137FE8C57659DF7CD5498A50
                                                                                  Function 00007FF726E1B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 2506987500-0
                                                                                  • Opcode ID: f946d543860a9aafa217cdf04796d4a1fdc02a62057d03e66f86bdc0d0d7ee5e
                                                                                  • Instruction ID: 33236f479011e589eca06e2ea6f4ac81511cff76e20d417c24c666be5d8b0682
                                                                                  • Opcode Fuzzy Hash: f946d543860a9aafa217cdf04796d4a1fdc02a62057d03e66f86bdc0d0d7ee5e
                                                                                  • Instruction Fuzzy Hash: F5216DA0F0C64281F55573295E5113BD182FF44BB0F8166FBD83E476C6DE2CAC44AB61
                                                                                  Function 00007FF726E27D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                  • String ID: CONOUT$
                                                                                  • API String ID: 3230265001-3130406586
                                                                                  • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                  • Instruction ID: 2f163a8748eb8fcd6c1175bed95c4a95e8240cfee5e01dc7cd35f050f4c1b10e
                                                                                  • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                  • Instruction Fuzzy Hash: 7D118421E18B4187E750AB12FC5533BA6A2FB88FE4F44023AE95D87794DF3CD8548B50
                                                                                  Function 00007FF726E08ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E08EFD
                                                                                  • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E08F5A
                                                                                    • Part of subcall function 00007FF726E09390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF726E045F4,00000000,00007FF726E01985), ref: 00007FF726E093C9
                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E08FE5
                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E09044
                                                                                  • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E09055
                                                                                  • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E0906A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 3462794448-0
                                                                                  • Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                  • Instruction ID: 012c211c319a263e19bb8369509e7124f32123ebb439956955c5ee967ed6f270
                                                                                  • Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                  • Instruction Fuzzy Hash: DD418261E1D68281EA30BF11AD002ABB395FB94B84F841136DF9D67789EE3CE505CB20
                                                                                  Function 00007FF726E1B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B2D7
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B30D
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B33A
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B34B
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B35C
                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B377
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 2506987500-0
                                                                                  • Opcode ID: a73c1660fda7e30e36cc534f60f95dc40973691cd8e22e903400b50ab354b262
                                                                                  • Instruction ID: f4f2179f677cb423135f0b8653cc2f54d1d79c033aa11eeaf21f86fd9f96b6ea
                                                                                  • Opcode Fuzzy Hash: a73c1660fda7e30e36cc534f60f95dc40973691cd8e22e903400b50ab354b262
                                                                                  • Instruction Fuzzy Hash: 2A118E60E0C64282F65473295E5413FD182FF44BB0F8062F6E83E466D6EE6CA852AB21
                                                                                  Function 00007FF726E02910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF726E01B6A), ref: 00007FF726E0295E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                  • API String ID: 2050909247-2962405886
                                                                                  • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                  • Instruction ID: 9651b421cf808c2cbd50e3c1aadde9a2caf244c9ed2ddd3f770f1cc028442ac7
                                                                                  • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                  • Instruction Fuzzy Hash: 5C31E462F1868156E710B765AC412F7A295FF887D8F800137FE8D97749EF3CD54A8A10
                                                                                  Function 00007FF726E02390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                  • String ID: Unhandled exception in script
                                                                                  • API String ID: 3081866767-2699770090
                                                                                  • Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                  • Instruction ID: 180f59931105b0c4113679885d2eb111cf5c8a64574cf677c51ce5e1ef321c60
                                                                                  • Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                  • Instruction Fuzzy Hash: 6B316376E19A8189EB20FB21EC552FAA361FF88788F940136EA4D47B59DF3CD505CB10
                                                                                  Function 00007FF726E02B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF726E0918F,?,00007FF726E03C55), ref: 00007FF726E02BA0
                                                                                  • MessageBoxW.USER32 ref: 00007FF726E02C2A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentMessageProcess
                                                                                  • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                  • API String ID: 1672936522-3797743490
                                                                                  • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                  • Instruction ID: 1e0284d37ef7f1e78af234bd4a750611c70858c6eff62f888dc8d34aad653591
                                                                                  • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                  • Instruction Fuzzy Hash: 8D21A372B18B4182E710AB64FC847EBA3A5FB88784F800136EA8D57759DE3CE655CB50
                                                                                  Function 00007FF726E02710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF726E01B99), ref: 00007FF726E02760
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                  • API String ID: 2050909247-1591803126
                                                                                  • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                  • Instruction ID: e3c1d214bd07d81565b57b3131bf34b35971dcfb2ecae344d3bcea2eb386e60a
                                                                                  • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                  • Instruction Fuzzy Hash: 04217F72A18B8182E720AB60BC817E7A2A4FB88784F800136FA8C57659DF7CD5498E50
                                                                                  Function 00007FF726E19A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                  • API String ID: 4061214504-1276376045
                                                                                  • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                  • Instruction ID: 31d05e96127251418cd8dea8d12e0f4e24eea3c210aceed51aca97cecb502e66
                                                                                  • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                  • Instruction Fuzzy Hash: 89F0C261F0870682EA10AB30EC8437BA321FF45764F94127AC66E461E4DF3CE488DB20
                                                                                  Function 00007FF726E29368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _set_statfp
                                                                                  • String ID:
                                                                                  • API String ID: 1156100317-0
                                                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                  • Instruction ID: c33add04543c93d454d3b4c1624cd61874398448a71977ecf9922b665b7d5e89
                                                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                  • Instruction Fuzzy Hash: 81118662D5CA0303F7543167EC9937B9053FF79360E84263EEA6E162D6CE6C68414920
                                                                                  Function 00007FF726E1B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF726E1A5A3,?,?,00000000,00007FF726E1A83E,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1B3AF
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E1A5A3,?,?,00000000,00007FF726E1A83E,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1B3CE
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E1A5A3,?,?,00000000,00007FF726E1A83E,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1B3F6
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E1A5A3,?,?,00000000,00007FF726E1A83E,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1B407
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E1A5A3,?,?,00000000,00007FF726E1A83E,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1B418
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID:
                                                                                  • API String ID: 3702945584-0
                                                                                  • Opcode ID: ea2b5ddf3fb203e388cd8d135169dcae9bda325c41d7f30a81ad07aa88f8e3f8
                                                                                  • Instruction ID: 47899c634d090e2fc5aa2080a33d5298befa8eee318428e937ff0f5bcdf8f8b6
                                                                                  • Opcode Fuzzy Hash: ea2b5ddf3fb203e388cd8d135169dcae9bda325c41d7f30a81ad07aa88f8e3f8
                                                                                  • Instruction Fuzzy Hash: 901172A0E0864241F954B3296D5117BD181FF447B0FC8A3F7E83D466D6ED2CEC52AA21
                                                                                  Function 00007FF726E1B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID:
                                                                                  • API String ID: 3702945584-0
                                                                                  • Opcode ID: 61aa1ca27ee4b4cce3ff72c238a9d5187e9f974916594ca965d9c11c8b169c6c
                                                                                  • Instruction ID: a6ac6d68f5fdaff97d1382a9e3f39cf1df7ee89fd9b4019f5cf38fd7a5dc643c
                                                                                  • Opcode Fuzzy Hash: 61aa1ca27ee4b4cce3ff72c238a9d5187e9f974916594ca965d9c11c8b169c6c
                                                                                  • Instruction Fuzzy Hash: 3311F5A0E0820681F96873695D5117B9182EF46730FC867F6E93E4A6D2ED2CBC44BA71
                                                                                  Function 00007FF726E15FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID: verbose
                                                                                  • API String ID: 3215553584-579935070
                                                                                  • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                  • Instruction ID: c9ccd55b595e5f86eae9b4b339bb1e5d93560c99b0b78a64fed98df783bb0319
                                                                                  • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                  • Instruction Fuzzy Hash: F091B0E2E0864681E721AA24DC5037EB791FB40B54FE451B7DA5D473D6DE3CEC05AB20
                                                                                  Function 00007FF726E1FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                  • API String ID: 3215553584-1196891531
                                                                                  • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                  • Instruction ID: 96a4fe6874fa09b9846a36db79f293d94639bd252a644b3f23a6c4828d04915d
                                                                                  • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                  • Instruction Fuzzy Hash: 3681A1B2D0864385E7647E258D0037AA6E0FB51B44FD560F7CA0A87285CB2DED41BFA3
                                                                                  Function 00007FF726E0D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                  • String ID: csm
                                                                                  • API String ID: 2395640692-1018135373
                                                                                  • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                  • Instruction ID: 2c797e367ecf31b387510b7d15a47bd578b72a6400599c282ff8190c019461a4
                                                                                  • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                  • Instruction Fuzzy Hash: A751B032E196028ADB14BB15EC44A7EB391FB44B98F948136EA4D577C8DF7EE841CB10
                                                                                  Function 00007FF726E0EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallEncodePointerTranslator
                                                                                  • String ID: MOC$RCC
                                                                                  • API String ID: 3544855599-2084237596
                                                                                  • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                  • Instruction ID: 2c6cd0a00de8746617920acd04047823eb7e548f9976eafec7c19e35b6673dd8
                                                                                  • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                  • Instruction Fuzzy Hash: 29617F72D08B8585DB60AB15EC403AAB7A0FB85794F444236EB9C13B9ADF7CD194CB10
                                                                                  Function 00007FF726E0F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                  • String ID: csm$csm
                                                                                  • API String ID: 3896166516-3733052814
                                                                                  • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                  • Instruction ID: 3e24dfd7810ec51d99b39d67a2a8db589b939954f0c27c7bd7d3803ed691a54f
                                                                                  • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                  • Instruction Fuzzy Hash: F7519D32E0838286EB74BA219D4426AB7A0FB54B94F944137DE4C63B85CF3CE461CB12
                                                                                  Function 00007FF726E07E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNEL32(00000000,?,00007FF726E0352C,?,00000000,00007FF726E03F1B), ref: 00007FF726E07F32
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateDirectory
                                                                                  • String ID: %.*s$%s%c$\
                                                                                  • API String ID: 4241100979-1685191245
                                                                                  • Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                  • Instruction ID: ade9d731081c1ab58fe5eee759b9f5241d154fe7417828bc4d0fd9b7463e5d7d
                                                                                  • Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                  • Instruction Fuzzy Hash: 0531C721E19AC185EA21BB20EC513EBA255FB84BE0F800232EA6D577C9DE3CD6458F10
                                                                                  Function 00007FF726E02810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message
                                                                                  • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                  • API String ID: 2030045667-255084403
                                                                                  • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                  • Instruction ID: aa3fe2637024f8e72ce92a0e08cecb57ffee9fb5f89551cb0038cef75a19aae0
                                                                                  • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                  • Instruction Fuzzy Hash: A821A372B18B4182E710AB64FC447EBA3A5FB88784F800136EA8D57755DE3CE655CB50
                                                                                  Function 00007FF726E1C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                  • String ID:
                                                                                  • API String ID: 2718003287-0
                                                                                  • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                  • Instruction ID: 20309db69ae8213046661cca97ca330f702100162197c1b3f063370d11bfa13a
                                                                                  • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                  • Instruction Fuzzy Hash: 9CD115B2F18A818AE710DF65CC402AD77B1FB54B98B8051B6DE4E97B89DE3CD406DB10
                                                                                  Function 00007FF726E1F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _get_daylight$_isindst
                                                                                  • String ID:
                                                                                  • API String ID: 4170891091-0
                                                                                  • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                  • Instruction ID: e813c19e4d954cca172086d8bbb3441e1170c930b944bc696b46ab9308e5ca31
                                                                                  • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                  • Instruction Fuzzy Hash: 5A514BB2F0411186FB14EF649D656BEA7A1FF04368F9012B6DD1D52AD8DF3CA802CB50
                                                                                  Function 00007FF726E1577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                  • String ID:
                                                                                  • API String ID: 2780335769-0
                                                                                  • Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                  • Instruction ID: 8a1cc8fb389ee65cf0d3232cda94a3b744c57ca60c48f80d931569e707d537c0
                                                                                  • Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                  • Instruction Fuzzy Hash: A5519EA2E186418AFB10EF71DC503BEB7A1FB48B58F946476DE0D57688DF38D8409B20
                                                                                  Function 00007FF726E020C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                  • String ID:
                                                                                  • API String ID: 1956198572-0
                                                                                  • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                  • Instruction ID: f884b9b365a2ce43f31d3d38a59263a405a4c174eaae18b6fb26808562cdf8c2
                                                                                  • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                  • Instruction Fuzzy Hash: 1011A931F1C14246F654B769EDC42BB92D3FF88784FC48036DB4917B99DD2DE4958A10
                                                                                  Function 00007FF726E25B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                  • String ID: ?
                                                                                  • API String ID: 1286766494-1684325040
                                                                                  • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                  • Instruction ID: aea14c26675ba7772e2b8073da9a0119a1c8d394b14f9550fc961c2e50a3d157
                                                                                  • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                  • Instruction Fuzzy Hash: B241EA12E1828247F764A7259E5137BE753FB80BA4F94423AEE5D06AD9DF3CD4418F10
                                                                                  Function 00007FF726E19014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E19046
                                                                                    • Part of subcall function 00007FF726E1A948: RtlFreeHeap.NTDLL(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A95E
                                                                                    • Part of subcall function 00007FF726E1A948: GetLastError.KERNEL32(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A968
                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF726E0CBA5), ref: 00007FF726E19064
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                  • String ID: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                  • API String ID: 3580290477-1549054123
                                                                                  • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                  • Instruction ID: 5052dc7bc0c7c56dbf6e33484a20e856bc0cc74183edba6ecc3eef2280bc4084
                                                                                  • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                  • Instruction Fuzzy Hash: 8041B172E0864286EB15BF25DC800BEA395FF447D0B9560B7E94D07B85DE3CE881DB20
                                                                                  Function 00007FF726E1CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastWrite
                                                                                  • String ID: U
                                                                                  • API String ID: 442123175-4171548499
                                                                                  • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                  • Instruction ID: 893b192a82f77d89c8a0ac5bf0d7aa14b521019cb984963dc22695daa2caa1bb
                                                                                  • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                  • Instruction Fuzzy Hash: 8241B672B18A41C6D720AF25EC443AAA761FB88B84F845136EE4D87794EF3CD841DF50
                                                                                  Function 00007FF726E1F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentDirectory
                                                                                  • String ID: :
                                                                                  • API String ID: 1611563598-336475711
                                                                                  • Opcode ID: 3bdae23a32b24af1ddf8cbe843d64a75e174011d2d3780317ee270086031a135
                                                                                  • Instruction ID: c302ab16268f866a6fc66bb29e10f7e6025e1145568718d984c5811264838c54
                                                                                  • Opcode Fuzzy Hash: 3bdae23a32b24af1ddf8cbe843d64a75e174011d2d3780317ee270086031a135
                                                                                  • Instruction Fuzzy Hash: 2421E5A2E1864581EB20AB15DC4426EB3E2FB84B44FC541BAD64D43294DF7CE9458FE1
                                                                                  Function 00007FF726E0FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                  • String ID: csm
                                                                                  • API String ID: 2573137834-1018135373
                                                                                  • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                  • Instruction ID: a0ec1a7c1c466825b88979c7318d5d08fe60470fec143dcd5847279cbc4e23ad
                                                                                  • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                  • Instruction Fuzzy Hash: C611FE32A18B8582EB619F25E84025AB7E5FB88B98F584235DF8D17754DF3CD5518F00
                                                                                  Function 00007FF726E2073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1683191472.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1683161715.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683225315.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683252104.00007FF726E42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1683292490.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                  • String ID: :
                                                                                  • API String ID: 2595371189-336475711
                                                                                  • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                  • Instruction ID: 92282bdf63ada7944e97f2b22860aa059f6d236d8918709a8d10dbb22cc65e27
                                                                                  • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                  • Instruction Fuzzy Hash: 3C018F62D1824286F721BF609C6527FA3A2FF48744FC0103BD54D466D9EE3CE9049F24

                                                                                  Execution Graph

                                                                                  Execution Coverage:7.1%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:2000
                                                                                  Total number of Limit Nodes:29
                                                                                  execution_graph 19133 7ff726e1f98c 19134 7ff726e1fb7e 19133->19134 19136 7ff726e1f9ce _isindst 19133->19136 19135 7ff726e14f08 _get_daylight 11 API calls 19134->19135 19153 7ff726e1fb6e 19135->19153 19136->19134 19139 7ff726e1fa4e _isindst 19136->19139 19137 7ff726e0c550 _log10_special 8 API calls 19138 7ff726e1fb99 19137->19138 19154 7ff726e26194 19139->19154 19144 7ff726e1fbaa 19146 7ff726e1a900 _isindst 17 API calls 19144->19146 19148 7ff726e1fbbe 19146->19148 19151 7ff726e1faab 19151->19153 19179 7ff726e261d8 19151->19179 19153->19137 19155 7ff726e1fa6c 19154->19155 19156 7ff726e261a3 19154->19156 19161 7ff726e25598 19155->19161 19186 7ff726e202d8 EnterCriticalSection 19156->19186 19162 7ff726e1fa81 19161->19162 19163 7ff726e255a1 19161->19163 19162->19144 19167 7ff726e255c8 19162->19167 19164 7ff726e14f08 _get_daylight 11 API calls 19163->19164 19165 7ff726e255a6 19164->19165 19166 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19165->19166 19166->19162 19168 7ff726e1fa92 19167->19168 19169 7ff726e255d1 19167->19169 19168->19144 19173 7ff726e255f8 19168->19173 19170 7ff726e14f08 _get_daylight 11 API calls 19169->19170 19171 7ff726e255d6 19170->19171 19172 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19171->19172 19172->19168 19174 7ff726e25601 19173->19174 19178 7ff726e1faa3 19173->19178 19175 7ff726e14f08 _get_daylight 11 API calls 19174->19175 19176 7ff726e25606 19175->19176 19177 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19176->19177 19177->19178 19178->19144 19178->19151 19187 7ff726e202d8 EnterCriticalSection 19179->19187 18995 7ff726e15410 18996 7ff726e1541b 18995->18996 19004 7ff726e1f2a4 18996->19004 19017 7ff726e202d8 EnterCriticalSection 19004->19017 19018 7ff726e2adfe 19019 7ff726e2ae17 19018->19019 19020 7ff726e2ae0d 19018->19020 19022 7ff726e20338 LeaveCriticalSection 19020->19022 18843 7ff726e02fe0 18844 7ff726e02ff0 18843->18844 18845 7ff726e03041 18844->18845 18846 7ff726e0302b 18844->18846 18848 7ff726e03061 18845->18848 18858 7ff726e03077 __std_exception_destroy 18845->18858 18847 7ff726e02710 54 API calls 18846->18847 18870 7ff726e03037 __std_exception_destroy 18847->18870 18849 7ff726e02710 54 API calls 18848->18849 18849->18870 18850 7ff726e0c550 _log10_special 8 API calls 18851 7ff726e031fa 18850->18851 18852 7ff726e01470 116 API calls 18852->18858 18853 7ff726e03349 18854 7ff726e02710 54 API calls 18853->18854 18854->18870 18855 7ff726e01c80 49 API calls 18855->18858 18856 7ff726e03333 18857 7ff726e02710 54 API calls 18856->18857 18857->18870 18858->18852 18858->18853 18858->18855 18858->18856 18859 7ff726e0330d 18858->18859 18861 7ff726e03207 18858->18861 18858->18870 18860 7ff726e02710 54 API calls 18859->18860 18860->18870 18862 7ff726e03273 18861->18862 18871 7ff726e1a404 18861->18871 18864 7ff726e03290 18862->18864 18865 7ff726e0329e 18862->18865 18866 7ff726e1a404 37 API calls 18864->18866 18878 7ff726e02dd0 18865->18878 18868 7ff726e0329c 18866->18868 18882 7ff726e02500 18868->18882 18870->18850 18872 7ff726e1a41b 18871->18872 18875 7ff726e1a44c 18871->18875 18873 7ff726e1a4a4 __std_exception_copy 37 API calls 18872->18873 18872->18875 18874 7ff726e1a448 18873->18874 18874->18875 18876 7ff726e1a900 _isindst 17 API calls 18874->18876 18875->18862 18877 7ff726e1a478 18876->18877 18881 7ff726e02e04 18878->18881 18879 7ff726e02f6f 18879->18868 18880 7ff726e1a404 37 API calls 18880->18879 18881->18879 18881->18880 18883 7ff726e0252c 18882->18883 18884 7ff726e02536 18882->18884 18885 7ff726e09390 2 API calls 18883->18885 18886 7ff726e0254b 18884->18886 18888 7ff726e09390 2 API calls 18884->18888 18885->18884 18887 7ff726e02560 18886->18887 18889 7ff726e09390 2 API calls 18886->18889 18892 7ff726e02390 18887->18892 18888->18886 18889->18887 18891 7ff726e0257c __std_exception_destroy 18891->18870 18893 7ff726e0c850 18892->18893 18894 7ff726e023a9 GetModuleHandleW 18893->18894 18895 7ff726e023e5 __scrt_get_show_window_mode 18894->18895 18896 7ff726e025c0 48 API calls 18895->18896 18897 7ff726e0242b __scrt_get_show_window_mode 18896->18897 18898 7ff726e1796c 37 API calls 18897->18898 18899 7ff726e02451 18898->18899 18900 7ff726e1796c 37 API calls 18899->18900 18901 7ff726e0245e 18900->18901 18902 7ff726e1796c 37 API calls 18901->18902 18903 7ff726e0246b DialogBoxIndirectParamW 18902->18903 18904 7ff726e024a1 __std_exception_destroy 18903->18904 18905 7ff726e024c1 DeleteObject 18904->18905 18906 7ff726e024c7 18904->18906 18905->18906 18907 7ff726e024d3 DestroyIcon 18906->18907 18908 7ff726e024d9 18906->18908 18907->18908 18909 7ff726e0c550 _log10_special 8 API calls 18908->18909 18910 7ff726e024ea 18909->18910 18910->18891 18911 7ff726e19961 18912 7ff726e1a3d8 45 API calls 18911->18912 18913 7ff726e19966 18912->18913 18914 7ff726e199d7 18913->18914 18915 7ff726e1998d GetModuleHandleW 18913->18915 18923 7ff726e19864 18914->18923 18915->18914 18917 7ff726e1999a 18915->18917 18917->18914 18937 7ff726e19a88 GetModuleHandleExW 18917->18937 18943 7ff726e202d8 EnterCriticalSection 18923->18943 18938 7ff726e19abc GetProcAddress 18937->18938 18939 7ff726e19ae5 18937->18939 18942 7ff726e19ace 18938->18942 18940 7ff726e19aea FreeLibrary 18939->18940 18941 7ff726e19af1 18939->18941 18940->18941 18941->18914 18942->18939 19436 7ff726e208c8 19437 7ff726e208ec 19436->19437 19440 7ff726e208fc 19436->19440 19438 7ff726e14f08 _get_daylight 11 API calls 19437->19438 19458 7ff726e208f1 19438->19458 19439 7ff726e20bdc 19442 7ff726e14f08 _get_daylight 11 API calls 19439->19442 19440->19439 19441 7ff726e2091e 19440->19441 19443 7ff726e2093f 19441->19443 19567 7ff726e20f84 19441->19567 19444 7ff726e20be1 19442->19444 19447 7ff726e209b1 19443->19447 19449 7ff726e20965 19443->19449 19454 7ff726e209a5 19443->19454 19446 7ff726e1a948 __free_lconv_mon 11 API calls 19444->19446 19446->19458 19451 7ff726e1eb98 _get_daylight 11 API calls 19447->19451 19468 7ff726e20974 19447->19468 19448 7ff726e20a5e 19457 7ff726e20a7b 19448->19457 19465 7ff726e20acd 19448->19465 19582 7ff726e196c0 19449->19582 19455 7ff726e209c7 19451->19455 19453 7ff726e1a948 __free_lconv_mon 11 API calls 19453->19458 19454->19448 19454->19468 19588 7ff726e2712c 19454->19588 19459 7ff726e1a948 __free_lconv_mon 11 API calls 19455->19459 19462 7ff726e1a948 __free_lconv_mon 11 API calls 19457->19462 19463 7ff726e209d5 19459->19463 19460 7ff726e2098d 19460->19454 19467 7ff726e20f84 45 API calls 19460->19467 19461 7ff726e2096f 19464 7ff726e14f08 _get_daylight 11 API calls 19461->19464 19466 7ff726e20a84 19462->19466 19463->19454 19463->19468 19470 7ff726e1eb98 _get_daylight 11 API calls 19463->19470 19464->19468 19465->19468 19469 7ff726e233dc 40 API calls 19465->19469 19477 7ff726e20a89 19466->19477 19624 7ff726e233dc 19466->19624 19467->19454 19468->19453 19471 7ff726e20b0a 19469->19471 19472 7ff726e209f7 19470->19472 19473 7ff726e1a948 __free_lconv_mon 11 API calls 19471->19473 19475 7ff726e1a948 __free_lconv_mon 11 API calls 19472->19475 19476 7ff726e20b14 19473->19476 19475->19454 19476->19468 19476->19477 19478 7ff726e20bd0 19477->19478 19482 7ff726e1eb98 _get_daylight 11 API calls 19477->19482 19480 7ff726e1a948 __free_lconv_mon 11 API calls 19478->19480 19479 7ff726e20ab5 19481 7ff726e1a948 __free_lconv_mon 11 API calls 19479->19481 19480->19458 19481->19477 19483 7ff726e20b58 19482->19483 19484 7ff726e20b69 19483->19484 19485 7ff726e20b60 19483->19485 19487 7ff726e1a4a4 __std_exception_copy 37 API calls 19484->19487 19486 7ff726e1a948 __free_lconv_mon 11 API calls 19485->19486 19488 7ff726e20b67 19486->19488 19489 7ff726e20b78 19487->19489 19494 7ff726e1a948 __free_lconv_mon 11 API calls 19488->19494 19490 7ff726e20c0b 19489->19490 19491 7ff726e20b80 19489->19491 19493 7ff726e1a900 _isindst 17 API calls 19490->19493 19633 7ff726e27244 19491->19633 19496 7ff726e20c1f 19493->19496 19494->19458 19499 7ff726e20c48 19496->19499 19506 7ff726e20c58 19496->19506 19497 7ff726e20bc8 19500 7ff726e1a948 __free_lconv_mon 11 API calls 19497->19500 19498 7ff726e20ba7 19501 7ff726e14f08 _get_daylight 11 API calls 19498->19501 19502 7ff726e14f08 _get_daylight 11 API calls 19499->19502 19500->19478 19504 7ff726e20bac 19501->19504 19503 7ff726e20c4d 19502->19503 19507 7ff726e1a948 __free_lconv_mon 11 API calls 19504->19507 19505 7ff726e20f3b 19509 7ff726e14f08 _get_daylight 11 API calls 19505->19509 19506->19505 19508 7ff726e20c7a 19506->19508 19507->19488 19510 7ff726e20c97 19508->19510 19652 7ff726e2106c 19508->19652 19511 7ff726e20f40 19509->19511 19514 7ff726e20d0b 19510->19514 19516 7ff726e20cbf 19510->19516 19522 7ff726e20cff 19510->19522 19513 7ff726e1a948 __free_lconv_mon 11 API calls 19511->19513 19513->19503 19518 7ff726e20d33 19514->19518 19523 7ff726e1eb98 _get_daylight 11 API calls 19514->19523 19534 7ff726e20cce 19514->19534 19515 7ff726e20dbe 19525 7ff726e20ddb 19515->19525 19535 7ff726e20e2e 19515->19535 19667 7ff726e196fc 19516->19667 19520 7ff726e1eb98 _get_daylight 11 API calls 19518->19520 19518->19522 19518->19534 19526 7ff726e20d55 19520->19526 19521 7ff726e1a948 __free_lconv_mon 11 API calls 19521->19503 19522->19515 19522->19534 19673 7ff726e26fec 19522->19673 19527 7ff726e20d25 19523->19527 19531 7ff726e1a948 __free_lconv_mon 11 API calls 19525->19531 19532 7ff726e1a948 __free_lconv_mon 11 API calls 19526->19532 19533 7ff726e1a948 __free_lconv_mon 11 API calls 19527->19533 19528 7ff726e20ce7 19528->19522 19537 7ff726e2106c 45 API calls 19528->19537 19529 7ff726e20cc9 19530 7ff726e14f08 _get_daylight 11 API calls 19529->19530 19530->19534 19536 7ff726e20de4 19531->19536 19532->19522 19533->19518 19534->19521 19535->19534 19538 7ff726e233dc 40 API calls 19535->19538 19541 7ff726e233dc 40 API calls 19536->19541 19546 7ff726e20dea 19536->19546 19537->19522 19539 7ff726e20e6c 19538->19539 19540 7ff726e1a948 __free_lconv_mon 11 API calls 19539->19540 19542 7ff726e20e76 19540->19542 19544 7ff726e20e16 19541->19544 19542->19534 19542->19546 19543 7ff726e20f2f 19545 7ff726e1a948 __free_lconv_mon 11 API calls 19543->19545 19547 7ff726e1a948 __free_lconv_mon 11 API calls 19544->19547 19545->19503 19546->19543 19548 7ff726e1eb98 _get_daylight 11 API calls 19546->19548 19547->19546 19549 7ff726e20ebb 19548->19549 19550 7ff726e20ecc 19549->19550 19551 7ff726e20ec3 19549->19551 19553 7ff726e20474 37 API calls 19550->19553 19552 7ff726e1a948 __free_lconv_mon 11 API calls 19551->19552 19554 7ff726e20eca 19552->19554 19555 7ff726e20eda 19553->19555 19561 7ff726e1a948 __free_lconv_mon 11 API calls 19554->19561 19556 7ff726e20f6f 19555->19556 19557 7ff726e20ee2 SetEnvironmentVariableW 19555->19557 19560 7ff726e1a900 _isindst 17 API calls 19556->19560 19558 7ff726e20f27 19557->19558 19559 7ff726e20f06 19557->19559 19562 7ff726e1a948 __free_lconv_mon 11 API calls 19558->19562 19563 7ff726e14f08 _get_daylight 11 API calls 19559->19563 19564 7ff726e20f83 19560->19564 19561->19503 19562->19543 19565 7ff726e20f0b 19563->19565 19566 7ff726e1a948 __free_lconv_mon 11 API calls 19565->19566 19566->19554 19568 7ff726e20fb9 19567->19568 19569 7ff726e20fa1 19567->19569 19570 7ff726e1eb98 _get_daylight 11 API calls 19568->19570 19569->19443 19576 7ff726e20fdd 19570->19576 19571 7ff726e2103e 19573 7ff726e1a948 __free_lconv_mon 11 API calls 19571->19573 19572 7ff726e1a504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19574 7ff726e21068 19572->19574 19573->19569 19575 7ff726e1eb98 _get_daylight 11 API calls 19575->19576 19576->19571 19576->19575 19577 7ff726e1a948 __free_lconv_mon 11 API calls 19576->19577 19578 7ff726e1a4a4 __std_exception_copy 37 API calls 19576->19578 19579 7ff726e2104d 19576->19579 19581 7ff726e21062 19576->19581 19577->19576 19578->19576 19580 7ff726e1a900 _isindst 17 API calls 19579->19580 19580->19581 19581->19572 19583 7ff726e196d0 19582->19583 19585 7ff726e196d9 19582->19585 19583->19585 19697 7ff726e19198 19583->19697 19585->19460 19585->19461 19589 7ff726e27139 19588->19589 19590 7ff726e26254 19588->19590 19592 7ff726e14f4c 45 API calls 19589->19592 19591 7ff726e26261 19590->19591 19598 7ff726e26297 19590->19598 19595 7ff726e14f08 _get_daylight 11 API calls 19591->19595 19596 7ff726e26208 19591->19596 19594 7ff726e2716d 19592->19594 19593 7ff726e262c1 19597 7ff726e14f08 _get_daylight 11 API calls 19593->19597 19602 7ff726e27183 19594->19602 19605 7ff726e2719a 19594->19605 19617 7ff726e27172 19594->19617 19599 7ff726e2626b 19595->19599 19596->19454 19600 7ff726e262c6 19597->19600 19598->19593 19601 7ff726e262e6 19598->19601 19603 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19599->19603 19604 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19600->19604 19610 7ff726e14f4c 45 API calls 19601->19610 19615 7ff726e262d1 19601->19615 19606 7ff726e14f08 _get_daylight 11 API calls 19602->19606 19607 7ff726e26276 19603->19607 19604->19615 19608 7ff726e271a4 19605->19608 19609 7ff726e271b6 19605->19609 19611 7ff726e27188 19606->19611 19607->19454 19612 7ff726e14f08 _get_daylight 11 API calls 19608->19612 19613 7ff726e271c7 19609->19613 19614 7ff726e271de 19609->19614 19610->19615 19616 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19611->19616 19618 7ff726e271a9 19612->19618 19920 7ff726e262a4 19613->19920 19929 7ff726e28f4c 19614->19929 19615->19454 19616->19617 19617->19454 19621 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19618->19621 19621->19617 19623 7ff726e14f08 _get_daylight 11 API calls 19623->19617 19625 7ff726e2341b 19624->19625 19626 7ff726e233fe 19624->19626 19628 7ff726e23425 19625->19628 19969 7ff726e27c38 19625->19969 19626->19625 19627 7ff726e2340c 19626->19627 19629 7ff726e14f08 _get_daylight 11 API calls 19627->19629 19976 7ff726e27c74 19628->19976 19632 7ff726e23411 __scrt_get_show_window_mode 19629->19632 19632->19479 19634 7ff726e14f4c 45 API calls 19633->19634 19635 7ff726e272aa 19634->19635 19638 7ff726e272b8 19635->19638 19988 7ff726e1ef24 19635->19988 19991 7ff726e154ac 19638->19991 19640 7ff726e273a4 19643 7ff726e273b5 19640->19643 19644 7ff726e1a948 __free_lconv_mon 11 API calls 19640->19644 19641 7ff726e14f4c 45 API calls 19642 7ff726e27327 19641->19642 19646 7ff726e1ef24 5 API calls 19642->19646 19649 7ff726e27330 19642->19649 19645 7ff726e20ba3 19643->19645 19647 7ff726e1a948 __free_lconv_mon 11 API calls 19643->19647 19644->19643 19645->19497 19645->19498 19646->19649 19647->19645 19648 7ff726e154ac 14 API calls 19650 7ff726e2738b 19648->19650 19649->19648 19650->19640 19651 7ff726e27393 SetEnvironmentVariableW 19650->19651 19651->19640 19653 7ff726e210ac 19652->19653 19654 7ff726e2108f 19652->19654 19655 7ff726e1eb98 _get_daylight 11 API calls 19653->19655 19654->19510 19662 7ff726e210d0 19655->19662 19656 7ff726e21154 19658 7ff726e1a504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19656->19658 19657 7ff726e21131 19659 7ff726e1a948 __free_lconv_mon 11 API calls 19657->19659 19660 7ff726e2115a 19658->19660 19659->19654 19661 7ff726e1eb98 _get_daylight 11 API calls 19661->19662 19662->19656 19662->19657 19662->19661 19663 7ff726e1a948 __free_lconv_mon 11 API calls 19662->19663 19664 7ff726e20474 37 API calls 19662->19664 19665 7ff726e21140 19662->19665 19663->19662 19664->19662 19666 7ff726e1a900 _isindst 17 API calls 19665->19666 19666->19656 19668 7ff726e1970c 19667->19668 19669 7ff726e19715 19667->19669 19668->19669 20013 7ff726e1920c 19668->20013 19669->19528 19669->19529 19674 7ff726e26ff9 19673->19674 19678 7ff726e27026 19673->19678 19675 7ff726e26ffe 19674->19675 19674->19678 19676 7ff726e14f08 _get_daylight 11 API calls 19675->19676 19679 7ff726e27003 19676->19679 19677 7ff726e2706a 19680 7ff726e14f08 _get_daylight 11 API calls 19677->19680 19678->19677 19681 7ff726e27089 19678->19681 19695 7ff726e2705e __crtLCMapStringW 19678->19695 19682 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19679->19682 19683 7ff726e2706f 19680->19683 19684 7ff726e27093 19681->19684 19685 7ff726e270a5 19681->19685 19686 7ff726e2700e 19682->19686 19687 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19683->19687 19688 7ff726e14f08 _get_daylight 11 API calls 19684->19688 19689 7ff726e14f4c 45 API calls 19685->19689 19686->19522 19687->19695 19690 7ff726e27098 19688->19690 19691 7ff726e270b2 19689->19691 19692 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19690->19692 19691->19695 20060 7ff726e28b08 19691->20060 19692->19695 19695->19522 19696 7ff726e14f08 _get_daylight 11 API calls 19696->19695 19698 7ff726e191b1 19697->19698 19707 7ff726e191ad 19697->19707 19720 7ff726e225f0 19698->19720 19703 7ff726e191cf 19746 7ff726e1927c 19703->19746 19704 7ff726e191c3 19705 7ff726e1a948 __free_lconv_mon 11 API calls 19704->19705 19705->19707 19707->19585 19712 7ff726e194ec 19707->19712 19709 7ff726e1a948 __free_lconv_mon 11 API calls 19710 7ff726e191f6 19709->19710 19711 7ff726e1a948 __free_lconv_mon 11 API calls 19710->19711 19711->19707 19713 7ff726e1952e 19712->19713 19714 7ff726e19515 19712->19714 19713->19714 19715 7ff726e1eb98 _get_daylight 11 API calls 19713->19715 19716 7ff726e195be 19713->19716 19717 7ff726e207e8 WideCharToMultiByte 19713->19717 19719 7ff726e1a948 __free_lconv_mon 11 API calls 19713->19719 19714->19585 19715->19713 19718 7ff726e1a948 __free_lconv_mon 11 API calls 19716->19718 19717->19713 19718->19714 19719->19713 19721 7ff726e191b6 19720->19721 19722 7ff726e225fd 19720->19722 19726 7ff726e2292c GetEnvironmentStringsW 19721->19726 19765 7ff726e1b224 19722->19765 19727 7ff726e191bb 19726->19727 19728 7ff726e2295c 19726->19728 19727->19703 19727->19704 19729 7ff726e207e8 WideCharToMultiByte 19728->19729 19730 7ff726e229ad 19729->19730 19731 7ff726e229b4 FreeEnvironmentStringsW 19730->19731 19732 7ff726e1d5fc _fread_nolock 12 API calls 19730->19732 19731->19727 19733 7ff726e229c7 19732->19733 19734 7ff726e229d8 19733->19734 19735 7ff726e229cf 19733->19735 19737 7ff726e207e8 WideCharToMultiByte 19734->19737 19736 7ff726e1a948 __free_lconv_mon 11 API calls 19735->19736 19738 7ff726e229d6 19736->19738 19739 7ff726e229fb 19737->19739 19738->19731 19740 7ff726e22a09 19739->19740 19741 7ff726e229ff 19739->19741 19743 7ff726e1a948 __free_lconv_mon 11 API calls 19740->19743 19742 7ff726e1a948 __free_lconv_mon 11 API calls 19741->19742 19744 7ff726e22a07 FreeEnvironmentStringsW 19742->19744 19743->19744 19744->19727 19747 7ff726e192a1 19746->19747 19748 7ff726e1eb98 _get_daylight 11 API calls 19747->19748 19760 7ff726e192d7 19748->19760 19749 7ff726e192df 19750 7ff726e1a948 __free_lconv_mon 11 API calls 19749->19750 19752 7ff726e191d7 19750->19752 19751 7ff726e19352 19753 7ff726e1a948 __free_lconv_mon 11 API calls 19751->19753 19752->19709 19753->19752 19754 7ff726e1eb98 _get_daylight 11 API calls 19754->19760 19755 7ff726e19341 19914 7ff726e194a8 19755->19914 19756 7ff726e1a4a4 __std_exception_copy 37 API calls 19756->19760 19759 7ff726e19377 19762 7ff726e1a900 _isindst 17 API calls 19759->19762 19760->19749 19760->19751 19760->19754 19760->19755 19760->19756 19760->19759 19763 7ff726e1a948 __free_lconv_mon 11 API calls 19760->19763 19761 7ff726e1a948 __free_lconv_mon 11 API calls 19761->19749 19764 7ff726e1938a 19762->19764 19763->19760 19766 7ff726e1b250 FlsSetValue 19765->19766 19767 7ff726e1b235 FlsGetValue 19765->19767 19768 7ff726e1b25d 19766->19768 19769 7ff726e1b242 19766->19769 19767->19769 19770 7ff726e1b24a 19767->19770 19773 7ff726e1eb98 _get_daylight 11 API calls 19768->19773 19771 7ff726e1b248 19769->19771 19772 7ff726e1a504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19769->19772 19770->19766 19785 7ff726e222c4 19771->19785 19774 7ff726e1b2c5 19772->19774 19775 7ff726e1b26c 19773->19775 19776 7ff726e1b28a FlsSetValue 19775->19776 19777 7ff726e1b27a FlsSetValue 19775->19777 19779 7ff726e1b2a8 19776->19779 19780 7ff726e1b296 FlsSetValue 19776->19780 19778 7ff726e1b283 19777->19778 19781 7ff726e1a948 __free_lconv_mon 11 API calls 19778->19781 19782 7ff726e1aef4 _get_daylight 11 API calls 19779->19782 19780->19778 19781->19769 19783 7ff726e1b2b0 19782->19783 19784 7ff726e1a948 __free_lconv_mon 11 API calls 19783->19784 19784->19771 19808 7ff726e22534 19785->19808 19787 7ff726e222f9 19823 7ff726e21fc4 19787->19823 19790 7ff726e22316 19790->19721 19791 7ff726e1d5fc _fread_nolock 12 API calls 19792 7ff726e22327 19791->19792 19793 7ff726e2232f 19792->19793 19795 7ff726e2233e 19792->19795 19794 7ff726e1a948 __free_lconv_mon 11 API calls 19793->19794 19794->19790 19795->19795 19830 7ff726e2266c 19795->19830 19798 7ff726e2243a 19799 7ff726e14f08 _get_daylight 11 API calls 19798->19799 19801 7ff726e2243f 19799->19801 19800 7ff726e22495 19803 7ff726e224fc 19800->19803 19841 7ff726e21df4 19800->19841 19804 7ff726e1a948 __free_lconv_mon 11 API calls 19801->19804 19802 7ff726e22454 19802->19800 19805 7ff726e1a948 __free_lconv_mon 11 API calls 19802->19805 19807 7ff726e1a948 __free_lconv_mon 11 API calls 19803->19807 19804->19790 19805->19800 19807->19790 19809 7ff726e22557 19808->19809 19812 7ff726e22561 19809->19812 19856 7ff726e202d8 EnterCriticalSection 19809->19856 19811 7ff726e225d3 19811->19787 19812->19811 19815 7ff726e1a504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19812->19815 19816 7ff726e225eb 19815->19816 19818 7ff726e22642 19816->19818 19820 7ff726e1b224 50 API calls 19816->19820 19818->19787 19821 7ff726e2262c 19820->19821 19822 7ff726e222c4 65 API calls 19821->19822 19822->19818 19824 7ff726e14f4c 45 API calls 19823->19824 19825 7ff726e21fd8 19824->19825 19826 7ff726e21fe4 GetOEMCP 19825->19826 19827 7ff726e21ff6 19825->19827 19829 7ff726e2200b 19826->19829 19828 7ff726e21ffb GetACP 19827->19828 19827->19829 19828->19829 19829->19790 19829->19791 19831 7ff726e21fc4 47 API calls 19830->19831 19832 7ff726e22699 19831->19832 19833 7ff726e227ef 19832->19833 19835 7ff726e226d6 IsValidCodePage 19832->19835 19840 7ff726e226f0 __scrt_get_show_window_mode 19832->19840 19834 7ff726e0c550 _log10_special 8 API calls 19833->19834 19836 7ff726e22431 19834->19836 19835->19833 19837 7ff726e226e7 19835->19837 19836->19798 19836->19802 19838 7ff726e22716 GetCPInfo 19837->19838 19837->19840 19838->19833 19838->19840 19857 7ff726e220dc 19840->19857 19913 7ff726e202d8 EnterCriticalSection 19841->19913 19858 7ff726e22119 GetCPInfo 19857->19858 19859 7ff726e2220f 19857->19859 19858->19859 19865 7ff726e2212c 19858->19865 19860 7ff726e0c550 _log10_special 8 API calls 19859->19860 19862 7ff726e222ae 19860->19862 19861 7ff726e22e40 48 API calls 19863 7ff726e221a3 19861->19863 19862->19833 19868 7ff726e27b84 19863->19868 19865->19861 19867 7ff726e27b84 54 API calls 19867->19859 19869 7ff726e14f4c 45 API calls 19868->19869 19870 7ff726e27ba9 19869->19870 19873 7ff726e27850 19870->19873 19874 7ff726e27891 19873->19874 19875 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 19874->19875 19879 7ff726e278db 19875->19879 19876 7ff726e27b59 19878 7ff726e0c550 _log10_special 8 API calls 19876->19878 19877 7ff726e27a11 19877->19876 19882 7ff726e1a948 __free_lconv_mon 11 API calls 19877->19882 19880 7ff726e221d6 19878->19880 19879->19876 19879->19877 19881 7ff726e1d5fc _fread_nolock 12 API calls 19879->19881 19883 7ff726e27913 19879->19883 19880->19867 19881->19883 19882->19876 19883->19877 19884 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 19883->19884 19885 7ff726e27986 19884->19885 19885->19877 19904 7ff726e1f0e4 19885->19904 19888 7ff726e27a22 19890 7ff726e1d5fc _fread_nolock 12 API calls 19888->19890 19892 7ff726e27af4 19888->19892 19893 7ff726e27a40 19888->19893 19889 7ff726e279d1 19889->19877 19891 7ff726e1f0e4 __crtLCMapStringW 6 API calls 19889->19891 19890->19893 19891->19877 19892->19877 19894 7ff726e1a948 __free_lconv_mon 11 API calls 19892->19894 19893->19877 19895 7ff726e1f0e4 __crtLCMapStringW 6 API calls 19893->19895 19894->19877 19896 7ff726e27ac0 19895->19896 19896->19892 19897 7ff726e27ae0 19896->19897 19898 7ff726e27af6 19896->19898 19899 7ff726e207e8 WideCharToMultiByte 19897->19899 19900 7ff726e207e8 WideCharToMultiByte 19898->19900 19901 7ff726e27aee 19899->19901 19900->19901 19901->19892 19902 7ff726e27b0e 19901->19902 19902->19877 19903 7ff726e1a948 __free_lconv_mon 11 API calls 19902->19903 19903->19877 19905 7ff726e1ed10 __crtLCMapStringW 5 API calls 19904->19905 19906 7ff726e1f122 19905->19906 19907 7ff726e1f12a 19906->19907 19910 7ff726e1f1d0 19906->19910 19907->19877 19907->19888 19907->19889 19909 7ff726e1f193 LCMapStringW 19909->19907 19911 7ff726e1ed10 __crtLCMapStringW 5 API calls 19910->19911 19912 7ff726e1f1fe __crtLCMapStringW 19911->19912 19912->19909 19915 7ff726e194ad 19914->19915 19919 7ff726e19349 19914->19919 19916 7ff726e194d6 19915->19916 19917 7ff726e1a948 __free_lconv_mon 11 API calls 19915->19917 19918 7ff726e1a948 __free_lconv_mon 11 API calls 19916->19918 19917->19915 19918->19919 19919->19761 19921 7ff726e262d8 19920->19921 19922 7ff726e262c1 19920->19922 19921->19922 19925 7ff726e262e6 19921->19925 19923 7ff726e14f08 _get_daylight 11 API calls 19922->19923 19924 7ff726e262c6 19923->19924 19926 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19924->19926 19927 7ff726e14f4c 45 API calls 19925->19927 19928 7ff726e262d1 19925->19928 19926->19928 19927->19928 19928->19617 19930 7ff726e14f4c 45 API calls 19929->19930 19931 7ff726e28f71 19930->19931 19934 7ff726e28bc8 19931->19934 19937 7ff726e28c16 19934->19937 19935 7ff726e0c550 _log10_special 8 API calls 19936 7ff726e27205 19935->19936 19936->19617 19936->19623 19938 7ff726e28c9d 19937->19938 19940 7ff726e28c88 GetCPInfo 19937->19940 19941 7ff726e28ca1 19937->19941 19939 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 19938->19939 19938->19941 19942 7ff726e28d35 19939->19942 19940->19938 19940->19941 19941->19935 19942->19941 19943 7ff726e1d5fc _fread_nolock 12 API calls 19942->19943 19944 7ff726e28d6c 19942->19944 19943->19944 19944->19941 19945 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 19944->19945 19946 7ff726e28dda 19945->19946 19947 7ff726e28ebc 19946->19947 19948 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 19946->19948 19947->19941 19949 7ff726e1a948 __free_lconv_mon 11 API calls 19947->19949 19950 7ff726e28e00 19948->19950 19949->19941 19950->19947 19951 7ff726e1d5fc _fread_nolock 12 API calls 19950->19951 19952 7ff726e28e2d 19950->19952 19951->19952 19952->19947 19953 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 19952->19953 19954 7ff726e28ea4 19953->19954 19955 7ff726e28eaa 19954->19955 19956 7ff726e28ec4 19954->19956 19955->19947 19958 7ff726e1a948 __free_lconv_mon 11 API calls 19955->19958 19963 7ff726e1ef68 19956->19963 19958->19947 19960 7ff726e28f03 19960->19941 19962 7ff726e1a948 __free_lconv_mon 11 API calls 19960->19962 19961 7ff726e1a948 __free_lconv_mon 11 API calls 19961->19960 19962->19941 19964 7ff726e1ed10 __crtLCMapStringW 5 API calls 19963->19964 19965 7ff726e1efa6 19964->19965 19966 7ff726e1efae 19965->19966 19967 7ff726e1f1d0 __crtLCMapStringW 5 API calls 19965->19967 19966->19960 19966->19961 19968 7ff726e1f017 CompareStringW 19967->19968 19968->19966 19970 7ff726e27c5a HeapSize 19969->19970 19971 7ff726e27c41 19969->19971 19972 7ff726e14f08 _get_daylight 11 API calls 19971->19972 19973 7ff726e27c46 19972->19973 19974 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19973->19974 19975 7ff726e27c51 19974->19975 19975->19628 19977 7ff726e27c89 19976->19977 19978 7ff726e27c93 19976->19978 19979 7ff726e1d5fc _fread_nolock 12 API calls 19977->19979 19980 7ff726e27c98 19978->19980 19987 7ff726e27c9f _get_daylight 19978->19987 19985 7ff726e27c91 19979->19985 19981 7ff726e1a948 __free_lconv_mon 11 API calls 19980->19981 19981->19985 19982 7ff726e27cd2 HeapReAlloc 19982->19985 19982->19987 19983 7ff726e27ca5 19984 7ff726e14f08 _get_daylight 11 API calls 19983->19984 19984->19985 19985->19632 19986 7ff726e23590 _get_daylight 2 API calls 19986->19987 19987->19982 19987->19983 19987->19986 19989 7ff726e1ed10 __crtLCMapStringW 5 API calls 19988->19989 19990 7ff726e1ef44 19989->19990 19990->19638 19992 7ff726e154fa 19991->19992 19993 7ff726e154d6 19991->19993 19994 7ff726e154ff 19992->19994 19995 7ff726e15554 19992->19995 19996 7ff726e154e5 19993->19996 19998 7ff726e1a948 __free_lconv_mon 11 API calls 19993->19998 19994->19996 19999 7ff726e15514 19994->19999 20000 7ff726e1a948 __free_lconv_mon 11 API calls 19994->20000 19997 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 19995->19997 19996->19640 19996->19641 20004 7ff726e15570 19997->20004 19998->19996 20001 7ff726e1d5fc _fread_nolock 12 API calls 19999->20001 20000->19999 20001->19996 20002 7ff726e15577 GetLastError 20003 7ff726e14e7c _fread_nolock 11 API calls 20002->20003 20006 7ff726e15584 20003->20006 20004->20002 20007 7ff726e1a948 __free_lconv_mon 11 API calls 20004->20007 20011 7ff726e155a5 20004->20011 20012 7ff726e155b2 20004->20012 20005 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 20009 7ff726e155f6 20005->20009 20010 7ff726e14f08 _get_daylight 11 API calls 20006->20010 20007->20011 20008 7ff726e1d5fc _fread_nolock 12 API calls 20008->20012 20009->19996 20009->20002 20010->19996 20011->20008 20012->19996 20012->20005 20014 7ff726e19225 20013->20014 20021 7ff726e19221 20013->20021 20034 7ff726e22a3c GetEnvironmentStringsW 20014->20034 20017 7ff726e1923e 20041 7ff726e1938c 20017->20041 20018 7ff726e19232 20019 7ff726e1a948 __free_lconv_mon 11 API calls 20018->20019 20019->20021 20021->19669 20026 7ff726e195cc 20021->20026 20023 7ff726e1a948 __free_lconv_mon 11 API calls 20024 7ff726e19265 20023->20024 20025 7ff726e1a948 __free_lconv_mon 11 API calls 20024->20025 20025->20021 20027 7ff726e195ef 20026->20027 20032 7ff726e19606 20026->20032 20027->19669 20028 7ff726e1f8a0 MultiByteToWideChar _fread_nolock 20028->20032 20029 7ff726e1eb98 _get_daylight 11 API calls 20029->20032 20030 7ff726e1967a 20031 7ff726e1a948 __free_lconv_mon 11 API calls 20030->20031 20031->20027 20032->20027 20032->20028 20032->20029 20032->20030 20033 7ff726e1a948 __free_lconv_mon 11 API calls 20032->20033 20033->20032 20035 7ff726e22a60 20034->20035 20036 7ff726e1922a 20034->20036 20037 7ff726e1d5fc _fread_nolock 12 API calls 20035->20037 20036->20017 20036->20018 20038 7ff726e22a97 memcpy_s 20037->20038 20039 7ff726e1a948 __free_lconv_mon 11 API calls 20038->20039 20040 7ff726e22ab7 FreeEnvironmentStringsW 20039->20040 20040->20036 20042 7ff726e193b4 20041->20042 20043 7ff726e1eb98 _get_daylight 11 API calls 20042->20043 20054 7ff726e193ef 20043->20054 20044 7ff726e1a948 __free_lconv_mon 11 API calls 20046 7ff726e19246 20044->20046 20045 7ff726e19471 20047 7ff726e1a948 __free_lconv_mon 11 API calls 20045->20047 20046->20023 20047->20046 20048 7ff726e1eb98 _get_daylight 11 API calls 20048->20054 20049 7ff726e19460 20051 7ff726e194a8 11 API calls 20049->20051 20050 7ff726e20474 37 API calls 20050->20054 20052 7ff726e19468 20051->20052 20053 7ff726e1a948 __free_lconv_mon 11 API calls 20052->20053 20056 7ff726e193f7 20053->20056 20054->20045 20054->20048 20054->20049 20054->20050 20055 7ff726e19494 20054->20055 20054->20056 20058 7ff726e1a948 __free_lconv_mon 11 API calls 20054->20058 20057 7ff726e1a900 _isindst 17 API calls 20055->20057 20056->20044 20059 7ff726e194a6 20057->20059 20058->20054 20061 7ff726e28b31 __crtLCMapStringW 20060->20061 20062 7ff726e1ef68 6 API calls 20061->20062 20063 7ff726e270ee 20061->20063 20062->20063 20063->19695 20063->19696 19029 7ff726e1afd0 19030 7ff726e1afd5 19029->19030 19034 7ff726e1afea 19029->19034 19035 7ff726e1aff0 19030->19035 19036 7ff726e1b03a 19035->19036 19037 7ff726e1b032 19035->19037 19039 7ff726e1a948 __free_lconv_mon 11 API calls 19036->19039 19038 7ff726e1a948 __free_lconv_mon 11 API calls 19037->19038 19038->19036 19040 7ff726e1b047 19039->19040 19041 7ff726e1a948 __free_lconv_mon 11 API calls 19040->19041 19042 7ff726e1b054 19041->19042 19043 7ff726e1a948 __free_lconv_mon 11 API calls 19042->19043 19044 7ff726e1b061 19043->19044 19045 7ff726e1a948 __free_lconv_mon 11 API calls 19044->19045 19046 7ff726e1b06e 19045->19046 19047 7ff726e1a948 __free_lconv_mon 11 API calls 19046->19047 19048 7ff726e1b07b 19047->19048 19049 7ff726e1a948 __free_lconv_mon 11 API calls 19048->19049 19050 7ff726e1b088 19049->19050 19051 7ff726e1a948 __free_lconv_mon 11 API calls 19050->19051 19052 7ff726e1b095 19051->19052 19053 7ff726e1a948 __free_lconv_mon 11 API calls 19052->19053 19054 7ff726e1b0a5 19053->19054 19055 7ff726e1a948 __free_lconv_mon 11 API calls 19054->19055 19056 7ff726e1b0b5 19055->19056 19061 7ff726e1ae94 19056->19061 19075 7ff726e202d8 EnterCriticalSection 19061->19075 19261 7ff726e19d50 19264 7ff726e19ccc 19261->19264 19271 7ff726e202d8 EnterCriticalSection 19264->19271 19272 7ff726e0cb50 19273 7ff726e0cb60 19272->19273 19289 7ff726e19ba8 19273->19289 19275 7ff726e0cb6c 19295 7ff726e0ce48 19275->19295 19277 7ff726e0d12c 7 API calls 19279 7ff726e0cc05 19277->19279 19278 7ff726e0cb84 _RTC_Initialize 19287 7ff726e0cbd9 19278->19287 19300 7ff726e0cff8 19278->19300 19281 7ff726e0cb99 19303 7ff726e19014 19281->19303 19287->19277 19288 7ff726e0cbf5 19287->19288 19290 7ff726e19bb9 19289->19290 19291 7ff726e14f08 _get_daylight 11 API calls 19290->19291 19292 7ff726e19bc1 19290->19292 19293 7ff726e19bd0 19291->19293 19292->19275 19294 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19293->19294 19294->19292 19296 7ff726e0ce59 19295->19296 19297 7ff726e0ce5e __scrt_release_startup_lock 19295->19297 19296->19297 19298 7ff726e0d12c 7 API calls 19296->19298 19297->19278 19299 7ff726e0ced2 19298->19299 19328 7ff726e0cfbc 19300->19328 19302 7ff726e0d001 19302->19281 19304 7ff726e19034 19303->19304 19305 7ff726e0cba5 19303->19305 19306 7ff726e1903c 19304->19306 19307 7ff726e19052 GetModuleFileNameW 19304->19307 19305->19287 19327 7ff726e0d0cc InitializeSListHead 19305->19327 19308 7ff726e14f08 _get_daylight 11 API calls 19306->19308 19311 7ff726e1907d 19307->19311 19309 7ff726e19041 19308->19309 19310 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 19309->19310 19310->19305 19343 7ff726e18fb4 19311->19343 19314 7ff726e190c5 19315 7ff726e14f08 _get_daylight 11 API calls 19314->19315 19316 7ff726e190ca 19315->19316 19317 7ff726e1a948 __free_lconv_mon 11 API calls 19316->19317 19317->19305 19318 7ff726e190ff 19320 7ff726e1a948 __free_lconv_mon 11 API calls 19318->19320 19319 7ff726e190dd 19319->19318 19321 7ff726e1912b 19319->19321 19322 7ff726e19144 19319->19322 19320->19305 19323 7ff726e1a948 __free_lconv_mon 11 API calls 19321->19323 19324 7ff726e1a948 __free_lconv_mon 11 API calls 19322->19324 19325 7ff726e19134 19323->19325 19324->19318 19326 7ff726e1a948 __free_lconv_mon 11 API calls 19325->19326 19326->19305 19329 7ff726e0cfd6 19328->19329 19331 7ff726e0cfcf 19328->19331 19332 7ff726e1a1ec 19329->19332 19331->19302 19335 7ff726e19e28 19332->19335 19342 7ff726e202d8 EnterCriticalSection 19335->19342 19344 7ff726e18fcc 19343->19344 19348 7ff726e19004 19343->19348 19345 7ff726e1eb98 _get_daylight 11 API calls 19344->19345 19344->19348 19346 7ff726e18ffa 19345->19346 19347 7ff726e1a948 __free_lconv_mon 11 API calls 19346->19347 19347->19348 19348->19314 19348->19319 16363 7ff726e0cc3c 16384 7ff726e0ce0c 16363->16384 16366 7ff726e0cd88 16543 7ff726e0d12c IsProcessorFeaturePresent 16366->16543 16367 7ff726e0cc58 __scrt_acquire_startup_lock 16369 7ff726e0cd92 16367->16369 16376 7ff726e0cc76 __scrt_release_startup_lock 16367->16376 16370 7ff726e0d12c 7 API calls 16369->16370 16372 7ff726e0cd9d __FrameHandler3::FrameUnwindToEmptyState 16370->16372 16371 7ff726e0cc9b 16373 7ff726e0cd21 16390 7ff726e0d274 16373->16390 16375 7ff726e0cd26 16393 7ff726e01000 16375->16393 16376->16371 16376->16373 16532 7ff726e19b2c 16376->16532 16381 7ff726e0cd49 16381->16372 16539 7ff726e0cf90 16381->16539 16385 7ff726e0ce14 16384->16385 16386 7ff726e0ce20 __scrt_dllmain_crt_thread_attach 16385->16386 16387 7ff726e0cc50 16386->16387 16388 7ff726e0ce2d 16386->16388 16387->16366 16387->16367 16388->16387 16550 7ff726e0d888 16388->16550 16391 7ff726e2a4d0 __scrt_get_show_window_mode 16390->16391 16392 7ff726e0d28b GetStartupInfoW 16391->16392 16392->16375 16394 7ff726e01009 16393->16394 16577 7ff726e15484 16394->16577 16396 7ff726e037fb 16584 7ff726e036b0 16396->16584 16401 7ff726e0c550 _log10_special 8 API calls 16404 7ff726e03ca7 16401->16404 16402 7ff726e0383c 16687 7ff726e01c80 16402->16687 16403 7ff726e0391b 16696 7ff726e045c0 16403->16696 16537 7ff726e0d2b8 GetModuleHandleW 16404->16537 16407 7ff726e0385b 16656 7ff726e08830 16407->16656 16410 7ff726e0396a 16719 7ff726e02710 16410->16719 16412 7ff726e0388e 16421 7ff726e038bb __std_exception_destroy 16412->16421 16691 7ff726e089a0 16412->16691 16414 7ff726e0395d 16415 7ff726e03984 16414->16415 16416 7ff726e03962 16414->16416 16417 7ff726e01c80 49 API calls 16415->16417 16715 7ff726e1004c 16416->16715 16420 7ff726e039a3 16417->16420 16426 7ff726e01950 115 API calls 16420->16426 16423 7ff726e08830 14 API calls 16421->16423 16429 7ff726e038de __std_exception_destroy 16421->16429 16423->16429 16424 7ff726e03a0b 16425 7ff726e089a0 40 API calls 16424->16425 16427 7ff726e03a17 16425->16427 16428 7ff726e039ce 16426->16428 16430 7ff726e089a0 40 API calls 16427->16430 16428->16407 16431 7ff726e039de 16428->16431 16435 7ff726e0390e __std_exception_destroy 16429->16435 16730 7ff726e08940 16429->16730 16432 7ff726e03a23 16430->16432 16433 7ff726e02710 54 API calls 16431->16433 16434 7ff726e089a0 40 API calls 16432->16434 16478 7ff726e03808 __std_exception_destroy 16433->16478 16434->16435 16436 7ff726e08830 14 API calls 16435->16436 16437 7ff726e03a3b 16436->16437 16438 7ff726e03a60 __std_exception_destroy 16437->16438 16439 7ff726e03b2f 16437->16439 16441 7ff726e08940 40 API calls 16438->16441 16452 7ff726e03aab 16438->16452 16440 7ff726e02710 54 API calls 16439->16440 16440->16478 16441->16452 16442 7ff726e08830 14 API calls 16443 7ff726e03bf4 __std_exception_destroy 16442->16443 16444 7ff726e03c46 16443->16444 16445 7ff726e03d41 16443->16445 16447 7ff726e03cd4 16444->16447 16448 7ff726e03c50 16444->16448 16785 7ff726e044e0 16445->16785 16450 7ff726e08830 14 API calls 16447->16450 16737 7ff726e090e0 16448->16737 16454 7ff726e03ce0 16450->16454 16451 7ff726e03d4f 16455 7ff726e03d65 16451->16455 16456 7ff726e03d71 16451->16456 16452->16442 16458 7ff726e03c61 16454->16458 16461 7ff726e03ced 16454->16461 16788 7ff726e04630 16455->16788 16460 7ff726e01c80 49 API calls 16456->16460 16457 7ff726e03cb3 16754 7ff726e08660 16457->16754 16463 7ff726e02710 54 API calls 16458->16463 16472 7ff726e03d2b __std_exception_destroy 16460->16472 16464 7ff726e01c80 49 API calls 16461->16464 16463->16478 16467 7ff726e03d0b 16464->16467 16465 7ff726e03dbc 16669 7ff726e09390 16465->16669 16471 7ff726e03d12 16467->16471 16467->16472 16475 7ff726e02710 54 API calls 16471->16475 16472->16465 16473 7ff726e03da7 LoadLibraryExW 16472->16473 16473->16465 16474 7ff726e03dcf SetDllDirectoryW 16477 7ff726e03e02 16474->16477 16521 7ff726e03e52 16474->16521 16475->16478 16479 7ff726e08830 14 API calls 16477->16479 16478->16401 16488 7ff726e03e0e __std_exception_destroy 16479->16488 16480 7ff726e04000 16481 7ff726e0402d 16480->16481 16482 7ff726e0400a PostMessageW GetMessageW 16480->16482 16674 7ff726e03360 16481->16674 16482->16481 16483 7ff726e03f13 16865 7ff726e033c0 16483->16865 16491 7ff726e03eea 16488->16491 16495 7ff726e03e46 16488->16495 16494 7ff726e08940 40 API calls 16491->16494 16494->16521 16495->16521 16791 7ff726e06dc0 16495->16791 16521->16480 16521->16483 16533 7ff726e19b64 16532->16533 16534 7ff726e19b43 16532->16534 18838 7ff726e1a3d8 16533->18838 16534->16373 16538 7ff726e0d2c9 16537->16538 16538->16381 16541 7ff726e0cfa1 16539->16541 16540 7ff726e0cd60 16540->16371 16541->16540 16542 7ff726e0d888 7 API calls 16541->16542 16542->16540 16544 7ff726e0d152 _isindst __scrt_get_show_window_mode 16543->16544 16545 7ff726e0d171 RtlCaptureContext RtlLookupFunctionEntry 16544->16545 16546 7ff726e0d19a RtlVirtualUnwind 16545->16546 16547 7ff726e0d1d6 __scrt_get_show_window_mode 16545->16547 16546->16547 16548 7ff726e0d208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16547->16548 16549 7ff726e0d256 _isindst 16548->16549 16549->16369 16551 7ff726e0d89a 16550->16551 16552 7ff726e0d890 16550->16552 16551->16387 16556 7ff726e0dc24 16552->16556 16557 7ff726e0d895 16556->16557 16558 7ff726e0dc33 16556->16558 16560 7ff726e0dc90 16557->16560 16564 7ff726e0de60 16558->16564 16561 7ff726e0dcbb 16560->16561 16562 7ff726e0dc9e DeleteCriticalSection 16561->16562 16563 7ff726e0dcbf 16561->16563 16562->16561 16563->16551 16568 7ff726e0dcc8 16564->16568 16573 7ff726e0dd0c __vcrt_InitializeCriticalSectionEx 16568->16573 16575 7ff726e0ddb2 TlsFree 16568->16575 16569 7ff726e0dd3a LoadLibraryExW 16571 7ff726e0ddd9 16569->16571 16572 7ff726e0dd5b GetLastError 16569->16572 16570 7ff726e0ddf9 GetProcAddress 16570->16575 16571->16570 16574 7ff726e0ddf0 FreeLibrary 16571->16574 16572->16573 16573->16569 16573->16570 16573->16575 16576 7ff726e0dd7d LoadLibraryExW 16573->16576 16574->16570 16576->16571 16576->16573 16580 7ff726e1f480 16577->16580 16578 7ff726e1f4d3 16579 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 16578->16579 16581 7ff726e1f4fc 16579->16581 16580->16578 16582 7ff726e1f526 16580->16582 16581->16396 16885 7ff726e1f358 16582->16885 16893 7ff726e0c850 16584->16893 16587 7ff726e03710 16895 7ff726e09280 FindFirstFileExW 16587->16895 16588 7ff726e036eb GetLastError 16900 7ff726e02c50 16588->16900 16592 7ff726e03723 16915 7ff726e09300 CreateFileW 16592->16915 16593 7ff726e0377d 16926 7ff726e09440 16593->16926 16595 7ff726e0c550 _log10_special 8 API calls 16597 7ff726e037b5 16595->16597 16597->16478 16606 7ff726e01950 16597->16606 16599 7ff726e0378b 16602 7ff726e02810 49 API calls 16599->16602 16604 7ff726e03706 16599->16604 16600 7ff726e03734 16918 7ff726e02810 16600->16918 16601 7ff726e0374c __vcrt_InitializeCriticalSectionEx 16601->16593 16602->16604 16604->16595 16607 7ff726e045c0 108 API calls 16606->16607 16608 7ff726e01985 16607->16608 16609 7ff726e01c43 16608->16609 16611 7ff726e07f90 83 API calls 16608->16611 16610 7ff726e0c550 _log10_special 8 API calls 16609->16610 16612 7ff726e01c5e 16610->16612 16613 7ff726e019cb 16611->16613 16612->16402 16612->16403 16655 7ff726e01a03 16613->16655 17290 7ff726e106d4 16613->17290 16615 7ff726e1004c 74 API calls 16615->16609 16616 7ff726e019e5 16617 7ff726e019e9 16616->16617 16618 7ff726e01a08 16616->16618 16619 7ff726e14f08 _get_daylight 11 API calls 16617->16619 17294 7ff726e1039c 16618->17294 16621 7ff726e019ee 16619->16621 17297 7ff726e02910 16621->17297 16624 7ff726e01a26 16626 7ff726e14f08 _get_daylight 11 API calls 16624->16626 16625 7ff726e01a45 16629 7ff726e01a5c 16625->16629 16630 7ff726e01a7b 16625->16630 16627 7ff726e01a2b 16626->16627 16628 7ff726e02910 54 API calls 16627->16628 16628->16655 16631 7ff726e14f08 _get_daylight 11 API calls 16629->16631 16632 7ff726e01c80 49 API calls 16630->16632 16633 7ff726e01a61 16631->16633 16634 7ff726e01a92 16632->16634 16635 7ff726e02910 54 API calls 16633->16635 16636 7ff726e01c80 49 API calls 16634->16636 16635->16655 16637 7ff726e01add 16636->16637 16638 7ff726e106d4 73 API calls 16637->16638 16639 7ff726e01b01 16638->16639 16640 7ff726e01b16 16639->16640 16641 7ff726e01b35 16639->16641 16643 7ff726e14f08 _get_daylight 11 API calls 16640->16643 16642 7ff726e1039c _fread_nolock 53 API calls 16641->16642 16644 7ff726e01b4a 16642->16644 16645 7ff726e01b1b 16643->16645 16647 7ff726e01b50 16644->16647 16648 7ff726e01b6f 16644->16648 16646 7ff726e02910 54 API calls 16645->16646 16646->16655 16649 7ff726e14f08 _get_daylight 11 API calls 16647->16649 17312 7ff726e10110 16648->17312 16651 7ff726e01b55 16649->16651 16653 7ff726e02910 54 API calls 16651->16653 16653->16655 16654 7ff726e02710 54 API calls 16654->16655 16655->16615 16657 7ff726e0883a 16656->16657 16658 7ff726e09390 2 API calls 16657->16658 16659 7ff726e08859 GetEnvironmentVariableW 16658->16659 16660 7ff726e088c2 16659->16660 16661 7ff726e08876 ExpandEnvironmentStringsW 16659->16661 16663 7ff726e0c550 _log10_special 8 API calls 16660->16663 16661->16660 16662 7ff726e08898 16661->16662 16664 7ff726e09440 2 API calls 16662->16664 16665 7ff726e088d4 16663->16665 16666 7ff726e088aa 16664->16666 16665->16412 16667 7ff726e0c550 _log10_special 8 API calls 16666->16667 16668 7ff726e088ba 16667->16668 16668->16412 16670 7ff726e093b2 MultiByteToWideChar 16669->16670 16671 7ff726e093d6 16669->16671 16670->16671 16673 7ff726e093ec __std_exception_destroy 16670->16673 16672 7ff726e093f3 MultiByteToWideChar 16671->16672 16671->16673 16672->16673 16673->16474 17530 7ff726e06360 16674->17530 16688 7ff726e01ca5 16687->16688 16689 7ff726e14984 49 API calls 16688->16689 16690 7ff726e01cc8 16689->16690 16690->16407 16692 7ff726e09390 2 API calls 16691->16692 16693 7ff726e089b4 16692->16693 17900 7ff726e18238 16693->17900 16695 7ff726e089c6 __std_exception_destroy 16695->16421 16697 7ff726e045cc 16696->16697 16698 7ff726e09390 2 API calls 16697->16698 16699 7ff726e045f4 16698->16699 16700 7ff726e09390 2 API calls 16699->16700 16701 7ff726e04607 16700->16701 17918 7ff726e15f94 16701->17918 16704 7ff726e0c550 _log10_special 8 API calls 16705 7ff726e0392b 16704->16705 16705->16410 16706 7ff726e07f90 16705->16706 16707 7ff726e07fb4 16706->16707 16708 7ff726e106d4 73 API calls 16707->16708 16713 7ff726e0808b __std_exception_destroy 16707->16713 16709 7ff726e07fd0 16708->16709 16709->16713 18310 7ff726e178c8 16709->18310 16711 7ff726e106d4 73 API calls 16714 7ff726e07fe5 16711->16714 16712 7ff726e1039c _fread_nolock 53 API calls 16712->16714 16713->16414 16714->16711 16714->16712 16714->16713 16716 7ff726e1007c 16715->16716 18325 7ff726e0fe28 16716->18325 16718 7ff726e10095 16718->16410 16720 7ff726e0c850 16719->16720 16721 7ff726e02734 GetCurrentProcessId 16720->16721 16722 7ff726e01c80 49 API calls 16721->16722 16723 7ff726e02787 16722->16723 16724 7ff726e14984 49 API calls 16723->16724 16725 7ff726e027cf 16724->16725 16726 7ff726e02620 12 API calls 16725->16726 16727 7ff726e027f1 16726->16727 16728 7ff726e0c550 _log10_special 8 API calls 16727->16728 16729 7ff726e02801 16728->16729 16729->16478 16731 7ff726e09390 2 API calls 16730->16731 16732 7ff726e0895c 16731->16732 16733 7ff726e09390 2 API calls 16732->16733 16734 7ff726e0896c 16733->16734 16735 7ff726e18238 38 API calls 16734->16735 16736 7ff726e0897a __std_exception_destroy 16735->16736 16736->16424 16738 7ff726e090f5 16737->16738 18336 7ff726e08570 GetCurrentProcess OpenProcessToken 16738->18336 16741 7ff726e08570 7 API calls 16742 7ff726e09121 16741->16742 16743 7ff726e0913a 16742->16743 16744 7ff726e09154 16742->16744 16745 7ff726e026b0 48 API calls 16743->16745 16746 7ff726e026b0 48 API calls 16744->16746 16747 7ff726e09152 16745->16747 16748 7ff726e09167 LocalFree LocalFree 16746->16748 16747->16748 16749 7ff726e09183 16748->16749 16751 7ff726e0918f 16748->16751 18346 7ff726e02b50 16749->18346 16752 7ff726e0c550 _log10_special 8 API calls 16751->16752 16753 7ff726e03c55 16752->16753 16753->16457 16753->16458 16755 7ff726e08678 16754->16755 16756 7ff726e086fa GetTempPathW GetCurrentProcessId 16755->16756 16758 7ff726e08830 14 API calls 16755->16758 18387 7ff726e025c0 16756->18387 16759 7ff726e086a8 16758->16759 16786 7ff726e01c80 49 API calls 16785->16786 16787 7ff726e044fd 16786->16787 16787->16451 16789 7ff726e01c80 49 API calls 16788->16789 16790 7ff726e04660 16789->16790 16790->16472 16792 7ff726e06dd5 16791->16792 16793 7ff726e03e64 16792->16793 16794 7ff726e14f08 _get_daylight 11 API calls 16792->16794 16876 7ff726e033ce __scrt_get_show_window_mode 16865->16876 16866 7ff726e0c550 _log10_special 8 API calls 16868 7ff726e03664 16866->16868 16867 7ff726e035c7 16867->16866 16868->16478 16870 7ff726e01c80 49 API calls 16870->16876 16871 7ff726e035e2 16873 7ff726e02710 54 API calls 16871->16873 16872 7ff726e04560 10 API calls 16872->16876 16873->16867 16874 7ff726e07e20 52 API calls 16874->16876 16875 7ff726e035c9 16879 7ff726e02710 54 API calls 16875->16879 16876->16867 16876->16870 16876->16871 16876->16872 16876->16874 16876->16875 16878 7ff726e02a50 54 API calls 16876->16878 16881 7ff726e01600 118 API calls 16876->16881 16882 7ff726e035d0 16876->16882 18728 7ff726e07120 16876->18728 18732 7ff726e04190 16876->18732 18776 7ff726e04450 16876->18776 16878->16876 16879->16867 16881->16876 16883 7ff726e02710 54 API calls 16882->16883 16883->16867 16892 7ff726e1546c EnterCriticalSection 16885->16892 16894 7ff726e036bc GetModuleFileNameW 16893->16894 16894->16587 16894->16588 16896 7ff726e092bf FindClose 16895->16896 16897 7ff726e092d2 16895->16897 16896->16897 16898 7ff726e0c550 _log10_special 8 API calls 16897->16898 16899 7ff726e0371a 16898->16899 16899->16592 16899->16593 16901 7ff726e0c850 16900->16901 16902 7ff726e02c70 GetCurrentProcessId 16901->16902 16931 7ff726e026b0 16902->16931 16904 7ff726e02cb9 16935 7ff726e14bd8 16904->16935 16907 7ff726e026b0 48 API calls 16908 7ff726e02d34 FormatMessageW 16907->16908 16910 7ff726e02d7f MessageBoxW 16908->16910 16911 7ff726e02d6d 16908->16911 16913 7ff726e0c550 _log10_special 8 API calls 16910->16913 16912 7ff726e026b0 48 API calls 16911->16912 16912->16910 16914 7ff726e02daf 16913->16914 16914->16604 16916 7ff726e03730 16915->16916 16917 7ff726e09340 GetFinalPathNameByHandleW CloseHandle 16915->16917 16916->16600 16916->16601 16917->16916 16919 7ff726e02834 16918->16919 16920 7ff726e026b0 48 API calls 16919->16920 16921 7ff726e02887 16920->16921 16922 7ff726e14bd8 48 API calls 16921->16922 16923 7ff726e028d0 MessageBoxW 16922->16923 16924 7ff726e0c550 _log10_special 8 API calls 16923->16924 16925 7ff726e02900 16924->16925 16925->16604 16927 7ff726e0946a WideCharToMultiByte 16926->16927 16928 7ff726e09495 16926->16928 16927->16928 16930 7ff726e094ab __std_exception_destroy 16927->16930 16929 7ff726e094b2 WideCharToMultiByte 16928->16929 16928->16930 16929->16930 16930->16599 16932 7ff726e026d5 16931->16932 16933 7ff726e14bd8 48 API calls 16932->16933 16934 7ff726e026f8 16933->16934 16934->16904 16938 7ff726e14c32 16935->16938 16936 7ff726e14c57 16937 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 16936->16937 16941 7ff726e14c81 16937->16941 16938->16936 16939 7ff726e14c93 16938->16939 16953 7ff726e12f90 16939->16953 16943 7ff726e0c550 _log10_special 8 API calls 16941->16943 16942 7ff726e14d74 16944 7ff726e1a948 __free_lconv_mon 11 API calls 16942->16944 16945 7ff726e02d04 16943->16945 16944->16941 16945->16907 16947 7ff726e14d49 16950 7ff726e1a948 __free_lconv_mon 11 API calls 16947->16950 16948 7ff726e14d9a 16948->16942 16949 7ff726e14da4 16948->16949 16952 7ff726e1a948 __free_lconv_mon 11 API calls 16949->16952 16950->16941 16951 7ff726e14d40 16951->16942 16951->16947 16952->16941 16954 7ff726e12fce 16953->16954 16955 7ff726e12fbe 16953->16955 16956 7ff726e12fd7 16954->16956 16961 7ff726e13005 16954->16961 16957 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 16955->16957 16958 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 16956->16958 16959 7ff726e12ffd 16957->16959 16958->16959 16959->16942 16959->16947 16959->16948 16959->16951 16961->16955 16961->16959 16964 7ff726e139a4 16961->16964 16997 7ff726e133f0 16961->16997 17034 7ff726e12b80 16961->17034 16965 7ff726e13a57 16964->16965 16966 7ff726e139e6 16964->16966 16969 7ff726e13a5c 16965->16969 16970 7ff726e13ab0 16965->16970 16967 7ff726e139ec 16966->16967 16968 7ff726e13a81 16966->16968 16973 7ff726e13a20 16967->16973 16974 7ff726e139f1 16967->16974 17057 7ff726e11d54 16968->17057 16971 7ff726e13a5e 16969->16971 16972 7ff726e13a91 16969->16972 16976 7ff726e13ac7 16970->16976 16977 7ff726e13aba 16970->16977 16981 7ff726e13abf 16970->16981 16975 7ff726e13a00 16971->16975 16984 7ff726e13a6d 16971->16984 17064 7ff726e11944 16972->17064 16979 7ff726e139f7 16973->16979 16973->16981 16974->16976 16974->16979 16995 7ff726e13af0 16975->16995 17037 7ff726e14158 16975->17037 17071 7ff726e146ac 16976->17071 16977->16968 16977->16981 16979->16975 16985 7ff726e13a32 16979->16985 16992 7ff726e13a1b 16979->16992 16981->16995 17075 7ff726e12164 16981->17075 16984->16968 16987 7ff726e13a72 16984->16987 16985->16995 17047 7ff726e14494 16985->17047 16987->16995 17053 7ff726e14558 16987->17053 16989 7ff726e0c550 _log10_special 8 API calls 16991 7ff726e13dea 16989->16991 16991->16961 16992->16995 16996 7ff726e13cdc 16992->16996 17082 7ff726e147c0 16992->17082 16995->16989 16996->16995 17088 7ff726e1ea08 16996->17088 16998 7ff726e133fe 16997->16998 16999 7ff726e13414 16997->16999 17000 7ff726e13a57 16998->17000 17001 7ff726e139e6 16998->17001 17003 7ff726e13454 16998->17003 17002 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 16999->17002 16999->17003 17006 7ff726e13a5c 17000->17006 17007 7ff726e13ab0 17000->17007 17004 7ff726e139ec 17001->17004 17005 7ff726e13a81 17001->17005 17002->17003 17003->16961 17010 7ff726e13a20 17004->17010 17011 7ff726e139f1 17004->17011 17015 7ff726e11d54 38 API calls 17005->17015 17008 7ff726e13a5e 17006->17008 17009 7ff726e13a91 17006->17009 17013 7ff726e13ac7 17007->17013 17014 7ff726e13aba 17007->17014 17019 7ff726e13abf 17007->17019 17012 7ff726e13a00 17008->17012 17021 7ff726e13a6d 17008->17021 17017 7ff726e11944 38 API calls 17009->17017 17016 7ff726e139f7 17010->17016 17010->17019 17011->17013 17011->17016 17018 7ff726e14158 47 API calls 17012->17018 17032 7ff726e13af0 17012->17032 17020 7ff726e146ac 45 API calls 17013->17020 17014->17005 17014->17019 17031 7ff726e13a1b 17015->17031 17016->17012 17022 7ff726e13a32 17016->17022 17016->17031 17017->17031 17018->17031 17023 7ff726e12164 38 API calls 17019->17023 17019->17032 17020->17031 17021->17005 17024 7ff726e13a72 17021->17024 17025 7ff726e14494 46 API calls 17022->17025 17022->17032 17023->17031 17027 7ff726e14558 37 API calls 17024->17027 17024->17032 17025->17031 17026 7ff726e0c550 _log10_special 8 API calls 17028 7ff726e13dea 17026->17028 17027->17031 17028->16961 17029 7ff726e147c0 45 API calls 17033 7ff726e13cdc 17029->17033 17030 7ff726e1ea08 46 API calls 17030->17033 17031->17029 17031->17032 17031->17033 17032->17026 17033->17030 17033->17032 17273 7ff726e10fc8 17034->17273 17038 7ff726e1417e 17037->17038 17100 7ff726e10b80 17038->17100 17043 7ff726e142c3 17045 7ff726e147c0 45 API calls 17043->17045 17046 7ff726e14351 17043->17046 17044 7ff726e147c0 45 API calls 17044->17043 17045->17046 17046->16992 17049 7ff726e144c9 17047->17049 17048 7ff726e1450e 17048->16992 17049->17048 17050 7ff726e144e7 17049->17050 17051 7ff726e147c0 45 API calls 17049->17051 17052 7ff726e1ea08 46 API calls 17050->17052 17051->17050 17052->17048 17056 7ff726e14579 17053->17056 17054 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17055 7ff726e145aa 17054->17055 17055->16992 17056->17054 17056->17055 17059 7ff726e11d87 17057->17059 17058 7ff726e11db6 17063 7ff726e11df3 17058->17063 17243 7ff726e10c28 17058->17243 17059->17058 17061 7ff726e11e73 17059->17061 17062 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17061->17062 17062->17063 17063->16992 17065 7ff726e11977 17064->17065 17066 7ff726e119a6 17065->17066 17068 7ff726e11a63 17065->17068 17067 7ff726e10c28 12 API calls 17066->17067 17070 7ff726e119e3 17066->17070 17067->17070 17069 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17068->17069 17069->17070 17070->16992 17072 7ff726e146ef 17071->17072 17074 7ff726e146f3 __crtLCMapStringW 17072->17074 17251 7ff726e14748 17072->17251 17074->16992 17076 7ff726e12197 17075->17076 17077 7ff726e121c6 17076->17077 17079 7ff726e12283 17076->17079 17078 7ff726e10c28 12 API calls 17077->17078 17081 7ff726e12203 17077->17081 17078->17081 17080 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17079->17080 17080->17081 17081->16992 17083 7ff726e147d7 17082->17083 17255 7ff726e1d9b8 17083->17255 17090 7ff726e1ea39 17088->17090 17098 7ff726e1ea47 17088->17098 17089 7ff726e1ea67 17092 7ff726e1ea78 17089->17092 17093 7ff726e1ea9f 17089->17093 17090->17089 17091 7ff726e147c0 45 API calls 17090->17091 17090->17098 17091->17089 17263 7ff726e200a0 17092->17263 17095 7ff726e1eb2a 17093->17095 17096 7ff726e1eac9 17093->17096 17093->17098 17097 7ff726e1f8a0 _fread_nolock MultiByteToWideChar 17095->17097 17096->17098 17266 7ff726e1f8a0 17096->17266 17097->17098 17098->16996 17101 7ff726e10bb7 17100->17101 17107 7ff726e10ba6 17100->17107 17101->17107 17130 7ff726e1d5fc 17101->17130 17104 7ff726e10bf8 17106 7ff726e1a948 __free_lconv_mon 11 API calls 17104->17106 17105 7ff726e1a948 __free_lconv_mon 11 API calls 17105->17104 17106->17107 17108 7ff726e1e570 17107->17108 17109 7ff726e1e58d 17108->17109 17110 7ff726e1e5c0 17108->17110 17111 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17109->17111 17110->17109 17112 7ff726e1e5f2 17110->17112 17127 7ff726e142a1 17111->17127 17117 7ff726e1e705 17112->17117 17124 7ff726e1e63a 17112->17124 17113 7ff726e1e7f7 17170 7ff726e1da5c 17113->17170 17115 7ff726e1e7bd 17163 7ff726e1ddf4 17115->17163 17117->17113 17117->17115 17118 7ff726e1e78c 17117->17118 17119 7ff726e1e74f 17117->17119 17121 7ff726e1e745 17117->17121 17156 7ff726e1e0d4 17118->17156 17146 7ff726e1e304 17119->17146 17121->17115 17123 7ff726e1e74a 17121->17123 17123->17118 17123->17119 17124->17127 17137 7ff726e1a4a4 17124->17137 17127->17043 17127->17044 17128 7ff726e1a900 _isindst 17 API calls 17129 7ff726e1e854 17128->17129 17131 7ff726e1d647 17130->17131 17135 7ff726e1d60b _get_daylight 17130->17135 17132 7ff726e14f08 _get_daylight 11 API calls 17131->17132 17134 7ff726e10be4 17132->17134 17133 7ff726e1d62e HeapAlloc 17133->17134 17133->17135 17134->17104 17134->17105 17135->17131 17135->17133 17136 7ff726e23590 _get_daylight 2 API calls 17135->17136 17136->17135 17138 7ff726e1a4bb 17137->17138 17139 7ff726e1a4b1 17137->17139 17140 7ff726e14f08 _get_daylight 11 API calls 17138->17140 17139->17138 17144 7ff726e1a4d6 17139->17144 17141 7ff726e1a4c2 17140->17141 17142 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17141->17142 17143 7ff726e1a4ce 17142->17143 17143->17127 17143->17128 17144->17143 17145 7ff726e14f08 _get_daylight 11 API calls 17144->17145 17145->17141 17179 7ff726e240ac 17146->17179 17150 7ff726e1e3ac 17151 7ff726e1e401 17150->17151 17153 7ff726e1e3cc 17150->17153 17155 7ff726e1e3b0 17150->17155 17232 7ff726e1def0 17151->17232 17153->17153 17228 7ff726e1e1ac 17153->17228 17155->17127 17157 7ff726e240ac 38 API calls 17156->17157 17158 7ff726e1e11e 17157->17158 17159 7ff726e23af4 37 API calls 17158->17159 17160 7ff726e1e16e 17159->17160 17161 7ff726e1e172 17160->17161 17162 7ff726e1e1ac 45 API calls 17160->17162 17161->17127 17162->17161 17164 7ff726e240ac 38 API calls 17163->17164 17165 7ff726e1de3f 17164->17165 17166 7ff726e23af4 37 API calls 17165->17166 17167 7ff726e1de97 17166->17167 17168 7ff726e1de9b 17167->17168 17169 7ff726e1def0 45 API calls 17167->17169 17168->17127 17169->17168 17171 7ff726e1daa1 17170->17171 17172 7ff726e1dad4 17170->17172 17173 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17171->17173 17174 7ff726e1daec 17172->17174 17176 7ff726e1db6d 17172->17176 17178 7ff726e1dacd __scrt_get_show_window_mode 17173->17178 17175 7ff726e1ddf4 46 API calls 17174->17175 17175->17178 17177 7ff726e147c0 45 API calls 17176->17177 17176->17178 17177->17178 17178->17127 17180 7ff726e240ff fegetenv 17179->17180 17181 7ff726e27e2c 37 API calls 17180->17181 17185 7ff726e24152 17181->17185 17182 7ff726e2417f 17187 7ff726e1a4a4 __std_exception_copy 37 API calls 17182->17187 17183 7ff726e24242 17184 7ff726e27e2c 37 API calls 17183->17184 17186 7ff726e2426c 17184->17186 17185->17183 17188 7ff726e2416d 17185->17188 17189 7ff726e2421c 17185->17189 17190 7ff726e27e2c 37 API calls 17186->17190 17191 7ff726e241fd 17187->17191 17188->17182 17188->17183 17194 7ff726e1a4a4 __std_exception_copy 37 API calls 17189->17194 17192 7ff726e2427d 17190->17192 17193 7ff726e25324 17191->17193 17198 7ff726e24205 17191->17198 17195 7ff726e28020 20 API calls 17192->17195 17196 7ff726e1a900 _isindst 17 API calls 17193->17196 17194->17191 17206 7ff726e242e6 __scrt_get_show_window_mode 17195->17206 17197 7ff726e25339 17196->17197 17199 7ff726e0c550 _log10_special 8 API calls 17198->17199 17200 7ff726e1e351 17199->17200 17224 7ff726e23af4 17200->17224 17201 7ff726e2468f __scrt_get_show_window_mode 17202 7ff726e249cf 17203 7ff726e23c10 37 API calls 17202->17203 17211 7ff726e250e7 17203->17211 17204 7ff726e2497b 17204->17202 17207 7ff726e2533c memcpy_s 37 API calls 17204->17207 17205 7ff726e24327 memcpy_s 17209 7ff726e24c6b memcpy_s __scrt_get_show_window_mode 17205->17209 17214 7ff726e24783 memcpy_s __scrt_get_show_window_mode 17205->17214 17206->17201 17206->17205 17208 7ff726e14f08 _get_daylight 11 API calls 17206->17208 17207->17202 17210 7ff726e24760 17208->17210 17209->17202 17209->17204 17219 7ff726e14f08 11 API calls _get_daylight 17209->17219 17222 7ff726e1a8e0 37 API calls _invalid_parameter_noinfo 17209->17222 17212 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17210->17212 17213 7ff726e25142 17211->17213 17215 7ff726e2533c memcpy_s 37 API calls 17211->17215 17212->17205 17216 7ff726e252c8 17213->17216 17221 7ff726e23c10 37 API calls 17213->17221 17223 7ff726e2533c memcpy_s 37 API calls 17213->17223 17214->17204 17217 7ff726e14f08 11 API calls _get_daylight 17214->17217 17220 7ff726e1a8e0 37 API calls _invalid_parameter_noinfo 17214->17220 17215->17213 17218 7ff726e27e2c 37 API calls 17216->17218 17217->17214 17218->17198 17219->17209 17220->17214 17221->17213 17222->17209 17223->17213 17225 7ff726e23b13 17224->17225 17226 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17225->17226 17227 7ff726e23b3e memcpy_s 17225->17227 17226->17227 17227->17150 17229 7ff726e1e1d8 memcpy_s 17228->17229 17230 7ff726e147c0 45 API calls 17229->17230 17231 7ff726e1e292 memcpy_s __scrt_get_show_window_mode 17229->17231 17230->17231 17231->17155 17233 7ff726e1df2b 17232->17233 17237 7ff726e1df78 memcpy_s 17232->17237 17234 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17233->17234 17235 7ff726e1df57 17234->17235 17235->17155 17236 7ff726e1dfe3 17238 7ff726e1a4a4 __std_exception_copy 37 API calls 17236->17238 17237->17236 17239 7ff726e147c0 45 API calls 17237->17239 17242 7ff726e1e025 memcpy_s 17238->17242 17239->17236 17240 7ff726e1a900 _isindst 17 API calls 17241 7ff726e1e0d0 17240->17241 17242->17240 17244 7ff726e10c5f 17243->17244 17250 7ff726e10c4e 17243->17250 17245 7ff726e1d5fc _fread_nolock 12 API calls 17244->17245 17244->17250 17246 7ff726e10c90 17245->17246 17247 7ff726e10ca4 17246->17247 17248 7ff726e1a948 __free_lconv_mon 11 API calls 17246->17248 17249 7ff726e1a948 __free_lconv_mon 11 API calls 17247->17249 17248->17247 17249->17250 17250->17063 17252 7ff726e1476e 17251->17252 17253 7ff726e14766 17251->17253 17252->17074 17254 7ff726e147c0 45 API calls 17253->17254 17254->17252 17256 7ff726e147ff 17255->17256 17257 7ff726e1d9d1 17255->17257 17259 7ff726e1da24 17256->17259 17257->17256 17258 7ff726e23304 45 API calls 17257->17258 17258->17256 17260 7ff726e1480f 17259->17260 17261 7ff726e1da3d 17259->17261 17260->16996 17261->17260 17262 7ff726e22650 45 API calls 17261->17262 17262->17260 17269 7ff726e26d88 17263->17269 17268 7ff726e1f8a9 MultiByteToWideChar 17266->17268 17272 7ff726e26dec 17269->17272 17270 7ff726e0c550 _log10_special 8 API calls 17271 7ff726e200bd 17270->17271 17271->17098 17272->17270 17274 7ff726e10ffd 17273->17274 17275 7ff726e1100f 17273->17275 17276 7ff726e14f08 _get_daylight 11 API calls 17274->17276 17277 7ff726e1101d 17275->17277 17282 7ff726e11059 17275->17282 17278 7ff726e11002 17276->17278 17279 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17277->17279 17280 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17278->17280 17281 7ff726e1100d 17279->17281 17280->17281 17281->16961 17283 7ff726e113d5 17282->17283 17285 7ff726e14f08 _get_daylight 11 API calls 17282->17285 17283->17281 17284 7ff726e14f08 _get_daylight 11 API calls 17283->17284 17286 7ff726e11669 17284->17286 17287 7ff726e113ca 17285->17287 17288 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17286->17288 17289 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17287->17289 17288->17281 17289->17283 17291 7ff726e10704 17290->17291 17318 7ff726e10464 17291->17318 17293 7ff726e1071d 17293->16616 17330 7ff726e103bc 17294->17330 17298 7ff726e0c850 17297->17298 17299 7ff726e02930 GetCurrentProcessId 17298->17299 17300 7ff726e01c80 49 API calls 17299->17300 17301 7ff726e02979 17300->17301 17344 7ff726e14984 17301->17344 17306 7ff726e01c80 49 API calls 17307 7ff726e029ff 17306->17307 17374 7ff726e02620 17307->17374 17310 7ff726e0c550 _log10_special 8 API calls 17311 7ff726e02a31 17310->17311 17311->16655 17313 7ff726e10119 17312->17313 17315 7ff726e01b89 17312->17315 17314 7ff726e14f08 _get_daylight 11 API calls 17313->17314 17316 7ff726e1011e 17314->17316 17315->16654 17315->16655 17317 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17316->17317 17317->17315 17319 7ff726e104ce 17318->17319 17320 7ff726e1048e 17318->17320 17319->17320 17322 7ff726e104da 17319->17322 17321 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17320->17321 17324 7ff726e104b5 17321->17324 17329 7ff726e1546c EnterCriticalSection 17322->17329 17324->17293 17331 7ff726e01a20 17330->17331 17332 7ff726e103e6 17330->17332 17331->16624 17331->16625 17332->17331 17333 7ff726e10432 17332->17333 17334 7ff726e103f5 __scrt_get_show_window_mode 17332->17334 17343 7ff726e1546c EnterCriticalSection 17333->17343 17336 7ff726e14f08 _get_daylight 11 API calls 17334->17336 17338 7ff726e1040a 17336->17338 17340 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17338->17340 17340->17331 17346 7ff726e149de 17344->17346 17345 7ff726e14a03 17347 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17345->17347 17346->17345 17348 7ff726e14a3f 17346->17348 17350 7ff726e14a2d 17347->17350 17383 7ff726e12c10 17348->17383 17352 7ff726e0c550 _log10_special 8 API calls 17350->17352 17351 7ff726e14b1c 17353 7ff726e1a948 __free_lconv_mon 11 API calls 17351->17353 17354 7ff726e029c3 17352->17354 17353->17350 17362 7ff726e15160 17354->17362 17356 7ff726e14b40 17356->17351 17358 7ff726e14b4a 17356->17358 17357 7ff726e14af1 17359 7ff726e1a948 __free_lconv_mon 11 API calls 17357->17359 17361 7ff726e1a948 __free_lconv_mon 11 API calls 17358->17361 17359->17350 17360 7ff726e14ae8 17360->17351 17360->17357 17361->17350 17363 7ff726e1b2c8 _get_daylight 11 API calls 17362->17363 17364 7ff726e15177 17363->17364 17365 7ff726e029e5 17364->17365 17366 7ff726e1eb98 _get_daylight 11 API calls 17364->17366 17369 7ff726e151b7 17364->17369 17365->17306 17367 7ff726e151ac 17366->17367 17368 7ff726e1a948 __free_lconv_mon 11 API calls 17367->17368 17368->17369 17369->17365 17521 7ff726e1ec20 17369->17521 17372 7ff726e1a900 _isindst 17 API calls 17373 7ff726e151fc 17372->17373 17375 7ff726e0262f 17374->17375 17376 7ff726e09390 2 API calls 17375->17376 17377 7ff726e02660 17376->17377 17378 7ff726e02683 MessageBoxA 17377->17378 17379 7ff726e0266f MessageBoxW 17377->17379 17380 7ff726e02690 17378->17380 17379->17380 17381 7ff726e0c550 _log10_special 8 API calls 17380->17381 17382 7ff726e026a0 17381->17382 17382->17310 17384 7ff726e12c4e 17383->17384 17385 7ff726e12c3e 17383->17385 17386 7ff726e12c57 17384->17386 17395 7ff726e12c85 17384->17395 17387 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17385->17387 17388 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17386->17388 17389 7ff726e12c7d 17387->17389 17388->17389 17389->17351 17389->17356 17389->17357 17389->17360 17390 7ff726e147c0 45 API calls 17390->17395 17392 7ff726e12f34 17394 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17392->17394 17394->17385 17395->17385 17395->17389 17395->17390 17395->17392 17397 7ff726e135a0 17395->17397 17423 7ff726e13268 17395->17423 17453 7ff726e12af0 17395->17453 17398 7ff726e135e2 17397->17398 17399 7ff726e13655 17397->17399 17402 7ff726e135e8 17398->17402 17403 7ff726e1367f 17398->17403 17400 7ff726e1365a 17399->17400 17401 7ff726e136af 17399->17401 17404 7ff726e1365c 17400->17404 17405 7ff726e1368f 17400->17405 17401->17403 17411 7ff726e13618 17401->17411 17415 7ff726e136be 17401->17415 17410 7ff726e135ed 17402->17410 17402->17415 17470 7ff726e11b50 17403->17470 17406 7ff726e135fd 17404->17406 17414 7ff726e1366b 17404->17414 17477 7ff726e11740 17405->17477 17422 7ff726e136ed 17406->17422 17456 7ff726e13f04 17406->17456 17410->17406 17410->17411 17413 7ff726e13630 17410->17413 17411->17422 17491 7ff726e1e858 17411->17491 17413->17422 17466 7ff726e143c0 17413->17466 17414->17403 17416 7ff726e13670 17414->17416 17415->17422 17484 7ff726e11f60 17415->17484 17419 7ff726e14558 37 API calls 17416->17419 17416->17422 17418 7ff726e0c550 _log10_special 8 API calls 17420 7ff726e13983 17418->17420 17419->17411 17420->17395 17422->17418 17424 7ff726e13289 17423->17424 17425 7ff726e13273 17423->17425 17426 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17424->17426 17427 7ff726e132c7 17424->17427 17425->17427 17428 7ff726e135e2 17425->17428 17429 7ff726e13655 17425->17429 17426->17427 17427->17395 17432 7ff726e135e8 17428->17432 17433 7ff726e1367f 17428->17433 17430 7ff726e1365a 17429->17430 17431 7ff726e136af 17429->17431 17434 7ff726e1365c 17430->17434 17435 7ff726e1368f 17430->17435 17431->17433 17442 7ff726e136be 17431->17442 17451 7ff726e13618 17431->17451 17440 7ff726e135ed 17432->17440 17432->17442 17437 7ff726e11b50 38 API calls 17433->17437 17436 7ff726e135fd 17434->17436 17444 7ff726e1366b 17434->17444 17438 7ff726e11740 38 API calls 17435->17438 17439 7ff726e13f04 47 API calls 17436->17439 17452 7ff726e136ed 17436->17452 17437->17451 17438->17451 17439->17451 17440->17436 17441 7ff726e13630 17440->17441 17440->17451 17445 7ff726e143c0 47 API calls 17441->17445 17441->17452 17443 7ff726e11f60 38 API calls 17442->17443 17442->17452 17443->17451 17444->17433 17446 7ff726e13670 17444->17446 17445->17451 17448 7ff726e14558 37 API calls 17446->17448 17446->17452 17447 7ff726e0c550 _log10_special 8 API calls 17449 7ff726e13983 17447->17449 17448->17451 17449->17395 17450 7ff726e1e858 47 API calls 17450->17451 17451->17450 17451->17452 17452->17447 17504 7ff726e10d14 17453->17504 17457 7ff726e13f26 17456->17457 17458 7ff726e10b80 12 API calls 17457->17458 17459 7ff726e13f6e 17458->17459 17460 7ff726e1e570 46 API calls 17459->17460 17461 7ff726e14041 17460->17461 17462 7ff726e147c0 45 API calls 17461->17462 17465 7ff726e14063 17461->17465 17462->17465 17463 7ff726e140ec 17463->17411 17463->17463 17464 7ff726e147c0 45 API calls 17464->17463 17465->17463 17465->17464 17465->17465 17467 7ff726e143d8 17466->17467 17469 7ff726e14440 17466->17469 17468 7ff726e1e858 47 API calls 17467->17468 17467->17469 17468->17469 17469->17411 17471 7ff726e11b83 17470->17471 17472 7ff726e11bb2 17471->17472 17474 7ff726e11c6f 17471->17474 17473 7ff726e10b80 12 API calls 17472->17473 17476 7ff726e11bef 17472->17476 17473->17476 17475 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17474->17475 17475->17476 17476->17411 17479 7ff726e11773 17477->17479 17478 7ff726e117a2 17480 7ff726e10b80 12 API calls 17478->17480 17483 7ff726e117df 17478->17483 17479->17478 17481 7ff726e1185f 17479->17481 17480->17483 17482 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17481->17482 17482->17483 17483->17411 17486 7ff726e11f93 17484->17486 17485 7ff726e11fc2 17487 7ff726e10b80 12 API calls 17485->17487 17490 7ff726e11fff 17485->17490 17486->17485 17488 7ff726e1207f 17486->17488 17487->17490 17489 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17488->17489 17489->17490 17490->17411 17492 7ff726e1e880 17491->17492 17493 7ff726e1e8c5 17492->17493 17494 7ff726e147c0 45 API calls 17492->17494 17496 7ff726e1e885 __scrt_get_show_window_mode 17492->17496 17500 7ff726e1e8ae __scrt_get_show_window_mode 17492->17500 17493->17496 17493->17500 17501 7ff726e207e8 17493->17501 17494->17493 17495 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17495->17496 17496->17411 17500->17495 17500->17496 17503 7ff726e2080c WideCharToMultiByte 17501->17503 17505 7ff726e10d41 17504->17505 17506 7ff726e10d53 17504->17506 17507 7ff726e14f08 _get_daylight 11 API calls 17505->17507 17508 7ff726e10d60 17506->17508 17512 7ff726e10d9d 17506->17512 17509 7ff726e10d46 17507->17509 17510 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 17508->17510 17511 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17509->17511 17517 7ff726e10d51 17510->17517 17511->17517 17513 7ff726e14f08 _get_daylight 11 API calls 17512->17513 17520 7ff726e10e46 17512->17520 17515 7ff726e10e3b 17513->17515 17514 7ff726e14f08 _get_daylight 11 API calls 17516 7ff726e10ef0 17514->17516 17518 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17515->17518 17519 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17516->17519 17517->17395 17518->17520 17519->17517 17520->17514 17520->17517 17526 7ff726e1ec3d 17521->17526 17522 7ff726e1ec42 17523 7ff726e151dd 17522->17523 17524 7ff726e14f08 _get_daylight 11 API calls 17522->17524 17523->17365 17523->17372 17525 7ff726e1ec4c 17524->17525 17527 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17525->17527 17526->17522 17526->17523 17528 7ff726e1ec8c 17526->17528 17527->17523 17528->17523 17529 7ff726e14f08 _get_daylight 11 API calls 17528->17529 17529->17525 17531 7ff726e06375 17530->17531 17532 7ff726e01c80 49 API calls 17531->17532 17901 7ff726e18258 17900->17901 17902 7ff726e18245 17900->17902 17910 7ff726e17ebc 17901->17910 17904 7ff726e14f08 _get_daylight 11 API calls 17902->17904 17906 7ff726e1824a 17904->17906 17907 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17906->17907 17909 7ff726e18256 17907->17909 17909->16695 17917 7ff726e202d8 EnterCriticalSection 17910->17917 17919 7ff726e15ec8 17918->17919 17920 7ff726e15eee 17919->17920 17923 7ff726e15f21 17919->17923 17921 7ff726e14f08 _get_daylight 11 API calls 17920->17921 17922 7ff726e15ef3 17921->17922 17924 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 17922->17924 17925 7ff726e15f27 17923->17925 17926 7ff726e15f34 17923->17926 17936 7ff726e04616 17924->17936 17928 7ff726e14f08 _get_daylight 11 API calls 17925->17928 17937 7ff726e1ac28 17926->17937 17928->17936 17936->16704 17950 7ff726e202d8 EnterCriticalSection 17937->17950 18311 7ff726e178f8 18310->18311 18314 7ff726e173d4 18311->18314 18313 7ff726e17911 18313->16714 18315 7ff726e1741e 18314->18315 18316 7ff726e173ef 18314->18316 18324 7ff726e1546c EnterCriticalSection 18315->18324 18318 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 18316->18318 18319 7ff726e1740f 18318->18319 18319->18313 18326 7ff726e0fe71 18325->18326 18327 7ff726e0fe43 18325->18327 18334 7ff726e0fe63 18326->18334 18335 7ff726e1546c EnterCriticalSection 18326->18335 18328 7ff726e1a814 _invalid_parameter_noinfo 37 API calls 18327->18328 18328->18334 18334->16718 18337 7ff726e085b1 GetTokenInformation 18336->18337 18338 7ff726e08633 __std_exception_destroy 18336->18338 18339 7ff726e085dd 18337->18339 18340 7ff726e085d2 GetLastError 18337->18340 18341 7ff726e0864c 18338->18341 18342 7ff726e08646 CloseHandle 18338->18342 18339->18338 18343 7ff726e085f9 GetTokenInformation 18339->18343 18340->18338 18340->18339 18341->16741 18342->18341 18343->18338 18344 7ff726e0861c 18343->18344 18344->18338 18345 7ff726e08626 ConvertSidToStringSidW 18344->18345 18345->18338 18347 7ff726e0c850 18346->18347 18348 7ff726e02b74 GetCurrentProcessId 18347->18348 18349 7ff726e026b0 48 API calls 18348->18349 18350 7ff726e02bc7 18349->18350 18351 7ff726e14bd8 48 API calls 18350->18351 18352 7ff726e02c10 MessageBoxW 18351->18352 18353 7ff726e0c550 _log10_special 8 API calls 18352->18353 18388 7ff726e025e5 18387->18388 18729 7ff726e0718b 18728->18729 18731 7ff726e07144 18728->18731 18729->16876 18730 7ff726e15024 45 API calls 18730->18731 18731->18729 18731->18730 18733 7ff726e041a1 18732->18733 18734 7ff726e044e0 49 API calls 18733->18734 18777 7ff726e01c80 49 API calls 18776->18777 18778 7ff726e04474 18777->18778 18778->16876 18839 7ff726e1b150 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18838->18839 18840 7ff726e1a3e1 18839->18840 18841 7ff726e1a504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18840->18841 18842 7ff726e1a401 18841->18842 15920 7ff726e15628 15921 7ff726e1565f 15920->15921 15922 7ff726e15642 15920->15922 15921->15922 15924 7ff726e15672 CreateFileW 15921->15924 15945 7ff726e14ee8 15922->15945 15926 7ff726e156dc 15924->15926 15927 7ff726e156a6 15924->15927 15980 7ff726e15c04 15926->15980 15954 7ff726e1577c GetFileType 15927->15954 15934 7ff726e156bb CloseHandle 15939 7ff726e1565a 15934->15939 15935 7ff726e156d1 CloseHandle 15935->15939 15936 7ff726e15710 16006 7ff726e159c4 15936->16006 15937 7ff726e156e5 16001 7ff726e14e7c 15937->16001 15942 7ff726e156ef 15942->15939 16023 7ff726e1b2c8 GetLastError 15945->16023 15947 7ff726e14ef1 15948 7ff726e14f08 15947->15948 15949 7ff726e1b2c8 _get_daylight 11 API calls 15948->15949 15950 7ff726e14f11 15949->15950 15951 7ff726e1a8e0 15950->15951 16081 7ff726e1a778 15951->16081 15953 7ff726e1a8f9 15953->15939 15955 7ff726e15887 15954->15955 15956 7ff726e157ca 15954->15956 15958 7ff726e1588f 15955->15958 15959 7ff726e158b1 15955->15959 15957 7ff726e157f6 GetFileInformationByHandle 15956->15957 15960 7ff726e15b00 21 API calls 15956->15960 15961 7ff726e1581f 15957->15961 15962 7ff726e158a2 GetLastError 15957->15962 15958->15962 15963 7ff726e15893 15958->15963 15964 7ff726e158d4 PeekNamedPipe 15959->15964 15971 7ff726e15872 15959->15971 15965 7ff726e157e4 15960->15965 15966 7ff726e159c4 51 API calls 15961->15966 15968 7ff726e14e7c _fread_nolock 11 API calls 15962->15968 15967 7ff726e14f08 _get_daylight 11 API calls 15963->15967 15964->15971 15965->15957 15965->15971 15970 7ff726e1582a 15966->15970 15967->15971 15968->15971 15969 7ff726e0c550 _log10_special 8 API calls 15972 7ff726e156b4 15969->15972 16147 7ff726e15924 15970->16147 15971->15969 15972->15934 15972->15935 15975 7ff726e15924 10 API calls 15976 7ff726e15849 15975->15976 15977 7ff726e15924 10 API calls 15976->15977 15978 7ff726e1585a 15977->15978 15978->15971 15979 7ff726e14f08 _get_daylight 11 API calls 15978->15979 15979->15971 15981 7ff726e15c3a 15980->15981 15982 7ff726e14f08 _get_daylight 11 API calls 15981->15982 16000 7ff726e15cd2 __std_exception_destroy 15981->16000 15984 7ff726e15c4c 15982->15984 15983 7ff726e0c550 _log10_special 8 API calls 15985 7ff726e156e1 15983->15985 15986 7ff726e14f08 _get_daylight 11 API calls 15984->15986 15985->15936 15985->15937 15987 7ff726e15c54 15986->15987 16154 7ff726e17e08 15987->16154 15989 7ff726e15c69 15990 7ff726e15c7b 15989->15990 15991 7ff726e15c71 15989->15991 15993 7ff726e14f08 _get_daylight 11 API calls 15990->15993 15992 7ff726e14f08 _get_daylight 11 API calls 15991->15992 15997 7ff726e15c76 15992->15997 15994 7ff726e15c80 15993->15994 15995 7ff726e14f08 _get_daylight 11 API calls 15994->15995 15994->16000 15996 7ff726e15c8a 15995->15996 15998 7ff726e17e08 45 API calls 15996->15998 15999 7ff726e15cc4 GetDriveTypeW 15997->15999 15997->16000 15998->15997 15999->16000 16000->15983 16002 7ff726e1b2c8 _get_daylight 11 API calls 16001->16002 16003 7ff726e14e89 __free_lconv_mon 16002->16003 16004 7ff726e1b2c8 _get_daylight 11 API calls 16003->16004 16005 7ff726e14eab 16004->16005 16005->15942 16008 7ff726e159ec 16006->16008 16007 7ff726e1571d 16016 7ff726e15b00 16007->16016 16008->16007 16248 7ff726e1f724 16008->16248 16010 7ff726e15a80 16010->16007 16011 7ff726e1f724 51 API calls 16010->16011 16012 7ff726e15a93 16011->16012 16012->16007 16013 7ff726e1f724 51 API calls 16012->16013 16014 7ff726e15aa6 16013->16014 16014->16007 16015 7ff726e1f724 51 API calls 16014->16015 16015->16007 16017 7ff726e15b1a 16016->16017 16018 7ff726e15b51 16017->16018 16019 7ff726e15b2a 16017->16019 16020 7ff726e1f5b8 21 API calls 16018->16020 16021 7ff726e14e7c _fread_nolock 11 API calls 16019->16021 16022 7ff726e15b3a 16019->16022 16020->16022 16021->16022 16022->15942 16024 7ff726e1b309 FlsSetValue 16023->16024 16030 7ff726e1b2ec 16023->16030 16025 7ff726e1b31b 16024->16025 16029 7ff726e1b2f9 SetLastError 16024->16029 16040 7ff726e1eb98 16025->16040 16028 7ff726e1b32a 16031 7ff726e1b348 FlsSetValue 16028->16031 16032 7ff726e1b338 FlsSetValue 16028->16032 16029->15947 16030->16024 16030->16029 16034 7ff726e1b354 FlsSetValue 16031->16034 16035 7ff726e1b366 16031->16035 16033 7ff726e1b341 16032->16033 16047 7ff726e1a948 16033->16047 16034->16033 16053 7ff726e1aef4 16035->16053 16045 7ff726e1eba9 _get_daylight 16040->16045 16041 7ff726e1ebfa 16044 7ff726e14f08 _get_daylight 10 API calls 16041->16044 16042 7ff726e1ebde HeapAlloc 16043 7ff726e1ebf8 16042->16043 16042->16045 16043->16028 16044->16043 16045->16041 16045->16042 16058 7ff726e23590 16045->16058 16048 7ff726e1a94d HeapFree 16047->16048 16049 7ff726e1a97c 16047->16049 16048->16049 16050 7ff726e1a968 GetLastError 16048->16050 16049->16029 16051 7ff726e1a975 __free_lconv_mon 16050->16051 16052 7ff726e14f08 _get_daylight 9 API calls 16051->16052 16052->16049 16067 7ff726e1adcc 16053->16067 16061 7ff726e235d0 16058->16061 16066 7ff726e202d8 EnterCriticalSection 16061->16066 16079 7ff726e202d8 EnterCriticalSection 16067->16079 16082 7ff726e1a7a3 16081->16082 16085 7ff726e1a814 16082->16085 16084 7ff726e1a7ca 16084->15953 16095 7ff726e1a55c 16085->16095 16089 7ff726e1a84f 16089->16084 16096 7ff726e1a578 GetLastError 16095->16096 16097 7ff726e1a5b3 16095->16097 16098 7ff726e1a588 16096->16098 16097->16089 16101 7ff726e1a5c8 16097->16101 16108 7ff726e1b390 16098->16108 16102 7ff726e1a5fc 16101->16102 16103 7ff726e1a5e4 GetLastError SetLastError 16101->16103 16102->16089 16104 7ff726e1a900 IsProcessorFeaturePresent 16102->16104 16103->16102 16105 7ff726e1a913 16104->16105 16125 7ff726e1a614 16105->16125 16109 7ff726e1b3ca FlsSetValue 16108->16109 16110 7ff726e1b3af FlsGetValue 16108->16110 16112 7ff726e1b3d7 16109->16112 16113 7ff726e1a5a3 SetLastError 16109->16113 16111 7ff726e1b3c4 16110->16111 16110->16113 16111->16109 16114 7ff726e1eb98 _get_daylight 11 API calls 16112->16114 16113->16097 16115 7ff726e1b3e6 16114->16115 16116 7ff726e1b404 FlsSetValue 16115->16116 16117 7ff726e1b3f4 FlsSetValue 16115->16117 16119 7ff726e1b410 FlsSetValue 16116->16119 16120 7ff726e1b422 16116->16120 16118 7ff726e1b3fd 16117->16118 16121 7ff726e1a948 __free_lconv_mon 11 API calls 16118->16121 16119->16118 16122 7ff726e1aef4 _get_daylight 11 API calls 16120->16122 16121->16113 16123 7ff726e1b42a 16122->16123 16124 7ff726e1a948 __free_lconv_mon 11 API calls 16123->16124 16124->16113 16126 7ff726e1a64e _isindst __scrt_get_show_window_mode 16125->16126 16127 7ff726e1a676 RtlCaptureContext RtlLookupFunctionEntry 16126->16127 16128 7ff726e1a6b0 RtlVirtualUnwind 16127->16128 16129 7ff726e1a6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16127->16129 16128->16129 16130 7ff726e1a738 _isindst 16129->16130 16133 7ff726e0c550 16130->16133 16134 7ff726e0c559 16133->16134 16135 7ff726e0c564 GetCurrentProcess TerminateProcess 16134->16135 16136 7ff726e0c8e0 IsProcessorFeaturePresent 16134->16136 16137 7ff726e0c8f8 16136->16137 16142 7ff726e0cad8 RtlCaptureContext 16137->16142 16143 7ff726e0caf2 RtlLookupFunctionEntry 16142->16143 16144 7ff726e0cb08 RtlVirtualUnwind 16143->16144 16145 7ff726e0c90b 16143->16145 16144->16143 16144->16145 16146 7ff726e0c8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16145->16146 16148 7ff726e1594d FileTimeToSystemTime 16147->16148 16149 7ff726e15940 16147->16149 16150 7ff726e15948 16148->16150 16151 7ff726e15961 SystemTimeToTzSpecificLocalTime 16148->16151 16149->16148 16149->16150 16152 7ff726e0c550 _log10_special 8 API calls 16150->16152 16151->16150 16153 7ff726e15839 16152->16153 16153->15975 16155 7ff726e17e92 16154->16155 16156 7ff726e17e24 16154->16156 16191 7ff726e207c0 16155->16191 16156->16155 16157 7ff726e17e29 16156->16157 16159 7ff726e17e5e 16157->16159 16160 7ff726e17e41 16157->16160 16174 7ff726e17c4c GetFullPathNameW 16159->16174 16166 7ff726e17bd8 GetFullPathNameW 16160->16166 16165 7ff726e17e56 __std_exception_destroy 16165->15989 16167 7ff726e17bfe GetLastError 16166->16167 16169 7ff726e17c14 16166->16169 16168 7ff726e14e7c _fread_nolock 11 API calls 16167->16168 16170 7ff726e17c0b 16168->16170 16171 7ff726e17c10 16169->16171 16172 7ff726e14f08 _get_daylight 11 API calls 16169->16172 16173 7ff726e14f08 _get_daylight 11 API calls 16170->16173 16171->16165 16172->16171 16173->16171 16175 7ff726e17c7f GetLastError 16174->16175 16178 7ff726e17c95 __std_exception_destroy 16174->16178 16176 7ff726e14e7c _fread_nolock 11 API calls 16175->16176 16177 7ff726e17c8c 16176->16177 16179 7ff726e14f08 _get_daylight 11 API calls 16177->16179 16180 7ff726e17c91 16178->16180 16181 7ff726e17cef GetFullPathNameW 16178->16181 16179->16180 16182 7ff726e17d24 16180->16182 16181->16175 16181->16180 16186 7ff726e17d98 memcpy_s 16182->16186 16187 7ff726e17d4d __scrt_get_show_window_mode 16182->16187 16183 7ff726e17d81 16184 7ff726e14f08 _get_daylight 11 API calls 16183->16184 16185 7ff726e17d86 16184->16185 16188 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16185->16188 16186->16165 16187->16183 16187->16186 16189 7ff726e17dba 16187->16189 16188->16186 16189->16186 16190 7ff726e14f08 _get_daylight 11 API calls 16189->16190 16190->16185 16194 7ff726e205d0 16191->16194 16195 7ff726e205fb 16194->16195 16196 7ff726e20612 16194->16196 16197 7ff726e14f08 _get_daylight 11 API calls 16195->16197 16198 7ff726e20637 16196->16198 16199 7ff726e20616 16196->16199 16201 7ff726e20600 16197->16201 16232 7ff726e1f5b8 16198->16232 16220 7ff726e2073c 16199->16220 16205 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16201->16205 16203 7ff726e2063c 16208 7ff726e206e1 16203->16208 16215 7ff726e20663 16203->16215 16216 7ff726e2060b __std_exception_destroy 16205->16216 16206 7ff726e2061f 16207 7ff726e14ee8 _fread_nolock 11 API calls 16206->16207 16209 7ff726e20624 16207->16209 16208->16195 16210 7ff726e206e9 16208->16210 16212 7ff726e14f08 _get_daylight 11 API calls 16209->16212 16213 7ff726e17bd8 13 API calls 16210->16213 16211 7ff726e0c550 _log10_special 8 API calls 16214 7ff726e20731 16211->16214 16212->16201 16213->16216 16214->16165 16217 7ff726e17c4c 14 API calls 16215->16217 16216->16211 16218 7ff726e206a7 16217->16218 16218->16216 16219 7ff726e17d24 37 API calls 16218->16219 16219->16216 16221 7ff726e20786 16220->16221 16222 7ff726e20756 16220->16222 16223 7ff726e20791 GetDriveTypeW 16221->16223 16225 7ff726e20771 16221->16225 16224 7ff726e14ee8 _fread_nolock 11 API calls 16222->16224 16223->16225 16226 7ff726e2075b 16224->16226 16227 7ff726e0c550 _log10_special 8 API calls 16225->16227 16228 7ff726e14f08 _get_daylight 11 API calls 16226->16228 16229 7ff726e2061b 16227->16229 16230 7ff726e20766 16228->16230 16229->16203 16229->16206 16231 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16230->16231 16231->16225 16246 7ff726e2a4d0 16232->16246 16234 7ff726e1f5ee GetCurrentDirectoryW 16235 7ff726e1f62c 16234->16235 16236 7ff726e1f605 16234->16236 16237 7ff726e1eb98 _get_daylight 11 API calls 16235->16237 16238 7ff726e0c550 _log10_special 8 API calls 16236->16238 16239 7ff726e1f63b 16237->16239 16240 7ff726e1f699 16238->16240 16241 7ff726e1f654 16239->16241 16242 7ff726e1f645 GetCurrentDirectoryW 16239->16242 16240->16203 16243 7ff726e14f08 _get_daylight 11 API calls 16241->16243 16242->16241 16244 7ff726e1f659 16242->16244 16243->16244 16245 7ff726e1a948 __free_lconv_mon 11 API calls 16244->16245 16245->16236 16247 7ff726e2a4c0 16246->16247 16247->16234 16247->16247 16249 7ff726e1f755 16248->16249 16250 7ff726e1f731 16248->16250 16253 7ff726e1f78f 16249->16253 16254 7ff726e1f7ae 16249->16254 16250->16249 16251 7ff726e1f736 16250->16251 16252 7ff726e14f08 _get_daylight 11 API calls 16251->16252 16255 7ff726e1f73b 16252->16255 16256 7ff726e14f08 _get_daylight 11 API calls 16253->16256 16265 7ff726e14f4c 16254->16265 16258 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16255->16258 16259 7ff726e1f794 16256->16259 16260 7ff726e1f746 16258->16260 16261 7ff726e1a8e0 _invalid_parameter_noinfo 37 API calls 16259->16261 16260->16010 16262 7ff726e1f79f 16261->16262 16262->16010 16263 7ff726e1f7bb 16263->16262 16264 7ff726e204dc 51 API calls 16263->16264 16264->16263 16266 7ff726e14f70 16265->16266 16267 7ff726e14f6b 16265->16267 16266->16267 16273 7ff726e1b150 GetLastError 16266->16273 16267->16263 16274 7ff726e1b191 FlsSetValue 16273->16274 16275 7ff726e1b174 FlsGetValue 16273->16275 16277 7ff726e1b1a3 16274->16277 16293 7ff726e1b181 16274->16293 16276 7ff726e1b18b 16275->16276 16275->16293 16276->16274 16279 7ff726e1eb98 _get_daylight 11 API calls 16277->16279 16278 7ff726e1b1fd SetLastError 16280 7ff726e14f8b 16278->16280 16281 7ff726e1b21d 16278->16281 16282 7ff726e1b1b2 16279->16282 16295 7ff726e1d984 16280->16295 16303 7ff726e1a504 16281->16303 16284 7ff726e1b1d0 FlsSetValue 16282->16284 16285 7ff726e1b1c0 FlsSetValue 16282->16285 16288 7ff726e1b1dc FlsSetValue 16284->16288 16289 7ff726e1b1ee 16284->16289 16287 7ff726e1b1c9 16285->16287 16291 7ff726e1a948 __free_lconv_mon 11 API calls 16287->16291 16288->16287 16290 7ff726e1aef4 _get_daylight 11 API calls 16289->16290 16292 7ff726e1b1f6 16290->16292 16291->16293 16294 7ff726e1a948 __free_lconv_mon 11 API calls 16292->16294 16293->16278 16294->16278 16296 7ff726e1d999 16295->16296 16297 7ff726e14fae 16295->16297 16296->16297 16347 7ff726e23304 16296->16347 16299 7ff726e1d9f0 16297->16299 16300 7ff726e1da18 16299->16300 16301 7ff726e1da05 16299->16301 16300->16267 16301->16300 16360 7ff726e22650 16301->16360 16312 7ff726e23650 16303->16312 16338 7ff726e23608 16312->16338 16343 7ff726e202d8 EnterCriticalSection 16338->16343 16348 7ff726e1b150 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16347->16348 16349 7ff726e23313 16348->16349 16350 7ff726e2335e 16349->16350 16359 7ff726e202d8 EnterCriticalSection 16349->16359 16350->16297 16361 7ff726e1b150 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16360->16361 16362 7ff726e22659 16361->16362 20231 7ff726e216b0 20242 7ff726e273e4 20231->20242 20243 7ff726e273f1 20242->20243 20244 7ff726e1a948 __free_lconv_mon 11 API calls 20243->20244 20245 7ff726e2740d 20243->20245 20244->20243 20246 7ff726e1a948 __free_lconv_mon 11 API calls 20245->20246 20247 7ff726e216b9 20245->20247 20246->20245 20248 7ff726e202d8 EnterCriticalSection 20247->20248 19370 7ff726e1c520 19381 7ff726e202d8 EnterCriticalSection 19370->19381

                                                                                  Executed Functions

                                                                                  Function 00007FF726E01000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 7ff726e01000-7ff726e03806 call 7ff726e0fe18 call 7ff726e0fe20 call 7ff726e0c850 call 7ff726e153f0 call 7ff726e15484 call 7ff726e036b0 14 7ff726e03814-7ff726e03836 call 7ff726e01950 0->14 15 7ff726e03808-7ff726e0380f 0->15 20 7ff726e0383c-7ff726e03856 call 7ff726e01c80 14->20 21 7ff726e0391b-7ff726e03931 call 7ff726e045c0 14->21 16 7ff726e03c97-7ff726e03cb2 call 7ff726e0c550 15->16 25 7ff726e0385b-7ff726e0389b call 7ff726e08830 20->25 28 7ff726e03933-7ff726e03960 call 7ff726e07f90 21->28 29 7ff726e0396a-7ff726e0397f call 7ff726e02710 21->29 34 7ff726e038c1-7ff726e038cc call 7ff726e14f30 25->34 35 7ff726e0389d-7ff726e038a3 25->35 41 7ff726e03984-7ff726e039a6 call 7ff726e01c80 28->41 42 7ff726e03962-7ff726e03965 call 7ff726e1004c 28->42 37 7ff726e03c8f 29->37 49 7ff726e038d2-7ff726e038e1 call 7ff726e08830 34->49 50 7ff726e039fc-7ff726e03a2a call 7ff726e08940 call 7ff726e089a0 * 3 34->50 38 7ff726e038a5-7ff726e038ad 35->38 39 7ff726e038af-7ff726e038bd call 7ff726e089a0 35->39 37->16 38->39 39->34 52 7ff726e039b0-7ff726e039b9 41->52 42->29 57 7ff726e039f4-7ff726e039f7 call 7ff726e14f30 49->57 58 7ff726e038e7-7ff726e038ed 49->58 76 7ff726e03a2f-7ff726e03a3e call 7ff726e08830 50->76 52->52 56 7ff726e039bb-7ff726e039d8 call 7ff726e01950 52->56 56->25 68 7ff726e039de-7ff726e039ef call 7ff726e02710 56->68 57->50 61 7ff726e038f0-7ff726e038fc 58->61 65 7ff726e03905-7ff726e03908 61->65 66 7ff726e038fe-7ff726e03903 61->66 65->57 69 7ff726e0390e-7ff726e03916 call 7ff726e14f30 65->69 66->61 66->65 68->37 69->76 79 7ff726e03b45-7ff726e03b53 76->79 80 7ff726e03a44-7ff726e03a47 76->80 81 7ff726e03b59-7ff726e03b5d 79->81 82 7ff726e03a67 79->82 80->79 83 7ff726e03a4d-7ff726e03a50 80->83 84 7ff726e03a6b-7ff726e03a90 call 7ff726e14f30 81->84 82->84 85 7ff726e03a56-7ff726e03a5a 83->85 86 7ff726e03b14-7ff726e03b17 83->86 94 7ff726e03a92-7ff726e03aa6 call 7ff726e08940 84->94 95 7ff726e03aab-7ff726e03ac0 84->95 85->86 88 7ff726e03a60 85->88 89 7ff726e03b2f-7ff726e03b40 call 7ff726e02710 86->89 90 7ff726e03b19-7ff726e03b1d 86->90 88->82 98 7ff726e03c7f-7ff726e03c87 89->98 90->89 93 7ff726e03b1f-7ff726e03b2a 90->93 93->84 94->95 99 7ff726e03ac6-7ff726e03aca 95->99 100 7ff726e03be8-7ff726e03bfa call 7ff726e08830 95->100 98->37 102 7ff726e03ad0-7ff726e03ae8 call 7ff726e15250 99->102 103 7ff726e03bcd-7ff726e03be2 call 7ff726e01940 99->103 108 7ff726e03c2e 100->108 109 7ff726e03bfc-7ff726e03c02 100->109 113 7ff726e03b62-7ff726e03b7a call 7ff726e15250 102->113 114 7ff726e03aea-7ff726e03b02 call 7ff726e15250 102->114 103->99 103->100 115 7ff726e03c31-7ff726e03c40 call 7ff726e14f30 108->115 111 7ff726e03c04-7ff726e03c1c 109->111 112 7ff726e03c1e-7ff726e03c2c 109->112 111->115 112->115 122 7ff726e03b7c-7ff726e03b80 113->122 123 7ff726e03b87-7ff726e03b9f call 7ff726e15250 113->123 114->103 124 7ff726e03b08-7ff726e03b0f 114->124 125 7ff726e03c46-7ff726e03c4a 115->125 126 7ff726e03d41-7ff726e03d63 call 7ff726e044e0 115->126 122->123 139 7ff726e03ba1-7ff726e03ba5 123->139 140 7ff726e03bac-7ff726e03bc4 call 7ff726e15250 123->140 124->103 129 7ff726e03cd4-7ff726e03ce6 call 7ff726e08830 125->129 130 7ff726e03c50-7ff726e03c5f call 7ff726e090e0 125->130 137 7ff726e03d65-7ff726e03d6f call 7ff726e04630 126->137 138 7ff726e03d71-7ff726e03d82 call 7ff726e01c80 126->138 143 7ff726e03d35-7ff726e03d3c 129->143 144 7ff726e03ce8-7ff726e03ceb 129->144 141 7ff726e03cb3-7ff726e03cbd call 7ff726e08660 130->141 142 7ff726e03c61 130->142 151 7ff726e03d87-7ff726e03d96 137->151 138->151 139->140 140->103 154 7ff726e03bc6 140->154 164 7ff726e03cbf-7ff726e03cc6 141->164 165 7ff726e03cc8-7ff726e03ccf 141->165 148 7ff726e03c68 call 7ff726e02710 142->148 143->148 144->143 149 7ff726e03ced-7ff726e03d10 call 7ff726e01c80 144->149 160 7ff726e03c6d-7ff726e03c77 148->160 166 7ff726e03d12-7ff726e03d26 call 7ff726e02710 call 7ff726e14f30 149->166 167 7ff726e03d2b-7ff726e03d33 call 7ff726e14f30 149->167 157 7ff726e03dbc-7ff726e03dd2 call 7ff726e09390 151->157 158 7ff726e03d98-7ff726e03d9f 151->158 154->103 172 7ff726e03dd4 157->172 173 7ff726e03de0-7ff726e03dfc SetDllDirectoryW 157->173 158->157 162 7ff726e03da1-7ff726e03da5 158->162 160->98 162->157 168 7ff726e03da7-7ff726e03db6 LoadLibraryExW 162->168 164->148 165->151 166->160 167->151 168->157 172->173 174 7ff726e03e02-7ff726e03e11 call 7ff726e08830 173->174 175 7ff726e03ef9-7ff726e03f00 173->175 188 7ff726e03e13-7ff726e03e19 174->188 189 7ff726e03e2a-7ff726e03e34 call 7ff726e14f30 174->189 180 7ff726e03f06-7ff726e03f0d 175->180 181 7ff726e04000-7ff726e04008 175->181 180->181 186 7ff726e03f13-7ff726e03f1d call 7ff726e033c0 180->186 182 7ff726e0402d-7ff726e04042 call 7ff726e036a0 call 7ff726e03360 call 7ff726e03670 181->182 183 7ff726e0400a-7ff726e04027 PostMessageW GetMessageW 181->183 209 7ff726e04047-7ff726e0405f call 7ff726e06fc0 call 7ff726e06d70 182->209 183->182 186->160 196 7ff726e03f23-7ff726e03f37 call 7ff726e090c0 186->196 193 7ff726e03e25-7ff726e03e27 188->193 194 7ff726e03e1b-7ff726e03e23 188->194 201 7ff726e03eea-7ff726e03ef4 call 7ff726e08940 189->201 202 7ff726e03e3a-7ff726e03e40 189->202 193->189 194->193 207 7ff726e03f5c-7ff726e03f9f call 7ff726e08940 call 7ff726e089e0 call 7ff726e06fc0 call 7ff726e06d70 call 7ff726e088e0 196->207 208 7ff726e03f39-7ff726e03f56 PostMessageW GetMessageW 196->208 201->175 202->201 206 7ff726e03e46-7ff726e03e4c 202->206 210 7ff726e03e4e-7ff726e03e50 206->210 211 7ff726e03e57-7ff726e03e59 206->211 248 7ff726e03fa1-7ff726e03fb7 call 7ff726e08ed0 call 7ff726e088e0 207->248 249 7ff726e03fed-7ff726e03ffb call 7ff726e01900 207->249 208->207 212 7ff726e03e5f-7ff726e03e7b call 7ff726e06dc0 call 7ff726e07340 210->212 215 7ff726e03e52 210->215 211->175 211->212 227 7ff726e03e86-7ff726e03e8d 212->227 228 7ff726e03e7d-7ff726e03e84 212->228 215->175 231 7ff726e03e8f-7ff726e03e9c call 7ff726e06e00 227->231 232 7ff726e03ea7-7ff726e03eb1 call 7ff726e071b0 227->232 230 7ff726e03ed3-7ff726e03ee8 call 7ff726e02a50 call 7ff726e06fc0 call 7ff726e06d70 228->230 230->175 231->232 243 7ff726e03e9e-7ff726e03ea5 231->243 244 7ff726e03eb3-7ff726e03eba 232->244 245 7ff726e03ebc-7ff726e03eca call 7ff726e074f0 232->245 243->230 244->230 245->175 255 7ff726e03ecc 245->255 248->249 261 7ff726e03fb9-7ff726e03fce 248->261 249->160 255->230 262 7ff726e03fd0-7ff726e03fe3 call 7ff726e02710 call 7ff726e01900 261->262 263 7ff726e03fe8 call 7ff726e02a50 261->263 262->160 263->249
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastModuleName
                                                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                  • API String ID: 2776309574-4232158417
                                                                                  • Opcode ID: b5ceb5b3e51986f255ddba2ad990e8dc75569a57b07797df16117ed6fd5ba839
                                                                                  • Instruction ID: 36ace8a8618e099710f8a54f217c590f9a5a4fc13b9795f6e23a2ec0b953fd28
                                                                                  • Opcode Fuzzy Hash: b5ceb5b3e51986f255ddba2ad990e8dc75569a57b07797df16117ed6fd5ba839
                                                                                  • Instruction Fuzzy Hash: 49326961E0CA8391FA19BB219C543BBA2A2FF54784FC44037DA5D572C6EF2CE559CB20
                                                                                  Function 00007FF726E26964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 467 7ff726e26964-7ff726e269d7 call 7ff726e26698 470 7ff726e269d9-7ff726e269e2 call 7ff726e14ee8 467->470 471 7ff726e269f1-7ff726e269fb call 7ff726e18520 467->471 478 7ff726e269e5-7ff726e269ec call 7ff726e14f08 470->478 476 7ff726e269fd-7ff726e26a14 call 7ff726e14ee8 call 7ff726e14f08 471->476 477 7ff726e26a16-7ff726e26a7f CreateFileW 471->477 476->478 480 7ff726e26afc-7ff726e26b07 GetFileType 477->480 481 7ff726e26a81-7ff726e26a87 477->481 489 7ff726e26d32-7ff726e26d52 478->489 483 7ff726e26b5a-7ff726e26b61 480->483 484 7ff726e26b09-7ff726e26b44 GetLastError call 7ff726e14e7c CloseHandle 480->484 486 7ff726e26ac9-7ff726e26af7 GetLastError call 7ff726e14e7c 481->486 487 7ff726e26a89-7ff726e26a8d 481->487 492 7ff726e26b69-7ff726e26b6c 483->492 493 7ff726e26b63-7ff726e26b67 483->493 484->478 501 7ff726e26b4a-7ff726e26b55 call 7ff726e14f08 484->501 486->478 487->486 494 7ff726e26a8f-7ff726e26ac7 CreateFileW 487->494 498 7ff726e26b72-7ff726e26bc7 call 7ff726e18438 492->498 499 7ff726e26b6e 492->499 493->498 494->480 494->486 506 7ff726e26bc9-7ff726e26bd5 call 7ff726e268a0 498->506 507 7ff726e26be6-7ff726e26c17 call 7ff726e26418 498->507 499->498 501->478 506->507 512 7ff726e26bd7 506->512 513 7ff726e26c19-7ff726e26c1b 507->513 514 7ff726e26c1d-7ff726e26c5f 507->514 515 7ff726e26bd9-7ff726e26be1 call 7ff726e1aac0 512->515 513->515 516 7ff726e26c81-7ff726e26c8c 514->516 517 7ff726e26c61-7ff726e26c65 514->517 515->489 520 7ff726e26d30 516->520 521 7ff726e26c92-7ff726e26c96 516->521 517->516 519 7ff726e26c67-7ff726e26c7c 517->519 519->516 520->489 521->520 523 7ff726e26c9c-7ff726e26ce1 CloseHandle CreateFileW 521->523 524 7ff726e26ce3-7ff726e26d11 GetLastError call 7ff726e14e7c call 7ff726e18660 523->524 525 7ff726e26d16-7ff726e26d2b 523->525 524->525 525->520
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                  • String ID:
                                                                                  • API String ID: 1617910340-0
                                                                                  • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                  • Instruction ID: d94d13ed960abd6dd14c3491b78fb4c6b468c923bbfe3c44ff672fe62494b810
                                                                                  • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                  • Instruction Fuzzy Hash: F8C1E272F24A4186EB10EF64CC806AE7762FB49B98B91533ADE1E57394CF38D451CB10
                                                                                  Function 00007FF726E09280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Find$CloseFileFirst
                                                                                  • String ID:
                                                                                  • API String ID: 2295610775-0
                                                                                  • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                  • Instruction ID: b0b17fe3371bf06a47cbcc4231106e2ff3b1792dabb739556ce8c2a2ca4a1df2
                                                                                  • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                  • Instruction Fuzzy Hash: 27F0A422E1874286F760AF60BC98767B350FB94728F841236D96D126D4DF3CD0588E00
                                                                                  Function 00007FF726E01950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 269 7ff726e01950-7ff726e0198b call 7ff726e045c0 272 7ff726e01991-7ff726e019d1 call 7ff726e07f90 269->272 273 7ff726e01c4e-7ff726e01c72 call 7ff726e0c550 269->273 278 7ff726e01c3b-7ff726e01c3e call 7ff726e1004c 272->278 279 7ff726e019d7-7ff726e019e7 call 7ff726e106d4 272->279 282 7ff726e01c43-7ff726e01c4b 278->282 284 7ff726e019e9-7ff726e01a03 call 7ff726e14f08 call 7ff726e02910 279->284 285 7ff726e01a08-7ff726e01a24 call 7ff726e1039c 279->285 282->273 284->278 291 7ff726e01a26-7ff726e01a40 call 7ff726e14f08 call 7ff726e02910 285->291 292 7ff726e01a45-7ff726e01a5a call 7ff726e14f28 285->292 291->278 299 7ff726e01a5c-7ff726e01a76 call 7ff726e14f08 call 7ff726e02910 292->299 300 7ff726e01a7b-7ff726e01afc call 7ff726e01c80 * 2 call 7ff726e106d4 292->300 299->278 311 7ff726e01b01-7ff726e01b14 call 7ff726e14f44 300->311 314 7ff726e01b16-7ff726e01b30 call 7ff726e14f08 call 7ff726e02910 311->314 315 7ff726e01b35-7ff726e01b4e call 7ff726e1039c 311->315 314->278 321 7ff726e01b50-7ff726e01b6a call 7ff726e14f08 call 7ff726e02910 315->321 322 7ff726e01b6f-7ff726e01b8b call 7ff726e10110 315->322 321->278 329 7ff726e01b9e-7ff726e01bac 322->329 330 7ff726e01b8d-7ff726e01b99 call 7ff726e02710 322->330 329->278 331 7ff726e01bb2-7ff726e01bb9 329->331 330->278 334 7ff726e01bc1-7ff726e01bc7 331->334 336 7ff726e01be0-7ff726e01bef 334->336 337 7ff726e01bc9-7ff726e01bd6 334->337 336->336 338 7ff726e01bf1-7ff726e01bfa 336->338 337->338 339 7ff726e01c0f 338->339 340 7ff726e01bfc-7ff726e01bff 338->340 342 7ff726e01c11-7ff726e01c24 339->342 340->339 341 7ff726e01c01-7ff726e01c04 340->341 341->339 343 7ff726e01c06-7ff726e01c09 341->343 344 7ff726e01c26 342->344 345 7ff726e01c2d-7ff726e01c39 342->345 343->339 346 7ff726e01c0b-7ff726e01c0d 343->346 344->345 345->278 345->334 346->342
                                                                                  APIs
                                                                                    • Part of subcall function 00007FF726E07F90: _fread_nolock.LIBCMT ref: 00007FF726E0803A
                                                                                  • _fread_nolock.LIBCMT ref: 00007FF726E01A1B
                                                                                    • Part of subcall function 00007FF726E02910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF726E01B6A), ref: 00007FF726E0295E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _fread_nolock$CurrentProcess
                                                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                  • API String ID: 2397952137-3497178890
                                                                                  • Opcode ID: edeea4deaacd26f081a033de8f256ad3e01499b500db60c4349dc7ecf6e83c21
                                                                                  • Instruction ID: a2ee23256ed109afe47e5df1fe58f8861e3c0d0d1fae9f5d6ed8b0facd1eded0
                                                                                  • Opcode Fuzzy Hash: edeea4deaacd26f081a033de8f256ad3e01499b500db60c4349dc7ecf6e83c21
                                                                                  • Instruction Fuzzy Hash: EA817F71E0868686EB24FB649C813FAA3A1FF48744F844437E98D5B785DE3CE5858F60
                                                                                  Function 00007FF726E01470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                  • API String ID: 2050909247-3659356012
                                                                                  • Opcode ID: 251fe817d369cc5895862318d403d596f792720dea3bd258d8892b548507e56a
                                                                                  • Instruction ID: 932e32977ad1560d2bf195ff85d61b361bd9124f07d38262bc0fa5a8051b63e0
                                                                                  • Opcode Fuzzy Hash: 251fe817d369cc5895862318d403d596f792720dea3bd258d8892b548507e56a
                                                                                  • Instruction Fuzzy Hash: BA417B65E0868286EA10FB619C406FBE391FF44798FC44533ED4D2BB95DE3CE9429B20
                                                                                  Function 00007FF726E01210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 530 7ff726e01210-7ff726e0126d call 7ff726e0bd80 533 7ff726e0126f-7ff726e01296 call 7ff726e02710 530->533 534 7ff726e01297-7ff726e012af call 7ff726e14f44 530->534 539 7ff726e012d4-7ff726e012e4 call 7ff726e14f44 534->539 540 7ff726e012b1-7ff726e012cf call 7ff726e14f08 call 7ff726e02910 534->540 545 7ff726e012e6-7ff726e01304 call 7ff726e14f08 call 7ff726e02910 539->545 546 7ff726e01309-7ff726e0131b 539->546 551 7ff726e01439-7ff726e0146d call 7ff726e0ba60 call 7ff726e14f30 * 2 540->551 545->551 549 7ff726e01320-7ff726e01345 call 7ff726e1039c 546->549 559 7ff726e01431 549->559 560 7ff726e0134b-7ff726e01355 call 7ff726e10110 549->560 559->551 560->559 566 7ff726e0135b-7ff726e01367 560->566 567 7ff726e01370-7ff726e01398 call 7ff726e0a1c0 566->567 571 7ff726e01416-7ff726e0142c call 7ff726e02710 567->571 572 7ff726e0139a-7ff726e0139d 567->572 571->559 573 7ff726e01411 572->573 574 7ff726e0139f-7ff726e013a9 572->574 573->571 576 7ff726e013d4-7ff726e013d7 574->576 577 7ff726e013ab-7ff726e013b9 call 7ff726e10adc 574->577 579 7ff726e013ea-7ff726e013ef 576->579 580 7ff726e013d9-7ff726e013e7 call 7ff726e29e30 576->580 582 7ff726e013be-7ff726e013c1 577->582 579->567 581 7ff726e013f5-7ff726e013f8 579->581 580->579 584 7ff726e0140c-7ff726e0140f 581->584 585 7ff726e013fa-7ff726e013fd 581->585 586 7ff726e013c3-7ff726e013cd call 7ff726e10110 582->586 587 7ff726e013cf-7ff726e013d2 582->587 584->559 585->571 589 7ff726e013ff-7ff726e01407 585->589 586->579 586->587 587->571 589->549
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                  • API String ID: 2050909247-2813020118
                                                                                  • Opcode ID: ab383ac4b995131bdd40696453c0f16ebeee9cffe796343d9728e2385cbc1d23
                                                                                  • Instruction ID: 1b19fcf196fc501c288b0508cf55877df0a2a6a6a2fb9ac346450e5444591c51
                                                                                  • Opcode Fuzzy Hash: ab383ac4b995131bdd40696453c0f16ebeee9cffe796343d9728e2385cbc1d23
                                                                                  • Instruction Fuzzy Hash: 7751B362E0864285E620BB51AC403BBA291FF85798FD44136ED4D5B7D5EE3CE946CB20
                                                                                  Function 00007FF726E1ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF726E1F0AA,?,?,-00000018,00007FF726E1AD53,?,?,?,00007FF726E1AC4A,?,?,?,00007FF726E15F3E), ref: 00007FF726E1EE8C
                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF726E1F0AA,?,?,-00000018,00007FF726E1AD53,?,?,?,00007FF726E1AC4A,?,?,?,00007FF726E15F3E), ref: 00007FF726E1EE98
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressFreeLibraryProc
                                                                                  • String ID: api-ms-$ext-ms-
                                                                                  • API String ID: 3013587201-537541572
                                                                                  • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                  • Instruction ID: 4a060e5bcca6f9fdda834813f8d5d10fdc2ffbd7d29c37137e74d26c94755a70
                                                                                  • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                  • Instruction Fuzzy Hash: 4F4115A1F19A0281EA16FB169C00677A392FF48B90FC8557BED1D47384EF7CE9059B60
                                                                                  Function 00007FF726E036B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF726E03804), ref: 00007FF726E036E1
                                                                                  • GetLastError.KERNEL32(?,00007FF726E03804), ref: 00007FF726E036EB
                                                                                    • Part of subcall function 00007FF726E02C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF726E03706,?,00007FF726E03804), ref: 00007FF726E02C9E
                                                                                    • Part of subcall function 00007FF726E02C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF726E03706,?,00007FF726E03804), ref: 00007FF726E02D63
                                                                                    • Part of subcall function 00007FF726E02C50: MessageBoxW.USER32 ref: 00007FF726E02D99
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                  • API String ID: 3187769757-2863816727
                                                                                  • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                  • Instruction ID: 68164ce241a62c7ca7796b2a94a15c0a95d6055516e2f467f8967299e3831548
                                                                                  • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                  • Instruction Fuzzy Hash: DD216B61F1C64281FA60BB20EC543BBA252FF98744FC40137E65D925D5EE2CE505CB60
                                                                                  Function 00007FF726E1BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 717 7ff726e1ba5c-7ff726e1ba82 718 7ff726e1ba9d-7ff726e1baa1 717->718 719 7ff726e1ba84-7ff726e1ba98 call 7ff726e14ee8 call 7ff726e14f08 717->719 721 7ff726e1be77-7ff726e1be83 call 7ff726e14ee8 call 7ff726e14f08 718->721 722 7ff726e1baa7-7ff726e1baae 718->722 733 7ff726e1be8e 719->733 741 7ff726e1be89 call 7ff726e1a8e0 721->741 722->721 724 7ff726e1bab4-7ff726e1bae2 722->724 724->721 727 7ff726e1bae8-7ff726e1baef 724->727 730 7ff726e1bb08-7ff726e1bb0b 727->730 731 7ff726e1baf1-7ff726e1bb03 call 7ff726e14ee8 call 7ff726e14f08 727->731 736 7ff726e1bb11-7ff726e1bb17 730->736 737 7ff726e1be73-7ff726e1be75 730->737 731->741 739 7ff726e1be91-7ff726e1bea8 733->739 736->737 738 7ff726e1bb1d-7ff726e1bb20 736->738 737->739 738->731 742 7ff726e1bb22-7ff726e1bb47 738->742 741->733 745 7ff726e1bb7a-7ff726e1bb81 742->745 746 7ff726e1bb49-7ff726e1bb4b 742->746 750 7ff726e1bb83-7ff726e1bb8f call 7ff726e1d5fc 745->750 751 7ff726e1bb56-7ff726e1bb6d call 7ff726e14ee8 call 7ff726e14f08 call 7ff726e1a8e0 745->751 748 7ff726e1bb4d-7ff726e1bb54 746->748 749 7ff726e1bb72-7ff726e1bb78 746->749 748->749 748->751 753 7ff726e1bbf8-7ff726e1bc0f 749->753 758 7ff726e1bb94-7ff726e1bbab call 7ff726e1a948 * 2 750->758 782 7ff726e1bd00 751->782 756 7ff726e1bc8a-7ff726e1bc94 call 7ff726e2391c 753->756 757 7ff726e1bc11-7ff726e1bc19 753->757 770 7ff726e1bc9a-7ff726e1bcaf 756->770 771 7ff726e1bd1e 756->771 757->756 762 7ff726e1bc1b-7ff726e1bc1d 757->762 778 7ff726e1bbc8-7ff726e1bbf3 call 7ff726e1c284 758->778 779 7ff726e1bbad-7ff726e1bbc3 call 7ff726e14f08 call 7ff726e14ee8 758->779 762->756 766 7ff726e1bc1f-7ff726e1bc35 762->766 766->756 767 7ff726e1bc37-7ff726e1bc43 766->767 767->756 772 7ff726e1bc45-7ff726e1bc47 767->772 770->771 776 7ff726e1bcb1-7ff726e1bcc3 GetConsoleMode 770->776 774 7ff726e1bd23-7ff726e1bd43 ReadFile 771->774 772->756 777 7ff726e1bc49-7ff726e1bc61 772->777 780 7ff726e1bd49-7ff726e1bd51 774->780 781 7ff726e1be3d-7ff726e1be46 GetLastError 774->781 776->771 783 7ff726e1bcc5-7ff726e1bccd 776->783 777->756 785 7ff726e1bc63-7ff726e1bc6f 777->785 778->753 779->782 780->781 787 7ff726e1bd57 780->787 790 7ff726e1be48-7ff726e1be5e call 7ff726e14f08 call 7ff726e14ee8 781->790 791 7ff726e1be63-7ff726e1be66 781->791 784 7ff726e1bd03-7ff726e1bd0d call 7ff726e1a948 782->784 783->774 789 7ff726e1bccf-7ff726e1bcf1 ReadConsoleW 783->789 784->739 785->756 794 7ff726e1bc71-7ff726e1bc73 785->794 798 7ff726e1bd5e-7ff726e1bd73 787->798 800 7ff726e1bd12-7ff726e1bd1c 789->800 801 7ff726e1bcf3 GetLastError 789->801 790->782 795 7ff726e1bcf9-7ff726e1bcfb call 7ff726e14e7c 791->795 796 7ff726e1be6c-7ff726e1be6e 791->796 794->756 804 7ff726e1bc75-7ff726e1bc85 794->804 795->782 796->784 798->784 806 7ff726e1bd75-7ff726e1bd80 798->806 800->798 801->795 804->756 810 7ff726e1bda7-7ff726e1bdaf 806->810 811 7ff726e1bd82-7ff726e1bd9b call 7ff726e1b674 806->811 814 7ff726e1be2b-7ff726e1be38 call 7ff726e1b4b4 810->814 815 7ff726e1bdb1-7ff726e1bdc3 810->815 819 7ff726e1bda0-7ff726e1bda2 811->819 814->819 816 7ff726e1be1e-7ff726e1be26 815->816 817 7ff726e1bdc5 815->817 816->784 820 7ff726e1bdca-7ff726e1bdd1 817->820 819->784 822 7ff726e1be0d-7ff726e1be18 820->822 823 7ff726e1bdd3-7ff726e1bdd7 820->823 822->816 824 7ff726e1bdd9-7ff726e1bde0 823->824 825 7ff726e1bdf3 823->825 824->825 826 7ff726e1bde2-7ff726e1bde6 824->826 827 7ff726e1bdf9-7ff726e1be09 825->827 826->825 828 7ff726e1bde8-7ff726e1bdf1 826->828 827->820 829 7ff726e1be0b 827->829 828->827 829->816
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                  • Instruction ID: 9629393d9c752dff4b18062bf588b1fdab8b2a3d0e220d4b640f5af247e551d7
                                                                                  • Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                  • Instruction Fuzzy Hash: 94C1E7A2D0C68681E661AB199C402BFB751FF81B80FD561F6EA4D07791CE7CEC459F20
                                                                                  Function 00007FF726E06360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                  • API String ID: 2050909247-2434346643
                                                                                  • Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                  • Instruction ID: 80a876b34ccec4baabf6a84f3f9605b164fd5d8cab21900d383ccb8a3c3562ba
                                                                                  • Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                  • Instruction Fuzzy Hash: 42418D61E18A86D1EA21FB20EC542EBA352FF54744FD00137EA5C57295EF3CE509CBA0
                                                                                  Function 00007FF726E15628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 1279662727-0
                                                                                  • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                  • Instruction ID: bbafdf9971a38efc557424901c729331536942c42ac85d81a4254db1f80aa50b
                                                                                  • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                  • Instruction Fuzzy Hash: 8241BAA2D2878183E710AB20DD1037AB360FF95364F50A376E65C03AD5DF7CA5E09B50
                                                                                  Function 00007FF726E0CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                  • String ID:
                                                                                  • API String ID: 3251591375-0
                                                                                  • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                  • Instruction ID: 40ac276e2242cd3a1c96f64dc7cb1396792fc61815f6820ccc917f2121b47100
                                                                                  • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                  • Instruction Fuzzy Hash: CC313A20E4814285EA14BB649C513BB9282FF51B48FC4507BD94D6B2D7DE3DA809CE61
                                                                                  Function 00007FF726E19A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 1703294689-0
                                                                                  • Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                  • Instruction ID: 9288879c25e6fff5d7788ccad788270fad683567a9f1fafd8810ff04d83cea21
                                                                                  • Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                  • Instruction Fuzzy Hash: FCD06750F0870A43FA143B705C5907AA257BF58B05B9424BED81A06393DD2CA88D5B20
                                                                                  Function 00007FF726E1013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                  • Instruction ID: 43dc5f1c2ee7a8dd2b4377e91cb5f36b5e91e82b87ba34fbf385362a6ba6be7d
                                                                                  • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                  • Instruction Fuzzy Hash: 5051FBA1F092C186E724BA259C0467BE281FF44BA8F9467F6DD6D137C5CE3CD841AA20
                                                                                  Function 00007FF726E1C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastPointer
                                                                                  • String ID:
                                                                                  • API String ID: 2976181284-0
                                                                                  • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                  • Instruction ID: a8287df2d603bd193b38dbef249b7e969af258d66cc62add1925aa6a96ad73df
                                                                                  • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                  • Instruction Fuzzy Hash: 5A1104A1F08A8181DA20AB25AC0416AE362FB41FF4F945372EE7D4B7D9CE7CD4049B00
                                                                                  Function 00007FF726E1AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF726E1A9D5,?,?,00000000,00007FF726E1AA8A), ref: 00007FF726E1ABC6
                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF726E1A9D5,?,?,00000000,00007FF726E1AA8A), ref: 00007FF726E1ABD0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseErrorHandleLast
                                                                                  • String ID:
                                                                                  • API String ID: 918212764-0
                                                                                  • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                  • Instruction ID: 0de3076f10f8449e1da08b48392eade2e7a5f6d7a298c9e86728ba3db2c1277c
                                                                                  • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                  • Instruction Fuzzy Hash: 6721F990F1868641FA5077A59C8037B9282FF84794F8452FBD92E477C5CE6CAC406B30
                                                                                  Function 00007FF726E1BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                  • Instruction ID: d1d1d4f373dea06efb5762c0034cf853843f92d445d892fa52d36b639060e515
                                                                                  • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                  • Instruction Fuzzy Hash: CF41C672D1824587EA34AB1DAD4027AF3A1FB59740F9021B2D69E436D1CF2CE902EF70
                                                                                  Function 00007FF726E07F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _fread_nolock
                                                                                  • String ID:
                                                                                  • API String ID: 840049012-0
                                                                                  • Opcode ID: 0748e9379ee1a24a6dd361f3a2547f707c71d81643cc4b02aa9d5a9a64da41ab
                                                                                  • Instruction ID: 972517df00f85c65429cdc3cfa79d3cb5b12a48eb23e90c7d828527ec932c1a6
                                                                                  • Opcode Fuzzy Hash: 0748e9379ee1a24a6dd361f3a2547f707c71d81643cc4b02aa9d5a9a64da41ab
                                                                                  • Instruction Fuzzy Hash: 5C217A21F1D69286FE10BA226C043BBD641FB45BD4FC85472EE5927786EE7DE442CA10
                                                                                  Function 00007FF726E1B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                  • Instruction ID: 8a8685ead39aedf2e09e839129f319dee2261838b324c447e609629881baa409
                                                                                  • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                  • Instruction Fuzzy Hash: 333172A2E1860185E611BB698C4137EA690FF54B90FD121F7E91D073D2CF7CAC42AB31
                                                                                  Function 00007FF726E19961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                  • String ID:
                                                                                  • API String ID: 3947729631-0
                                                                                  • Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                  • Instruction ID: 62b71489d0559a5f35972562e653bd68a9f7556f42c1f90fca4609b4a5b46410
                                                                                  • Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                  • Instruction Fuzzy Hash: E8218DB2E047858AEB25AF64CC902AD73A0FB14718F8416B7D76D07AC5DF38D984DB60
                                                                                  Function 00007FF726E15F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                  • Instruction ID: ba1bf88e83a66fa295633ddd4a06e86997c45f6c0738b6b8662f5e8d04cee3d6
                                                                                  • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                  • Instruction Fuzzy Hash: 57111DA1E1864181EA61BF119C0027FE264FF85B84F9464F3EA4C57A96CF3DE9416B60
                                                                                  Function 00007FF726E26354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                  • Instruction ID: 56d1052907e24e9622fd640ffdefb250233e3956691a3c36563d0b84467a0c17
                                                                                  • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                  • Instruction Fuzzy Hash: 822160B2A18A4187DB61AF18DC4037AB7A2FB84B54FA44339EA5D476D9DF3CD8118F10
                                                                                  Function 00007FF726E103BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                  • Instruction ID: 0738d132a70f1c90187b1174a023faa8d6f218b68d781bf90cb34d482407582e
                                                                                  • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                  • Instruction Fuzzy Hash: B901A5A1E0878581E504EF529D4016AE691FF95FE0F8856F2DE6C27BD6CE3CE8129B10
                                                                                  Function 00007FF726E08E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00007FF726E09390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF726E045F4,00000000,00007FF726E01985), ref: 00007FF726E093C9
                                                                                  • LoadLibraryExW.KERNELBASE(?,00007FF726E06476,?,00007FF726E0336E), ref: 00007FF726E08EA2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharLibraryLoadMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 2592636585-0
                                                                                  • Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                  • Instruction ID: b185932adaab3693ba68c448b8f2d2e9ad255daafbbbbda1b78680f1231c6bc2
                                                                                  • Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                  • Instruction Fuzzy Hash: 3DD08C01F2424582EA48B767BE46A2A9252EF8DBC0F98A036EE1D03B4AEC3CC0414F00
                                                                                  Function 00007FF726E08E60 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: FreeLibrary
                                                                                  • String ID:
                                                                                  • API String ID: 3664257935-0
                                                                                  • Opcode ID: 5a0b104966fc665656d7528ae90519590a02b5024a25b7ba9502a227bc27a1ca
                                                                                  • Instruction ID: 2c908477a8f72c40e6482239e772ee353fa75b5dd0b37a05bcc829666fbafe92
                                                                                  • Opcode Fuzzy Hash: 5a0b104966fc665656d7528ae90519590a02b5024a25b7ba9502a227bc27a1ca
                                                                                  • Instruction Fuzzy Hash: 56B01220FE540B82A90437758C4A4301151A764702FD00221C006C0190CD0C20DE4A10
                                                                                  Function 00007FF726E1D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF726E10C90,?,?,?,00007FF726E122FA,?,?,?,?,?,00007FF726E13AE9), ref: 00007FF726E1D63A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocHeap
                                                                                  • String ID:
                                                                                  • API String ID: 4292702814-0
                                                                                  • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                  • Instruction ID: 14cb95705bc29185a271f207b8b36d740ca67fb73e79bf10cde530a4ac685926
                                                                                  • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                  • Instruction Fuzzy Hash: 25F0FE90F2924A45FE5577715C4167BA291FF847A0F8827F6DD2E462C1DE2CA880AD70

                                                                                  Non-executed Functions

                                                                                  Function 00007FF726E089E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                  • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                  • API String ID: 3832162212-3165540532
                                                                                  • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                  • Instruction ID: 56140732dd04518c015a7d1226bcb9f96f425fcabec3390561e6e55cf2cd54cf
                                                                                  • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                  • Instruction Fuzzy Hash: 5AD16031E08A8286EB10AF74EC542ABB766FF84B58F80023BDA5D53A94DF3CD545CB10
                                                                                  Function 00007FF726E083C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNEL32(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E0842B
                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E084AE
                                                                                  • DeleteFileW.KERNEL32(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E084CD
                                                                                  • FindNextFileW.KERNEL32(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E084DB
                                                                                  • FindClose.KERNEL32(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E084EC
                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF726E08919,00007FF726E03F9D), ref: 00007FF726E084F5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                  • String ID: %s\*
                                                                                  • API String ID: 1057558799-766152087
                                                                                  • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                  • Instruction ID: 7c2a83fcedb87547829ed67f4f862d7e894d9407eb727fc0614df0344199e5b4
                                                                                  • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                  • Instruction Fuzzy Hash: CE416221E0CA4295EE20BB64EC541BBA365FB94754FC00237E6AD526D4EF3CE54ACF60
                                                                                  Function 00007FF726E0D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 3140674995-0
                                                                                  • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                  • Instruction ID: 024c16aa29db83ae4a435e589d347779f7b6ce9c82302ae4bfb050d13a7deeea
                                                                                  • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                  • Instruction Fuzzy Hash: 8F313372A08B8186EB60AF60EC403EE7365FB84748F44403ADA4D57B94DF3CD548CB10
                                                                                  Function 00007FF726E25C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25C45
                                                                                    • Part of subcall function 00007FF726E25598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E255AC
                                                                                    • Part of subcall function 00007FF726E1A948: HeapFree.KERNEL32(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A95E
                                                                                    • Part of subcall function 00007FF726E1A948: GetLastError.KERNEL32(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A968
                                                                                    • Part of subcall function 00007FF726E1A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF726E1A8DF,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1A909
                                                                                    • Part of subcall function 00007FF726E1A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF726E1A8DF,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1A92E
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25C34
                                                                                    • Part of subcall function 00007FF726E255F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E2560C
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25EAA
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25EBB
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25ECC
                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF726E2610C), ref: 00007FF726E25EF3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                  • String ID:
                                                                                  • API String ID: 4070488512-0
                                                                                  • Opcode ID: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                  • Instruction ID: db1fdf04776b7cf8e62869831e78f936c4cd88ee793f5bb2ae235ed3ea746b99
                                                                                  • Opcode Fuzzy Hash: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                  • Instruction Fuzzy Hash: 32D18F66E0824247E720BF269D611BBA753FF84B94FD4813BEA0D47695DF3CE8418B60
                                                                                  Function 00007FF726E1A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 1239891234-0
                                                                                  • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                  • Instruction ID: 8cd796e94a00b6fa3d76cca0f60ea5efe00bab367ad530e1776e3b9dd1e7f95c
                                                                                  • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                  • Instruction Fuzzy Hash: 53317176A18B8186DB20DB24EC402AFB3A5FB84758F90013AEA8D43B94DF3CD555CB10
                                                                                  Function 00007FF726E21874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 2227656907-0
                                                                                  • Opcode ID: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
                                                                                  • Instruction ID: 73501ae90ff64b4766b728bc5228e449208e5d97ffbd783de4dacb60bfee0198
                                                                                  • Opcode Fuzzy Hash: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
                                                                                  • Instruction Fuzzy Hash: 7EB1D762F1868242EA61AB259D101FBE363FB44BE4F84513BDB5D07B89DE3CE545CB20
                                                                                  Function 00007FF726E25E7C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25EAA
                                                                                    • Part of subcall function 00007FF726E255F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E2560C
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25EBB
                                                                                    • Part of subcall function 00007FF726E25598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E255AC
                                                                                  • _get_daylight.LIBCMT ref: 00007FF726E25ECC
                                                                                    • Part of subcall function 00007FF726E255C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E255DC
                                                                                    • Part of subcall function 00007FF726E1A948: HeapFree.KERNEL32(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A95E
                                                                                    • Part of subcall function 00007FF726E1A948: GetLastError.KERNEL32(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A968
                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF726E2610C), ref: 00007FF726E25EF3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                  • String ID:
                                                                                  • API String ID: 3458911817-0
                                                                                  • Opcode ID: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
                                                                                  • Instruction ID: 127faa7a849b335067fdcb9de3c5fe7c922eb9e32f11b2bea252dc1d52c9a47f
                                                                                  • Opcode Fuzzy Hash: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
                                                                                  • Instruction Fuzzy Hash: 92513922E0864287E720FF36AD915BBA762FB48784F94413BEA4D47695DF3CE4418F60
                                                                                  Function 00007FF726E05830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E05840
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E05852
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E05889
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0589B
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E058B4
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E058C6
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E058DF
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E058F1
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0590D
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0591F
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0593B
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0594D
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E05969
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E0597B
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E05997
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E059A9
                                                                                  • GetProcAddress.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E059C5
                                                                                  • GetLastError.KERNEL32(?,00007FF726E064CF,?,00007FF726E0336E), ref: 00007FF726E059D7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressErrorLastProc
                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                  • API String ID: 199729137-653951865
                                                                                  • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                  • Instruction ID: 0dc8482947e8f70c12426881f5dd01e3ef6f667e73537ff9fcd02ca84971c222
                                                                                  • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                  • Instruction Fuzzy Hash: B722A264E19B07D2FA55BB65AD509B7A3A3FF04B49BD4503BC81E12260FF7CB1488A70
                                                                                  Function 00007FF726E076C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressErrorLastProc
                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                  • API String ID: 199729137-3427451314
                                                                                  • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                  • Instruction ID: 19cf3bd53e8533bb11022611ebb47da236f52a0b1758f171921a9abf02d9067e
                                                                                  • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                  • Instruction Fuzzy Hash: B7029524D19B07D2EE15BB65AD559BBA263FF04745BE4003BD92E122A0FF3CB549CA30
                                                                                  Function 00007FF726E081D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00007FF726E09390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF726E045F4,00000000,00007FF726E01985), ref: 00007FF726E093C9
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,00007FF726E086B7,?,?,00000000,00007FF726E03CBB), ref: 00007FF726E0822C
                                                                                    • Part of subcall function 00007FF726E02810: MessageBoxW.USER32 ref: 00007FF726E028EA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                  • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                  • API String ID: 1662231829-930877121
                                                                                  • Opcode ID: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
                                                                                  • Instruction ID: abadda9430dd74270878fac96b967fd6f83a0169573cb1b9567673aeabc6a74c
                                                                                  • Opcode Fuzzy Hash: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
                                                                                  • Instruction Fuzzy Hash: AF518121E28A8281FA50BB24EC556BFE292FF94780FC45437DA5E536D5EE3CE5048F60
                                                                                  Function 00007FF726E01600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                  • API String ID: 2050909247-1550345328
                                                                                  • Opcode ID: 62f8ae62dc2cd1b2553bf55b61dcb37608ffd677ec18c94af8f92e3b9e3734ee
                                                                                  • Instruction ID: e0e7d7f3c9a0ff60e1e6fa5b182ad113f6e29bbb7afe2575e775cd196d89ce12
                                                                                  • Opcode Fuzzy Hash: 62f8ae62dc2cd1b2553bf55b61dcb37608ffd677ec18c94af8f92e3b9e3734ee
                                                                                  • Instruction Fuzzy Hash: 5551AE61E0864782EA14BBA1AC402FBA392FF44798FC44537EE0C1B7D6DE3CE5559B20
                                                                                  Function 00007FF726E02180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                  • String ID: P%
                                                                                  • API String ID: 2147705588-2959514604
                                                                                  • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                  • Instruction ID: 269b0aab26e8bb2b7e15410f99ff4a62cdd6b6ad445ee29e20b5f8618534164d
                                                                                  • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                  • Instruction Fuzzy Hash: DA51F9269147A187D624AF35A8581BBB7A2F798B65F004126EBDE43694EF3CD045CB20
                                                                                  Function 00007FF726E080C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                  • String ID: Needs to remove its temporary files.
                                                                                  • API String ID: 3975851968-2863640275
                                                                                  • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                  • Instruction ID: 0bfa1609a62a38698c9f602ed5d3a79c6845f2e35a38511df60479a701fe61a2
                                                                                  • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                  • Instruction Fuzzy Hash: DE21A821F08A42C3EB417B79AC4417BA352FF84B94F984136DA3D433D4EE2CD5958A20
                                                                                  Function 00007FF726E16290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID: -$:$f$p$p
                                                                                  • API String ID: 3215553584-2013873522
                                                                                  • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                  • Instruction ID: a1748be9a82ae738f6af83dd9d9a0122cf39ebf6c48bb368f4ec524a0cfd1fc7
                                                                                  • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                  • Instruction Fuzzy Hash: C6126DE2E1824386FB207B149D542BBA791FB50750FE861F7D699466C4DB3CED80AF20
                                                                                  Function 00007FF726E10FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID: f$f$p$p$f
                                                                                  • API String ID: 3215553584-1325933183
                                                                                  • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                  • Instruction ID: c06cfc5d7e11b8eb7f03b1091a3519eb007a5944a6fe8813ccc1cf701bd5c1fe
                                                                                  • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                  • Instruction Fuzzy Hash: 701283A1E0C58386FB207A14EC442FBE695FB40754FC450B7D69A46AC8DB3CED81AF20
                                                                                  Function 00007FF726E01050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                  • API String ID: 2050909247-3659356012
                                                                                  • Opcode ID: 63105dd9b0abc5bb6326adaef99e22b64f7e20b167505bee03d4c2fa0d655620
                                                                                  • Instruction ID: 42fcbff4526794445048ec86ee3ff9a5e4a88eaede223f94fa2811c046e77666
                                                                                  • Opcode Fuzzy Hash: 63105dd9b0abc5bb6326adaef99e22b64f7e20b167505bee03d4c2fa0d655620
                                                                                  • Instruction Fuzzy Hash: B0419B61E0865286EA14FB62AC006BBE392FF54BC4FD44473ED4C2B786DE3CE5458B60
                                                                                  Function 00007FF726E08660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetTempPathW.KERNEL32(?,?,00000000,00007FF726E03CBB), ref: 00007FF726E08704
                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00007FF726E03CBB), ref: 00007FF726E0870A
                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00007FF726E03CBB), ref: 00007FF726E0874C
                                                                                    • Part of subcall function 00007FF726E08830: GetEnvironmentVariableW.KERNEL32(00007FF726E0388E), ref: 00007FF726E08867
                                                                                    • Part of subcall function 00007FF726E08830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF726E08889
                                                                                    • Part of subcall function 00007FF726E18238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E18251
                                                                                    • Part of subcall function 00007FF726E02810: MessageBoxW.USER32 ref: 00007FF726E028EA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                  • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                  • API String ID: 3563477958-1339014028
                                                                                  • Opcode ID: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
                                                                                  • Instruction ID: 7db25616f6551734e944dd4f7b3162c9e402bbbd185c74a5e9aa2a4c288f3d60
                                                                                  • Opcode Fuzzy Hash: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
                                                                                  • Instruction Fuzzy Hash: FB419E51E1964285EA14BB61AC552BB9292FF88780FD42133EE1D677DADE3CE805CE20
                                                                                  Function 00007FF726E0EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                  • String ID: csm$csm$csm
                                                                                  • API String ID: 849930591-393685449
                                                                                  • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                  • Instruction ID: adf9db8cfa22f4a5889a4dbb345996a857b87825d4e1b4b76eb490cb19209e99
                                                                                  • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                  • Instruction Fuzzy Hash: FDD17032E1874586EB20BB659C403AEB7A0FB45788F900136DE8D67799DF38E491CF91
                                                                                  Function 00007FF726E02C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF726E03706,?,00007FF726E03804), ref: 00007FF726E02C9E
                                                                                  • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF726E03706,?,00007FF726E03804), ref: 00007FF726E02D63
                                                                                  • MessageBoxW.USER32 ref: 00007FF726E02D99
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$CurrentFormatProcess
                                                                                  • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                  • API String ID: 3940978338-251083826
                                                                                  • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                  • Instruction ID: 65b9c03efdf3707f53f1827ff5268a5eca0d6c49802035fbd0ce71b1cb5dc53d
                                                                                  • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                  • Instruction Fuzzy Hash: 5631B772F0864146E620BB25BC506BBA692FF84B98F810137EF4D67759EE3CD546CB10
                                                                                  Function 00007FF726E0DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF726E0DF7A,?,?,?,00007FF726E0DC6C,?,?,?,00007FF726E0D869), ref: 00007FF726E0DD4D
                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF726E0DF7A,?,?,?,00007FF726E0DC6C,?,?,?,00007FF726E0D869), ref: 00007FF726E0DD5B
                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF726E0DF7A,?,?,?,00007FF726E0DC6C,?,?,?,00007FF726E0D869), ref: 00007FF726E0DD85
                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF726E0DF7A,?,?,?,00007FF726E0DC6C,?,?,?,00007FF726E0D869), ref: 00007FF726E0DDF3
                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF726E0DF7A,?,?,?,00007FF726E0DC6C,?,?,?,00007FF726E0D869), ref: 00007FF726E0DDFF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                  • String ID: api-ms-
                                                                                  • API String ID: 2559590344-2084034818
                                                                                  • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                  • Instruction ID: 5ea7b3ce122536ea458a9eb44df8f4655d02bccd571ad08555032a1602d7759b
                                                                                  • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                  • Instruction Fuzzy Hash: 1A318121F1A642D1EE12BB16AC006BAA395FF48BA4F994636DD1D573C0EF3DE4448F24
                                                                                  Function 00007FF726E02A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF726E0351A,?,00000000,00007FF726E03F1B), ref: 00007FF726E02AA0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                  • API String ID: 2050909247-2900015858
                                                                                  • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                  • Instruction ID: 0278d6b7f9427f231a5f5df7943398d20a22da08efdd7930889d7fc8276465e2
                                                                                  • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                  • Instruction Fuzzy Hash: 4A218172E18B8182E720AB61BC817E7A3A4FB88784F800137FE8C57659DF7CD5498A50
                                                                                  Function 00007FF726E08570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                  • String ID:
                                                                                  • API String ID: 995526605-0
                                                                                  • Opcode ID: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
                                                                                  • Instruction ID: 72cc69480d690b7562e905daede26b7805fda0ea0966b55e3a2267f312e1132f
                                                                                  • Opcode Fuzzy Hash: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
                                                                                  • Instruction Fuzzy Hash: A7217E31E1C64282EA10BB65BD4062BE3A2FF957A4F900236EA7D53BE4DE7CD4458F10
                                                                                  Function 00007FF726E1B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 2506987500-0
                                                                                  • Opcode ID: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                  • Instruction ID: 33236f479011e589eca06e2ea6f4ac81511cff76e20d417c24c666be5d8b0682
                                                                                  • Opcode Fuzzy Hash: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                  • Instruction Fuzzy Hash: F5216DA0F0C64281F55573295E5113BD182FF44BB0F8166FBD83E476C6DE2CAC44AB61
                                                                                  Function 00007FF726E27D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                  • String ID: CONOUT$
                                                                                  • API String ID: 3230265001-3130406586
                                                                                  • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                  • Instruction ID: 2f163a8748eb8fcd6c1175bed95c4a95e8240cfee5e01dc7cd35f050f4c1b10e
                                                                                  • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                  • Instruction Fuzzy Hash: 7D118421E18B4187E750AB12FC5533BA6A2FB88FE4F44023AE95D87794DF3CD8548B50
                                                                                  Function 00007FF726E08ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E08EFD
                                                                                  • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E08F5A
                                                                                    • Part of subcall function 00007FF726E09390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF726E045F4,00000000,00007FF726E01985), ref: 00007FF726E093C9
                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E08FE5
                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E09044
                                                                                  • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E09055
                                                                                  • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF726E03FA9), ref: 00007FF726E0906A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 3462794448-0
                                                                                  • Opcode ID: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
                                                                                  • Instruction ID: 012c211c319a263e19bb8369509e7124f32123ebb439956955c5ee967ed6f270
                                                                                  • Opcode Fuzzy Hash: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
                                                                                  • Instruction Fuzzy Hash: DD418261E1D68281EA30BF11AD002ABB395FB94B84F841136DF9D67789EE3CE505CB20
                                                                                  Function 00007FF726E090E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00007FF726E08570: GetCurrentProcess.KERNEL32 ref: 00007FF726E08590
                                                                                    • Part of subcall function 00007FF726E08570: OpenProcessToken.ADVAPI32 ref: 00007FF726E085A3
                                                                                    • Part of subcall function 00007FF726E08570: GetTokenInformation.ADVAPI32 ref: 00007FF726E085C8
                                                                                    • Part of subcall function 00007FF726E08570: GetLastError.KERNEL32 ref: 00007FF726E085D2
                                                                                    • Part of subcall function 00007FF726E08570: GetTokenInformation.ADVAPI32 ref: 00007FF726E08612
                                                                                    • Part of subcall function 00007FF726E08570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF726E0862E
                                                                                    • Part of subcall function 00007FF726E08570: CloseHandle.KERNEL32 ref: 00007FF726E08646
                                                                                  • LocalFree.KERNEL32(?,00007FF726E03C55), ref: 00007FF726E0916C
                                                                                  • LocalFree.KERNEL32(?,00007FF726E03C55), ref: 00007FF726E09175
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                  • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                  • API String ID: 6828938-1529539262
                                                                                  • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                  • Instruction ID: 537604919cf42d717cdd89e9b6987e67409268ac04255ebd7460d1a098b1eef4
                                                                                  • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                  • Instruction Fuzzy Hash: 1F211E21E0864282E610BB10ED153FBA2A5FF98780FD55037EA4D637D6DF3CD9458B60
                                                                                  Function 00007FF726E1B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B2D7
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B30D
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B33A
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B34B
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B35C
                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF726E14F11,?,?,?,?,00007FF726E1A48A,?,?,?,?,00007FF726E1718F), ref: 00007FF726E1B377
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 2506987500-0
                                                                                  • Opcode ID: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
                                                                                  • Instruction ID: f4f2179f677cb423135f0b8653cc2f54d1d79c033aa11eeaf21f86fd9f96b6ea
                                                                                  • Opcode Fuzzy Hash: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
                                                                                  • Instruction Fuzzy Hash: 2A118E60E0C64282F65473295E5413FD182FF44BB0F8062F6E83E466D6EE6CA852AB21
                                                                                  Function 00007FF726E02910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF726E01B6A), ref: 00007FF726E0295E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                  • API String ID: 2050909247-2962405886
                                                                                  • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                  • Instruction ID: 9651b421cf808c2cbd50e3c1aadde9a2caf244c9ed2ddd3f770f1cc028442ac7
                                                                                  • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                  • Instruction Fuzzy Hash: 5C31E462F1868156E710B765AC412F7A295FF887D8F800137FE8D97749EF3CD54A8A10
                                                                                  Function 00007FF726E02390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                  • String ID: Unhandled exception in script
                                                                                  • API String ID: 3081866767-2699770090
                                                                                  • Opcode ID: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                  • Instruction ID: 180f59931105b0c4113679885d2eb111cf5c8a64574cf677c51ce5e1ef321c60
                                                                                  • Opcode Fuzzy Hash: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                  • Instruction Fuzzy Hash: 6B316376E19A8189EB20FB21EC552FAA361FF88788F940136EA4D47B59DF3CD505CB10
                                                                                  Function 00007FF726E02B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF726E0918F,?,00007FF726E03C55), ref: 00007FF726E02BA0
                                                                                  • MessageBoxW.USER32 ref: 00007FF726E02C2A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentMessageProcess
                                                                                  • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                  • API String ID: 1672936522-3797743490
                                                                                  • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                  • Instruction ID: 1e0284d37ef7f1e78af234bd4a750611c70858c6eff62f888dc8d34aad653591
                                                                                  • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                  • Instruction Fuzzy Hash: 8D21A372B18B4182E710AB64FC847EBA3A5FB88784F800136EA8D57759DE3CE655CB50
                                                                                  Function 00007FF726E02710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF726E01B99), ref: 00007FF726E02760
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentProcess
                                                                                  • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                  • API String ID: 2050909247-1591803126
                                                                                  • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                  • Instruction ID: e3c1d214bd07d81565b57b3131bf34b35971dcfb2ecae344d3bcea2eb386e60a
                                                                                  • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                  • Instruction Fuzzy Hash: 04217F72A18B8182E720AB60BC817E7A2A4FB88784F800136FA8C57659DF7CD5498E50
                                                                                  Function 00007FF726E19A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                  • API String ID: 4061214504-1276376045
                                                                                  • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                  • Instruction ID: 31d05e96127251418cd8dea8d12e0f4e24eea3c210aceed51aca97cecb502e66
                                                                                  • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                  • Instruction Fuzzy Hash: 89F0C261F0870682EA10AB30EC8437BA321FF45764F94127AC66E461E4DF3CE488DB20
                                                                                  Function 00007FF726E29368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _set_statfp
                                                                                  • String ID:
                                                                                  • API String ID: 1156100317-0
                                                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                  • Instruction ID: c33add04543c93d454d3b4c1624cd61874398448a71977ecf9922b665b7d5e89
                                                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                  • Instruction Fuzzy Hash: 81118662D5CA0303F7543167EC9937B9053FF79360E84263EEA6E162D6CE6C68414920
                                                                                  Function 00007FF726E1B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF726E1A5A3,?,?,00000000,00007FF726E1A83E,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1B3AF
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E1A5A3,?,?,00000000,00007FF726E1A83E,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1B3CE
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E1A5A3,?,?,00000000,00007FF726E1A83E,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1B3F6
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E1A5A3,?,?,00000000,00007FF726E1A83E,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1B407
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF726E1A5A3,?,?,00000000,00007FF726E1A83E,?,?,?,?,?,00007FF726E1A7CA), ref: 00007FF726E1B418
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID:
                                                                                  • API String ID: 3702945584-0
                                                                                  • Opcode ID: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                  • Instruction ID: 47899c634d090e2fc5aa2080a33d5298befa8eee318428e937ff0f5bcdf8f8b6
                                                                                  • Opcode Fuzzy Hash: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                  • Instruction Fuzzy Hash: 901172A0E0864241F954B3296D5117BD181FF447B0FC8A3F7E83D466D6ED2CEC52AA21
                                                                                  Function 00007FF726E1B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID:
                                                                                  • API String ID: 3702945584-0
                                                                                  • Opcode ID: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
                                                                                  • Instruction ID: a6ac6d68f5fdaff97d1382a9e3f39cf1df7ee89fd9b4019f5cf38fd7a5dc643c
                                                                                  • Opcode Fuzzy Hash: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
                                                                                  • Instruction Fuzzy Hash: 3311F5A0E0820681F96873695D5117B9182EF46730FC867F6E93E4A6D2ED2CBC44BA71
                                                                                  Function 00007FF726E15FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID: verbose
                                                                                  • API String ID: 3215553584-579935070
                                                                                  • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                  • Instruction ID: c9ccd55b595e5f86eae9b4b339bb1e5d93560c99b0b78a64fed98df783bb0319
                                                                                  • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                  • Instruction Fuzzy Hash: F091B0E2E0864681E721AA24DC5037EB791FB40B54FE451B7DA5D473D6DE3CEC05AB20
                                                                                  Function 00007FF726E1FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                  • API String ID: 3215553584-1196891531
                                                                                  • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                  • Instruction ID: 96a4fe6874fa09b9846a36db79f293d94639bd252a644b3f23a6c4828d04915d
                                                                                  • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                  • Instruction Fuzzy Hash: 3681A1B2D0864385E7647E258D0037AA6E0FB51B44FD560F7CA0A87285CB2DED41BFA3
                                                                                  Function 00007FF726E0D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                  • String ID: csm
                                                                                  • API String ID: 2395640692-1018135373
                                                                                  • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                  • Instruction ID: 2c797e367ecf31b387510b7d15a47bd578b72a6400599c282ff8190c019461a4
                                                                                  • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                  • Instruction Fuzzy Hash: A751B032E196028ADB14BB15EC44A7EB391FB44B98F948136EA4D577C8DF7EE841CB10
                                                                                  Function 00007FF726E0EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallEncodePointerTranslator
                                                                                  • String ID: MOC$RCC
                                                                                  • API String ID: 3544855599-2084237596
                                                                                  • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                  • Instruction ID: 2c6cd0a00de8746617920acd04047823eb7e548f9976eafec7c19e35b6673dd8
                                                                                  • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                  • Instruction Fuzzy Hash: 29617F72D08B8585DB60AB15EC403AAB7A0FB85794F444236EB9C13B9ADF7CD194CB10
                                                                                  Function 00007FF726E0F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                  • String ID: csm$csm
                                                                                  • API String ID: 3896166516-3733052814
                                                                                  • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                  • Instruction ID: 3e24dfd7810ec51d99b39d67a2a8db589b939954f0c27c7bd7d3803ed691a54f
                                                                                  • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                  • Instruction Fuzzy Hash: F7519D32E0838286EB74BA219D4426AB7A0FB54B94F944137DE4C63B85CF3CE461CB12
                                                                                  Function 00007FF726E07E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNEL32(00000000,?,00007FF726E0352C,?,00000000,00007FF726E03F1B), ref: 00007FF726E07F32
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateDirectory
                                                                                  • String ID: %.*s$%s%c$\
                                                                                  • API String ID: 4241100979-1685191245
                                                                                  • Opcode ID: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
                                                                                  • Instruction ID: ade9d731081c1ab58fe5eee759b9f5241d154fe7417828bc4d0fd9b7463e5d7d
                                                                                  • Opcode Fuzzy Hash: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
                                                                                  • Instruction Fuzzy Hash: 0531C721E19AC185EA21BB20EC513EBA255FB84BE0F800232EA6D577C9DE3CD6458F10
                                                                                  Function 00007FF726E02810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message
                                                                                  • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                  • API String ID: 2030045667-255084403
                                                                                  • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                  • Instruction ID: aa3fe2637024f8e72ce92a0e08cecb57ffee9fb5f89551cb0038cef75a19aae0
                                                                                  • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                  • Instruction Fuzzy Hash: A821A372B18B4182E710AB64FC447EBA3A5FB88784F800136EA8D57755DE3CE655CB50
                                                                                  Function 00007FF726E1C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                  • String ID:
                                                                                  • API String ID: 2718003287-0
                                                                                  • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                  • Instruction ID: 20309db69ae8213046661cca97ca330f702100162197c1b3f063370d11bfa13a
                                                                                  • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                  • Instruction Fuzzy Hash: 9CD115B2F18A818AE710DF65CC402AD77B1FB54B98B8051B6DE4E97B89DE3CD406DB10
                                                                                  Function 00007FF726E1CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF726E1CF4B), ref: 00007FF726E1D07C
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF726E1CF4B), ref: 00007FF726E1D107
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ConsoleErrorLastMode
                                                                                  • String ID:
                                                                                  • API String ID: 953036326-0
                                                                                  • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                  • Instruction ID: 7296433d05337163b4ffe008764e0b78e6b9c5d30b7219a072e78d4fdba28294
                                                                                  • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                  • Instruction Fuzzy Hash: 1091E5A2F0865185F750AF259C402BEA7A1FB44B88F9451BBDE0E536C4DF3CD846EB20
                                                                                  Function 00007FF726E1F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _get_daylight$_isindst
                                                                                  • String ID:
                                                                                  • API String ID: 4170891091-0
                                                                                  • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                  • Instruction ID: e813c19e4d954cca172086d8bbb3441e1170c930b944bc696b46ab9308e5ca31
                                                                                  • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                  • Instruction Fuzzy Hash: 5A514BB2F0411186FB14EF649D656BEA7A1FF04368F9012B6DD1D52AD8DF3CA802CB50
                                                                                  Function 00007FF726E1577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                  • String ID:
                                                                                  • API String ID: 2780335769-0
                                                                                  • Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                  • Instruction ID: 8a1cc8fb389ee65cf0d3232cda94a3b744c57ca60c48f80d931569e707d537c0
                                                                                  • Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                  • Instruction Fuzzy Hash: A5519EA2E186418AFB10EF71DC503BEB7A1FB48B58F946476DE0D57688DF38D8409B20
                                                                                  Function 00007FF726E020C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                  • String ID:
                                                                                  • API String ID: 1956198572-0
                                                                                  • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                  • Instruction ID: f884b9b365a2ce43f31d3d38a59263a405a4c174eaae18b6fb26808562cdf8c2
                                                                                  • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                  • Instruction Fuzzy Hash: 1011A931F1C14246F654B769EDC42BB92D3FF88784FC48036DB4917B99DD2DE4958A10
                                                                                  Function 00007FF726E0D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                  • String ID:
                                                                                  • API String ID: 2933794660-0
                                                                                  • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                  • Instruction ID: 87ca064fa7e925a2fcdd04d8bab378bd088df1403049b9f14041a04e4a7c7868
                                                                                  • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                  • Instruction Fuzzy Hash: 64111F22B14B058AEB00AB70EC542BA73A4F759758F440E36DA5D467A4EF78D1548B50
                                                                                  Function 00007FF726E25B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                  • String ID: ?
                                                                                  • API String ID: 1286766494-1684325040
                                                                                  • Opcode ID: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                  • Instruction ID: aea14c26675ba7772e2b8073da9a0119a1c8d394b14f9550fc961c2e50a3d157
                                                                                  • Opcode Fuzzy Hash: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                  • Instruction Fuzzy Hash: B241EA12E1828247F764A7259E5137BE753FB80BA4F94423AEE5D06AD9DF3CD4418F10
                                                                                  Function 00007FF726E19014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF726E19046
                                                                                    • Part of subcall function 00007FF726E1A948: HeapFree.KERNEL32(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A95E
                                                                                    • Part of subcall function 00007FF726E1A948: GetLastError.KERNEL32(?,?,?,00007FF726E22D22,?,?,?,00007FF726E22D5F,?,?,00000000,00007FF726E23225,?,?,?,00007FF726E23157), ref: 00007FF726E1A968
                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF726E0CBA5), ref: 00007FF726E19064
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                  • String ID: C:\Users\user\Desktop\ITC590-Script 2 V1-2024.exe
                                                                                  • API String ID: 3580290477-1549054123
                                                                                  • Opcode ID: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
                                                                                  • Instruction ID: 5052dc7bc0c7c56dbf6e33484a20e856bc0cc74183edba6ecc3eef2280bc4084
                                                                                  • Opcode Fuzzy Hash: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
                                                                                  • Instruction Fuzzy Hash: 8041B172E0864286EB15BF25DC800BEA395FF447D0B9560B7E94D07B85DE3CE881DB20
                                                                                  Function 00007FF726E1CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastWrite
                                                                                  • String ID: U
                                                                                  • API String ID: 442123175-4171548499
                                                                                  • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                  • Instruction ID: 893b192a82f77d89c8a0ac5bf0d7aa14b521019cb984963dc22695daa2caa1bb
                                                                                  • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                  • Instruction Fuzzy Hash: 8241B672B18A41C6D720AF25EC443AAA761FB88B84F845136EE4D87794EF3CD841DF50
                                                                                  Function 00007FF726E1F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentDirectory
                                                                                  • String ID: :
                                                                                  • API String ID: 1611563598-336475711
                                                                                  • Opcode ID: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
                                                                                  • Instruction ID: c302ab16268f866a6fc66bb29e10f7e6025e1145568718d984c5811264838c54
                                                                                  • Opcode Fuzzy Hash: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
                                                                                  • Instruction Fuzzy Hash: 2421E5A2E1864581EB20AB15DC4426EB3E2FB84B44FC541BAD64D43294DF7CE9458FE1
                                                                                  Function 00007FF726E0FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                  • String ID: csm
                                                                                  • API String ID: 2573137834-1018135373
                                                                                  • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                  • Instruction ID: a0ec1a7c1c466825b88979c7318d5d08fe60470fec143dcd5847279cbc4e23ad
                                                                                  • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                  • Instruction Fuzzy Hash: C611FE32A18B8582EB619F25E84025AB7E5FB88B98F584235DF8D17754DF3CD5518F00
                                                                                  Function 00007FF726E2073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.1677634840.00007FF726E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726E00000, based on PE: true
                                                                                  • Associated: 00000001.00000002.1677618968.00007FF726E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677660487.00007FF726E2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677751913.00007FF726E41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.1677800557.00007FF726E44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_7ff726e00000_ITC590-Script 2 V1-2024.jbxd
                                                                                  Similarity
                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                  • String ID: :
                                                                                  • API String ID: 2595371189-336475711
                                                                                  • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                  • Instruction ID: 92282bdf63ada7944e97f2b22860aa059f6d236d8918709a8d10dbb22cc65e27
                                                                                  • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                  • Instruction Fuzzy Hash: 3C018F62D1824286F721BF609C6527FA3A2FF48744FC0103BD54D466D9EE3CE9049F24